Home / Companies / Cloudflare / Blog / September 2014

September 2014 Summaries

12 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Deployment of SSL certificates for 2 million websites by Cloudflare is taking longer than expected due to a high number of new sign-ups. The company now estimates the full deployment will be complete in approximately 48 hours from the announcement time (0700 UTC). During this provisioning process, users may encounter certificate mismatch errors when visiting their sites over HTTPS; however, these are normal and expected. To track progress, an updated alert is shown on login to Cloudflare, displaying enabled and pending sites. The company apologizes for the delay and aims to complete the process by Thursday, October 2 at 0700 UTC.
Sep 30, 2014 357 words in the original blog post.
On September 30, 2014, CloudFlare introduced Universal SSL, providing HTTPS support for all websites by default. This feature offers state-of-the-art encryption between browsers and CloudFlare's edge servers, ensuring web traffic privacy and security from tampering. Users can upgrade their site from Flexible SSL to Full or Strict SSL using three options: Option 1 involves creating a self-signed certificate for Full SSL mode; Option 2 entails obtaining a certificate from a trusted Certificate Authority (CA) for Strict SSL mode; and Option 3, currently in development, allows users to send their Certificate Signing Request (CSR) to CloudFlare for instantaneous certificate acquisition. This feature will provide encrypted and authenticated connections between the origin server and CloudFlare.
Sep 30, 2014 672 words in the original blog post.
The Shellshock bug was discovered in September 2014, causing a scramble to patch vulnerable versions of bash on computers, servers, routers, and other computing appliances. CloudFlare rolled out protection for its Pro, Business, and Enterprise customers through their Web Application Firewall (WAF), later extending it to Free plan customers as well. The Shellshock problem is an example of an arbitrary code execution (ACE) vulnerability that allows hackers to take control of another computer without requiring specialized knowledge. It has been exploited worldwide for various malicious activities, including reconnaissance, denial-of-service attacks, and taking direct control of servers.
Sep 30, 2014 2,240 words in the original blog post.
CloudFlare has announced the release of Universal SSL™, which will support SSL connections to every customer, including those using the free version of their service. The company began rolling out the feature across all its current customers and expects it to be complete for all by the end of the day. New customers who sign up for CloudFlare's free plan may have to wait up to 24 hours for Universal SSL to activate.
Sep 29, 2014 1,931 words in the original blog post.
On September 29, 2014, CloudFlare introduced automatic protection against the Shellshock bash vulnerability for all its paying customers through their WAF (Web Application Firewall). Following this, they received requests to extend this protection to all customers, including those on the Free plan. After assessing the actual Shellshock traffic and understanding the severity of the issue, CloudFlare developed a Basic ShellShock Protection that is now operational for every customer, regardless of their plan (Free, Pro, Business, or Enterprise). Paying customers still benefit from more complex Shellshock rules in the WAF. This ensures that all CloudFlare users are protected from common attack vectors related to Shellshock, while paying customers enjoy additional advanced protection.
Sep 29, 2014 152 words in the original blog post.
CloudFlare's Keyless SSL technology enables the company to provide its services without storing private SSL keys on edge servers. This enhances security for all customers, not just large enterprises, and allows for expansion of CloudFlare's global network. The current network consists of 28 data centers with high-security requirements. As the network expands, Keyless SSL ensures that customer data remains secure in various geopolitical environments. This technology is crucial for securing equipment in cell phone tower base stations and addressing technical challenges related to maintaining trust in potentially hostile environments.
Sep 28, 2014 768 words in the original blog post.
On September 27, 2014, Matthew Prince discussed how CloudFlare celebrated its fourth birthday by doing something nice for their team and customers. Two years prior, they had cake in the office and enabled free IPv6 support for all customers. This year, on Monday, September 29th, they planned to bring a bigger cake into the office as their team had grown substantially. They also intended to give something to their customers to help fix one of the Internet's most challenging problems. The announcement was expected to generate significant interest, and Prince encouraged people to sign up for CloudFlare or tweet them with their website domain to get ahead in the queue for the upcoming improvement. He emphasized that everyone who uses CloudFlare would be a part of the announcement, including free, Pro, Business, and Enterprise customers. The goal was to make the web safer and improve a large portion of the Internet.
