Home / Companies / Cloudflare / Blog / June 2019

June 2019 Summaries

29 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Lesley Lurie shares her personal experience of the struggle for same-sex marriage rights and its impact on her family. In 2002, she and her wife had their first wedding ceremony which was not legally recognized in any state. After traveling across the US and South Africa, they got married again in San Francisco when the city temporarily legalized same-sex marriage. However, this too was annulled shortly after. They later adopted their son Joey due to lack of legal rights for non-married parents. In 2008, California Supreme Court declared same-sex marriage legal and they got married again, but faced tax complications as federal recognition was still lacking. The passage of Prop 8 in the same year led to a backlash against their family and other gay couples. However, allies stood up for them and helped defend their rights. Finally, on June 26, 2015, the U.S. Supreme Court ruled that same-sex marriage was a constitutional right, making their union recognized in every state. They have been together for 19 years and will celebrate their 17th wedding anniversary this year.
Jun 28, 2019 1,470 words in the original blog post.
On June 24, 2019, Cloudflare experienced a significant route leak from Verizon. The incident began at 10:34:25 UTC and ended at 12:38:54 UTC. This blog post provides an in-depth analysis of the event, including data on the routes leaked, the AS-PATHs involved, and the impact on various networks. It also discusses how different network operators handled the route leak and highlights the importance of implementing proper routing security measures such as RPKI.
Jun 26, 2019 3,649 words in the original blog post.
Cloudflare has announced partnerships with six analytics providers - Chronicle Security, Datadog, Elastic, Looker, Splunk, and Sumo Logic - to enable customers to analyze their Cloudflare logs and metrics using their preferred analytics platform. Pre-built dashboards have been developed for each partner's platform, allowing users to better understand events and trends from their websites and applications on the Cloudflare network. This integration aims to provide flexibility and ease of use for customers while improving data insights.
Jun 25, 2019 548 words in the original blog post.
On June 6th, 2019, Cloudflare hosted its first customer event in Bangalore, India, attended by over 60 executives, developers, engineers, and university students. The event covered topics such as the current DDoS landscape, cyber security trends, serverless computing, and Cloudflare's Workers. Business leaders shared insights and best practices on cyber security and performance strategy. Live demos from customers were also presented. Attendees gained first-hand knowledge of the latest technology and learned insider tactics to protect their businesses, accelerate performance, and identify quick wins in a complex internet environment. The event strengthened Cloudflare's connection with the local tech community, and the company plans to enhance its investment and engagement in India for better services and user experience.
Jun 25, 2019 253 words in the original blog post.
On June 24, 2019, a massive route leak impacted major parts of the Internet, including Cloudflare. This occurred when a small company in Northern Pennsylvania became a preferred path for many internet routes through Verizon, a major internet transit provider. The problem was exacerbated by the involvement of a "BGP Optimizer" product from Noction, which split up received IP prefixes into smaller parts. This caused many websites on Cloudflare and other providers to be unavailable from large parts of the Internet. The incident was resolved when DQE Communications worked with Cloudflare to stop advertising these optimized routes to Allegheny Technologies Inc. Despite this being outside their control, Cloudflare apologized for the disruption and encouraged network operators to adopt better routing security through systems like RPKI.
Jun 24, 2019 1,297 words in the original blog post.
Cloudflare is hosting a meetup in Seattle on June 25th for developers and users to discuss serverless compute and its various use cases. The event will feature guest speaker Devin Ellis discussing how Moz uses Cloudflare Workers to reduce time to first byte by caching dynamic content at the edge, followed by Solutions Engineering Lead Kirk Schwenkler sharing insights on scaling businesses securely. Developer Advocate Kristian Freeman will then conduct a live demo of Workers and introduce new platform features. Attendees can try out Workers for free during the interactive session. Food and drinks will be served throughout the evening, with networking opportunities available until 8:30 pm.
Jun 24, 2019 214 words in the original blog post.
Cloudflare has launched a free time service called "time.cloudflare.com" that supports both NTP (Network Time Protocol) and the emerging Network Time Security (NTS) protocol for securing NTP. The announcement is part of Crypto Week 2019, with the aim to make secure versions of insecure Internet protocols available for free. This service will enable anyone to get time securely from Cloudflare's datacenters in 180 cities around the world.
Jun 21, 2019 2,303 words in the original blog post.
Cloudflare has released a cryptographic library called CIRCL during its Crypto Week 2019. The Go-based library includes packages that target cryptographic algorithms for post-quantum (PQ), elliptic curve cryptography, and hash functions for prime groups. It is designed to be useful for a broad audience and aims to provide a complementary set of implementations that are more aggressively optimized or less commonly used but have a good chance at being very useful in the future. The CIRCL library includes packages for post-quantum cryptography, key exchange, digital signatures, hashing to elliptic curve groups, and bilinear pairings. It also contains an implementation of Supersingular Isogeny-based Diffie-Hellman (SIDH) and CCA2-secure Supersingular Isogeny-based Key Encapsulation (SIKE). The development of CIRCL follows best practices on the secure development, including writing constant-time code to prevent timing based attacks.
Jun 20, 2019 2,826 words in the original blog post.
