February 2018 Summaries
20 posts from Cloudflare
Filter
Month:
Year:
Post Summaries
Back to Blog
A new amplification attack vector using the memcached protocol has been discovered, causing a significant increase in DDoS attacks. The memcached UDP DDoS is capable of generating massive bandwidth due to its large response packets. Memcached servers are found worldwide, with higher concentrations in North America and Europe. To prevent further attacks, users should disable UDP support if not needed, system administrators should firewall memcached servers from the internet, and developers should avoid using UDP or enable it by default.
Feb 27, 2018
1,501 words in the original blog post.
Richard Boulton, an Engineering Manager at Cloudflare, shares his experience and objectives for his first week in the new role. His goals included meeting all team members, understanding their skills and motivations, writing down expectations from manager and team, reviewing job scope, learning about technologies used, being mentored by a team member, discussing diversity and inclusion, understanding management structure, spending time with senior leaders, playing with the product, and more. Boulton also sought advice on Twitter, which led to additional objectives such as articulating company vision, identifying non-technical stakeholders, understanding ongoing projects, emergencies, and communications policy.
Feb 26, 2018
847 words in the original blog post.
John Graham-Cumming has created a simple code that can check if a password exists in Troy Hunt's Pwned Password v2 service without sending the password to Troy. The code uses an API handled and cached by Cloudflare using a clever anonymity scheme. This code can be easily implemented in other languages such as JavaScript, allowing it to be incorporated into a Cloudflare Worker. A Worker is a piece of JavaScript that runs on Cloudflare's edge nodes around the world, transforming and enhancing requests and responses, building responses from multiple API calls, and interacting with the Cloudflare cache. The Worker code can be used to intercept a request passing through Cloudflare to a Cloudflare site, checking if the password is found in Troy Hunt's database, and adding an HTTP request header, Cf-Password-Pwned, with either the value YES or NO depending on whether the password being handled is found in the database or not. This could be used on a signup page to check whether the password a user is hoping to use has already been found in a leak.
Feb 26, 2018
694 words in the original blog post.
The text discusses the benefits of container technology, which allows developers to maintain consistent functionality across different platforms without needing to rewrite or update their applications for each new cloud provider. This enables users to avoid lock-in and run their applications on the most suitable cloud providers, potentially lowering costs. The author then explains how Kubernetes can be used with Cloudflare Load Balancer to distribute traffic intelligently among multiple clouds, providing a guide on deploying an application using Kubernetes on Google Cloud Platform (GCP) and Amazon Web Services (AWS) along with the Cloudflare Load Balancer.
Feb 23, 2018
212 words in the original blog post.
Cloudflare has deployed its 123rd data center in Kathmandu, Nepal, marking its 42nd data center in Asia. The mountainous nation of Nepal is home to Mount Everest and several other mountains above 8,000 meters. The country's flag is unique, featuring two triangles representing the Himalayas with a specific dimension that requires irrational numbers for calculation. Cloudflare is excited about this deployment as it coincides with their attendance at the APRICOT conference in Nepal. The company plans to continue expanding its network across various cities throughout 2018, focusing on regions like SAARC countries.
Feb 23, 2018
892 words in the original blog post.
In February 2018, Emily Wimmer, a paralegal turned tech industry worker at Cloudflare, shared her idea for an International Women's Day event with her father. Despite initial hesitation due to previous experiences of not being taken seriously or given opportunities in her career, she pitched the idea to her supervisor and executives at Cloudflare. The company fully supported the event, which aimed to celebrate women in technology and provide a platform for female influencers to share their experiences and accomplishments. The 1st Annual International Women's Day Event was held in collaboration with Branch, featuring a panel discussion with three female founders and opportunities for networking among women in tech.
Feb 22, 2018
607 words in the original blog post.