Sep 27, 2014 457 words in the original blog post.
On September 24, 2014, a vulnerability was disclosed in the bash software, which is widely used on Linux servers, including those providing CloudFlare's services. This vulnerability allows remote code execution and poses a serious risk to Internet infrastructure. As soon as it became aware of this issue, CloudFlare patched its servers and encouraged users to upgrade their systems. Additionally, the company prepared Web Application Firewall (WAF) rules to protect customers who had not yet patched their own servers.
Sep 24, 2014 386 words in the original blog post.
Cloudflare has introduced a new technology called "Keyless SSL" that allows website owners to use its services while retaining control of their private encryption keys. The company developed the solution over two years, and it is now available for all customers with SSL enabled. Keyless SSL enables advanced session resumption techniques, making connections faster and more secure. It also supports multiple key servers for the same certificate, allowing for load balancing and high availability.
Sep 19, 2014 4,169 words in the original blog post.
In 2012, CloudFlare was approached by a major bank seeking assistance with DDoS attacks that were overwhelming their on-premise network hardware solutions. The challenge was to provide a cloud-based solution without compromising the security of SSL keys. After extensive research and development, CloudFlare introduced Keyless SSL™, which allows organizations to maintain control over their private SSL keys while leveraging the scalability and flexibility of the cloud. This innovative technology has been praised by security experts and financial institutions for enhancing security and trust in content delivery networks.
Sep 18, 2014 1,804 words in the original blog post.
At CloudFlare, the use of Go language is prevalent for various services and applications. One significant feature of Go is goroutines, which are low-cost, cooperatively scheduled threads used in tasks like timeouts, generators, and racing multiple backends against each other. To ensure that goroutines consume minimal memory while being easy to start with minimal configuration, the Go runtime manages stacks differently than traditional languages like C. In C, when a thread is started, the standard library allocates a block of memory for its stack and informs the kernel about it. However, if this block isn't enough, increasing the size across all threads can lead to wastage of memory. Deciding stack size per thread makes creating threads more complex. Go tackles this issue by dynamically providing goroutines with the stack space they need on demand, relieving programmers from making decisions about stack size. Initially, Go used segmented stacks where a new 8 KB section of memory was allocated for each goroutine's stack and expanded when needed through stack splitting. However, this approach had a flaw known as the hot split problem, which led to expensive stack shrinking operations. To address this issue, Go switched to stack copying, where a new segment with double the size is created and old segments are copied into it. This makes stack shrinking free and eliminates the need for any further action when the stack grows again. However, managing pointers within the stack during its movement poses a challenge that can be overcome by leveraging garbage collection information. The Go team is currently rewriting large parts of the runtime in Go to enable concurrent garbage collection in the future and improve stack management. Despite potential alternatives like allocating large sections of virtual memory, these come with their own set of challenges. Overall, a significant amount of effort has been invested into making goroutines efficient and suitable for most tasks.
Sep 15, 2014 1,643 words in the original blog post.
On September 1st, 2014, a blog post by Daniella Vallurupalli announced that CloudFlare had multiple presentations and panels at the South by Southwest (SXSW) Conference. The post provided details on how to vote for these sessions through SXSW's PanelPicker system. Topics covered in the presentations and panels included insights into founding a startup as a male-female team, ways to protect human rights online, understanding how the internet works, threats to freedom of speech on the internet, law enforcement strategies for startups, preventing cyber warfare, business development tactics, and maintaining a healthy engineering culture while growing sales. Voting ended on September 6th, with votes counting towards 30% of a session's acceptance into SXSW.
Sep 01, 2014 793 words in the original blog post.