WordPress users are becoming increasingly more aware of security threats and as a result they are taking more actions to secure their websites (e.g. by installing security plugins). While this is a good thing, there are always black hats trying to take an advantage of new opportunities to compromise websites. For example, we’re seeing a More Info »
Introducing Cloudflare Warp: Hide Behind The Edge
I work at a company whose job it is to be attacked. As I’m writing this, an automatic mitigation is fighting two ongoing DDoS attacks. Any machine that’s publicly routable on the internet today can be a vector for attack, and that’s a problem. Today we want to turn the tables and give you a More Info »
Down the Rabbit Hole: The Making of Cloudflare Warp
In the real world, tunnels are often carved out from the mass of something bigger – a hill, the ground, but also man-made structures. CC BY-SA 2.0 image by Matt Brown In an abstract sense Cloudflare Warp is similar; its connection strategy punches a hole through firewalls and NAT, and provides easy and secure passage More Info »
Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1
During regular research audits for our Sucuri Firewall (WAF), we discovered a source-based stored Cross-Site Scripting (XSS) vulnerability affecting WordPress 4.8.1. Are You at Risk? The vulnerability requires an account on the victim’s site with the Contributor role – or any account in a WordPress installation with bbPress plugin, as long as it has posting More Info »
Geo Key Manager: How It Works
Today we announced Geo Key Manager, a feature that gives customers unprecedented control over where their private keys are stored when uploaded to Cloudflare. This feature builds on a previous Cloudflare innovation called Keyless SSL and a novel cryptographic access control mechanism based on both identity-based encryption and broadcast encryption. In this post we’ll explain More Info »
Introducing the Cloudflare Geo Key Manager
Cloudflare’s customers recognize that they need to protect the confidentiality and integrity of communications with their web visitors. The widely accepted solution to this problem is to use the SSL/TLS protocol to establish an encrypted HTTPS session, over which secure requests can then be sent. Eavesdropping is protected against as only those who have access More Info »
The History of Email
This was adapted from a post which originally appeared on the Eager blog. Eager has now become the new Cloudflare Apps. QWERTYUIOP — Text of the first email ever sent, 1971 The ARPANET (a precursor to the Internet) was created “to help maintain U.S. technological superiority and guard against unforeseen technological advances by potential adversaries,” More Info »
A New API Binding: cloudflare-php
Back in May last year, one of my colleagues blogged about the introduction of our Python binding for the Cloudflare API and drew reference to our other bindings in Go and Node. Today we are complimenting this range by introducing a new official binding, this time in PHP. This binding is available via Packagist as More Info »
Hacked Websites Mine Cryptocurrencies
Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday in news now. Everyone seems to be trying to jump on this bandwagon. This trend resulted in emergence of online platforms that allow webmasters to install coin miners into their websites as an More Info »
Ecommerce Security: Fake Jquery Used as CC Scraper
In the last few months, we noticed an increase in attacks targeting ecommerce platforms aiming to steal credit card information. We saw a similar rise last year after the summer ended, and believe that trend will continue now that the holiday season is quickly approaching. Most of these attacks are based on intercepting the communication More Info »