The text discusses the importance of authentication in both real life and online scenarios. It highlights that passwords are a common method for authentication but often stored insecurely or set weakly by users. Despite this, no viable alternative has been developed to replace password security. Cryptographic hashing is mentioned as a way to store passwords securely, with algorithms like Argon2, BCrypt, and PBKDF2 being used to prevent Rainbow Table attacks. However, salting alone is not enough to protect against modern GPUs that can crack passwords quickly. The text also discusses the problem of credential stuffing, where users reuse passwords across multiple sites, making it easier for attackers to gain access to important information. To fix this issue, three things need to be done: improving user decisions through good UX, enhancing developer education on security, and eliminating password reuse by blocking the use of commonly used or compromised passwords. The text also provides tips on how users can secure themselves, such as using a password manager and enabling two-factor authentication.
Feb 21, 2018
1,476 words in the original blog post.
On February 21, 2018, v2 of Pwned Passwords was released as part of the Have I Been Pwned service by Troy Hunt. This database contains over half a billion real-world leaked passwords and serves as an essential tool in combating modern threats against password security. To protect user information when using this tool, Cloudflare provides CDN and security functionality such that the data can easily be made available for download in raw form to organizations to protect their customers. Additionally, API endpoints have been designed and implemented to support anonymized range queries as an additional layer of security for those consuming the API. This contribution allows Pwned Passwords clients to use range queries to search for breached passwords without having to disclose a complete unsalted password hash to the service.
Feb 21, 2018
2,448 words in the original blog post.
Cloudflare has opened its newest data center in Phnom Penh, Cambodia, becoming their 122nd worldwide and 41st in Asia. This expansion will make over 7 million internet properties faster. With this addition, by the end of 2018, it is expected that 95% of the world's population will live in a country with a Cloudflare data center. Cambodia has approximately 16 million people and a growing number of internet users. The company plans to further optimize its routing for customers and expects to see a significant decrease in latency from local ISPs.
Feb 21, 2018
228 words in the original blog post.
The author explores the possibility of using Go as a scripting language on Linux systems. They discuss potential advantages such as ease of learning, non-privileged package management, and strong typing. However, they also highlight issues with using go run directly for executing scripts. To overcome these challenges, the author suggests extending the supported binary formats in Linux through the binfmt_misc module. By following specific steps, one can set up a custom gorun wrapper to interpret .go files and execute them as native Linux binaries. This allows for seamless execution of Go scripts with proper error handling and parameter passing.
Feb 20, 2018
1,584 words in the original blog post.
Cloudflare emphasizes the importance of account security and highlights that attackers often exploit weak credentials or credential theft to gain access. The company advises users to change their passwords promptly if they suspect unauthorized access, as reusing the same credentials across multiple sites can lead to account compromises even years after a breach has occurred. Malicious software such as browser extensions and phishing emails are also common methods used by attackers to steal sensitive data. Cloudflare stores user passwords using complex, salted hash algorithms and ensures that API keys are unique and stored in secure databases. The company is working on improving its API security with features like CAPTCHA protection for API keys and exploring options like scoped API keys and token types. Users can also take steps to enhance their account security by enabling two-factor authentication, regularly updating browser extensions, and being cautious when clicking links in emails.
Feb 16, 2018
2,182 words in the original blog post.
Google has announced that starting from July 2018, with the release of Chrome 68, web pages loaded without HTTPS will be marked as "not secure". This change is expected to affect more than half of web visitors. The primary motivation for this move by Google is to ensure a safe browsing experience which benefits their business model. Currently, the ratio of user interaction with secure origins to non-secure sits at 69.7%.
Feb 14, 2018
2,540 words in the original blog post.
On February 14th, 2018, Jade Q. Wang from Cloudflare expressed gratitude for non-profit and volunteer-run open source projects that support the Internet and improve the lives of developers. Cloudflare uses a lot of open source software and contributes to it as well. In 2018, they planned to provide free upgrades to eligible open source projects (subject to case-by-case evaluation) that provide engineering tools or resources to the developer community and are volunteer-run or working on a non-profit basis. They encouraged open source project users to reach out for this opportunity by sharing it with others in their network.
