Happy Pink Dot SG from the Proudflare team!
Pink Dot SG is an event which takes place every June in Singapore to celebrate LGBTQIA+ pride! Cloudflare participated this year, on June 21st. We’re a little late, but wanted to share what we got up to. Pink Dot SG started in 2009, as a way for queer people and…
Concise Christmas Cryptography Challenges 2019
Last year we published some crypto challenges to keep you momentarily occupied from the festivities. This year, we're doing the same. Whether you're bored or just want to learn a bit more about the technologies that encrypt the internet, feel free to give these short cryptography quizzes a go.We're withholding…
Improving HTML Time to First Byte
The Time to First Byte (TTFB) of a site is the time from when the user starts navigating until the HTML for the page they requested starts to arrive. A slow TTFB has been the bane of my existence for more than the ten years I have been running WebPageTest.…
The Internet Mince Pie Data Base: 2018 Edition
In December 2017 we unveiled the true potential of Cloudflare’s scale: to find the best commercially available mince pie and let the world know about it. In 2018 we’ve all been extremely busy helping Cloudflare & our customers and therefore we left it very late this year. Uncomfortably late. If…
Serial Swatter and Stalker Mir Islam Arrested for Allegedly Dumping Body in River
A 22-year-old man convicted of cyberstalking and carrying out numerous bomb threats and swatting attacks — including a 2013 swatting incident at my home — was arrested Sunday morning in the Philippines after allegedly helping his best friend dump the body of a housemate into a local river. Suspects Troy…
RSync the old is still new…
This is a special blogpost for us. We usually work on our research by ourselves and present it in the same way, but this time, this research was partially done in collaboration with the amazing team at Rapid7. You should also check out their counterpart report here: https://blog.rapid7.com/2018/12/21/rsunk-your-battleship-an-ocean-of-data-exposed-through-rsync/ What is…
How to Encrypt Your Notes, Photos & Archives with EncryptPad
For anyone wanting to keep information private, plain text is a format of the past. Instead, cheap, powerful encryption is widely available, but often not easy enough to use to attract widespread adoption. An exception to this rule is EncryptPad, an easy to use application that lets you encrypt text,…
How to Generate a Clickjacking Attack with Burp Suite to Steal User Clicks
Users are often the weakest link when probing for vulnerabilities, and it's no surprise they can be easily fooled. One way to do this is called clickjacking. This type of attack basically tricks the victim into clicking something they didn't mean to click, something under the attacker's control. Burp Suite…
How to Use SQL Injection to Run OS Commands & Get a Shell
One of the ultimate goals in hacking is the ability to obtain shells in order to run system commands and own a target or network. SQL injection is typically only associated with databases and their data, but it can actually be used as a vector to gain a command shell.…
Athenian Project Turns One: Are Election Websites Safer?
One year ago, Cloudflare launched the Athenian Project to provide free Enterprise-level service to election and voter registration websites run by state and local governments in the United States. Through this project, we have helped over 100 entities in 24 states protect their websites from denial of service attacks, SQL…
Encrypting DNS end-to-end
Over the past few months, we have been running a pilot with Facebook to test the feasibility of securing the connection between 1.1.1.1 and Facebook’s authoritative name servers. Traditionally, the connection between a resolver and an authoritative name server is unencrypted i.e. over UDP. In this pilot we tested how…
Firewall Rules – Priority and Ordering
Firewall Rules are one of the best security features we released this year and have been an overwhelming success. Customers have been using Firewall Rules to solve interesting security related use cases; for example, advanced hotlink protection, restricting access to embargoed content (e.g. productId=1234), locking down sensitive API endpoints, and…
Feds Charge Three in Mass Seizure of Attack-for-hire Services
Authorities in the United States this week brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different “booter” or “stresser” sites — attack-for-hire services that helped paying customers launch tens of thousands of digital sieges capable of knocking Web sites and entire network…
Android Pie à la mode: Security & Privacy
Posted by Vikrant Nanda and René Mayrhofer, Android Security & Privacy Team[Cross-posted from the Android Developers Blog]There is no better time to talk about Android dessert releases than the holidays because who doesn't love dessert? And what is one of our favorite desserts during the holiday season? Well, pie of…
Ten new data centers: Cloudflare expands global network to 165 cities
Cloudflare is excited to announce the addition of ten new data centers across the United States, Bahrain, Russia, Vietnam, Pakistan and France (Réunion). We're delighted to help improve the performance and security of over 12 million domains across these diverse countries that collectively represent about half a billion Internet users.…