DDoS Packet Forensics: Take me to the hex!
January 06, 2015 11:10 PM
A few days ago, my colleague Marek sent an email about a DDoS attack against one of our DNS servers that we'd been blocking with our BPF rules....
Automatic protection for common web platforms
October 14, 2014 12:16 PM
If you are a CloudFlare Pro or above customer you enjoy the protection of the CloudFlare WAF. If you use one of the common web platforms, such as WordPress, Drupal, Plone, WHMCS, or Joomla, then it's worth checking if the relevant CloudFlare WAF ruleset is enabled....
Inside Shellshock: How hackers are using it to exploit systems
September 30, 2014 10:38 PM
On Wednesday of last week, details of the Shellshock bash bug emerged. This bug started a scramble to patch computers, servers, routers, firewalls, and other computing appliances using vulnerable versions of bash....
CloudFlare hiring Go programmers in London and San Francisco
August 19, 2014 4:32 AM
Are you familiar with the Go programming language and looking for a job in San Francisco or London? Then think about applying to CloudFlare. We're looking for people with experience writing Go in both locations....
Introducing the BPF Tools
July 03, 2014 3:00 PM
In a recent article I described the basic concepts behind the use of Berkeley Packet Filter (aka BSD Packet filter or BPF) bytecode for high performance packet filtering, and the xt_bpf iptables module....
MORE POSTS
June 13, 2014 5:40 AM
New .uk domains now supported
On the 10th of June, the UK domain registry Nominet made available second-level domain namespace to the public, allowing anyone to register a domain ending with simply .uk...
- By
June 12, 2014 1:30 PM
Naming Project Galileo
Earlier today, CloudFlare announced Project Galileo to protect free speech on the Web by using its sophisticated anti-DDoS resources. ...
- By
June 05, 2014 4:00 AM
New OpenSSL vulnerabilities: CloudFlare systems patched
The OpenSSL team announced seven vulnerabilities covering OpenSSL 0.9.8, 1.0.0, 1.0.1 and 1.0.2 (i.e. all versions) earlier today....
- By
April 17, 2014 10:00 AM
The Hidden Costs of Heartbleed
A quick followup to our last blog post on our decision to reissue and revoke all of CloudFlare's customers' SSL certificates. One question we've received is why we didn't just reissue and revoke all SSL certificates as soon as we got word about the Heartbleed vulnerability?...
- By
April 12, 2014 9:52 AM
Certificate Revocation and Heartbleed
As you may have noticed, the CloudFlare Heartbleed Challenge has been solved. The private key for the site cloudflarechallenge.com has been obtained by several authorized attackers via the Heartbleed exploit....
- By
April 11, 2014 7:00 PM
The Results of the CloudFlare Challenge
Earlier today we announced the Heartbleed Challenge. We set up a nginx server with a vulnerable version of OpenSSL and challenged the community to steal its private key....
- By
April 11, 2014 2:27 AM
Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed?
Below is what we thought as of 12:27pm UTC. To verify our belief we crowd sourced the investigation. It turns out we were wrong. While it takes effort, it is possible to extract private SSL keys....
- By
April 07, 2014 9:00 AM
Staying ahead of OpenSSL vulnerabilities
Today a new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160). We fixed this vulnerability last week before it was made public. ...
- By
April 03, 2014 12:34 AM
Introducing CNAME Flattening: RFC-Compliant CNAMEs at a Domain's Root
This post is about a new feature we've been quietly rolling out over the last few months. Last week we began enabling it for everyone by default. ...
- By
April 01, 2014 1:19 AM
The weird and wonderful world of DNS LOC records
A cornerstone of CloudFlare's infrastructure is our ability to serve DNS requests quickly and handle DNS attacks. To do both those things we wrote our own authoritative DNS server called RRDNS in Go. ...
- By
February 23, 2014 11:00 AM
Good News: Vulnerable NTP Servers Closing Down
On Monday, February 10th, CloudFlare experienced a large DDoS attack, with nearly 400Gbps of NTP attack traffic hitting our network. ...
- By
February 13, 2014 1:00 AM
Technical Details Behind a 400Gbps NTP Amplification DDoS Attack
On Monday we mitigated a large DDoS that targeted one of our customers. The attack peaked just shy of 400Gbps. We've seen a handful of other attacks at this scale, but this is the largest attack we've seen that uses NTP amplification....
- By
January 30, 2014 9:24 AM
CloudFlare DNS is simple, fast and flexible
Over the past few years, the CloudFlare blog has covered a great range of different topics, drilling down into the technology we use to both protect websites from attack, and optimise them so that they load faster for visitors....
- By
December 31, 2013 6:30 PM
2013: Rebuild the Engine; 2014: Step on the Gas
It's been a busy 2013 here at CloudFlare. By all external measures it was a terrific year. We grew page views, revenue and traffic across our network – all by more than 400%. We added terrific partners and high profile customers. ...
- By