Feb 14, 2018
279 words in the original blog post.
Aliza Knox has joined Cloudflare as Head of Asia, aiming to grow the company's brand recognition in the region and expand its client reach by building teams and channel partners. With over 20 years of experience growing businesses across Asia, she is excited about working with a global business like Cloudflare that focuses on democratizing internet tools for all users. Knox appreciates Cloudflare's commitment to culture and diversity, as well as its Singapore office's significant contributions in building performance and security products. She looks forward to helping the company grow its presence over the next five years and encourages interested candidates to explore career opportunities at Cloudflare.
Feb 14, 2018
701 words in the original blog post.
Cloudflare has successfully defended itself against a patent troll, Blackbird Technologies, in the United States District Court for the Northern District of California. The court ruled that Blackbird's patent was too abstract to be considered patentable subject matter under Section 101 of the U.S. Patent Act. This means that not only can the case against Cloudflare not continue, but also that the patent is invalid and cannot be used by Blackbird in future lawsuits. The decision reinforces Cloudflare's stance on the behavior of patent trolls and their tactics.
Feb 13, 2018
477 words in the original blog post.
Lebanon, a historic country with influences from both East and West, has a unique internet connection system compared to most other countries. All connectivity to the outside world flows through a single network, Ogero. The Ministry of Telecommunications plans to improve connectivity by 2020, including deploying fiber optic cabling throughout the country. Internet penetration in Lebanon is around 75%, but speeds are low, typically in single-digit megabits per second. Deploying a local network in Beirut has reduced latency by approximately 50 milliseconds, making internet access faster and safer for users in Lebanon.
Feb 13, 2018
633 words in the original blog post.
The Domain Name System (DNS) tree has been using DNSSEC to protect the zone content since 2010, providing cryptographic signatures alongside DNS records that can be validated. The root zone is signed with a 2048 bit RSA “Trust Anchor” key, which is used to establish the Chain of trust in the public DNS at the moment. However, rolling the Key Signing Key (KSK) has never been attempted due to its potential impact on the internet's functioning. The KSK rollover process involves generating a new key and updating every part of DNS infrastructure that needs it, retiring the old one completely. This is considered a risky operation as if it goes wrong, it could leave the root zone signing invalid, meaning a large part of the internet would not trust any of the content, effectively knocking DNS offline for validating resolvers. The KSK rollover process has been postponed due to issues with some implementations failing to pick up the new Trust Anchor.
Feb 06, 2018
2,540 words in the original blog post.
In 2017, web performance products Mirage and Rocket Loader were optimized to be even faster, reducing the loading time of around 1.2 billion web pages per week. These updates have led to significant improvements in user engagement and lower bounce rates on websites using these services. The changes involved rewriting parts of the Cloudflare's asynchronous-module-definition (AMD) loader, removing unused code, and switching from AMD to Rollup for better performance.
Feb 02, 2018
1,847 words in the original blog post.
Cloudflare is visiting the University of Illinois at Urbana-Champaign and the University of Wisconsin–Madison to recruit software engineering students. The company will attend career fairs on February 7 and 8, as well as host tech talks at both universities. In addition to its Champaign office, Cloudflare has positions available in San Francisco, London, and Austin, TX.
Feb 01, 2018
332 words in the original blog post.
Cloudflare has opened its Workers Beta program, allowing users to run JavaScript code on the company's edge network across over 120 data centers worldwide in under 30 seconds. This service enables developers to modify requests made to their websites, make outbound requests, and replace much of what is typically configured for a CDN. Users can write Turing-complete scripts with Cloudflare Workers, which are only limited by the developer's imagination. The beta version is free, but fees may be introduced in the future.
Feb 01, 2018
315 words in the original blog post.