The text discusses quantum computing and its impact on cryptography. It explains how quantum mechanics differs from classical computing, including concepts such as superposition, measurement, quantum gates, reversibility, composed systems, entanglement, and quantum parallelism. The text also covers the DiVincenzo criteria for physical implementations of a quantum computer and current implementations like adiabatic computers and NMR spectrometers. Furthermore, it delves into Grover's algorithm for searching and Shor's algorithm for integer factorization, both of which pose threats to cryptographic systems. The text concludes by discussing post-quantum cryptography as a potential solution to these threats, highlighting various quantum-resistant algorithms under evaluation by NIST.
Jun 20, 2019 5,357 words in the original blog post.
In the field of cryptography, Post-Quantum Cryptography (PQC) is an area of research focused on designing and implementing cryptographic algorithms that are secure against both classical and quantum computers. The motivation behind PQC arises from the potential development of efficient quantum computers in the future, which could break many existing public-key cryptosystems based on number theory problems such as factoring large integers or computing discrete logarithms. PQC algorithms are designed to be resistant against attacks by quantum computers and can be broadly classified into three categories: lattice-based cryptography, code-based cryptography, and multivariate polynomial cryptography. Each of these categories has its own advantages and disadvantages in terms of security, performance, and implementation complexity. In this post, we will discuss two PQC algorithms that have been implemented into BoringSSL: NTRU and SIKE. NTRU (Nth Degree Truncated Polynomial Ring Unrestricted Encryption) is a lattice-based public key cryptosystem introduced in 1996 by Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman. The main idea behind NTRU is to use the difficulty of distinguishing random elements from certain structured subsets of polynomial rings over finite fields as the basis for encryption and decryption operations. The hard problem assumed in NTRU is that given two polynomials f and g whose coefficients are short compared to the modulus q, it is difficult to find f and g given only their quotient pk = f / g modulo q. It means that it’s hard to find f and g given only public key pk. The NTRU cryptosystem consists of three main procedures: key generation, encryption, and decryption. In the key generation procedure, two random polynomials are generated as part of the private key (f and g), and their quotient is computed modulo q to obtain the public key pk. The encryption process involves multiplying a plaintext message by the public key pk and adding some noise term to it. Decryption uses both the secret value f and to recover the plaintext as v = f * ct mod q, where ct is the received ciphertext. HRSS (High Rate Subset Sum) is another lattice-based cryptosystem that improves upon NTRU in terms of efficiency and security. HRSS uses a different approach for key generation and decryption compared to NTRU but still relies on the hardness of certain problems related to lattice theory. SIKE (Supersingular Isogeny Key Encapsulation) is an isogeny-based post-quantum cryptographic algorithm that was proposed in 2018 by Craig Costello, David Jao, and Patrick Schmidt. The main idea behind SIKE is to use the difficulty of computing isogenies between supersingular elliptic curves as the basis for key exchange and encryption/decryption operations. An elliptic curve is a set of points that satisfy a specific mathematical equation. In cryptography, we are interested in using elliptic curves with certain properties (e.g., being supersingular) to design secure public-key cryptosystems. The key exchange process in SIKE involves both parties performing random walks on an isogeny graph of supersingular elliptic curves and then sharing some information about their respective walks to compute a shared secret value. In conclusion, Post-Quantum Cryptography plays a crucial role in ensuring the long-term security of our digital communications against potential threats posed by quantum computers. By implementing PQC algorithms like NTRU and SIKE into widely used libraries such as BoringSSL, we can take proactive steps towards preparing for this future scenario while continuing to benefit from the performance advantages offered by today's classical computers.
Jun 20, 2019 5,909 words in the original blog post.
Cloudflare has announced its Ethereum Gateway as part of Crypto Week 2019, allowing users to interact with the Ethereum network without installing additional software on their computers. This gateway is another tool in Cloudflare's Distributed Web Gateway suite, which also includes hosting content on the InterPlanetary File System (IPFS). The new Ethereum Gateway enables access to the Ethereum network through a custom hostname and allows for adding interactive elements to sites powered by Ethereum smart contracts. This setup supports decentralized website hosting with added speed, security, and reliability provided by Cloudflare's edge network.
Jun 19, 2019 2,767 words in the original blog post.
Cloudflare has made significant improvements to its InterPlanetary File System (IPFS) gateway since its launch last year. These enhancements include automatic cache purge, beta testing for Orange-to-Orange feature, subdomain-based gateway, enabling session affinity and connecting with Pinata. The aim is to improve the performance of IPFS gateway and provide a secure context to apps while ensuring eternal immutability. Cloudflare continues to work on enhancing its services based on user feedback and contributions from the open-source community.
Jun 19, 2019 1,119 words in the original blog post.
Public Key Infrastructure (PKI) is crucial for securing internet communication through digital certificates issued by Certificate Authorities (CAs). PKI enables HTTPS encryption, which is vital for websites handling sensitive data like banking credentials or private messages. However, recent research has shown that common Domain Control Validation (DCV) methods are vulnerable to Border Gateway Protocol (BGP) hijacking attacks, where adversaries can obtain certificates for domains they do not own. To address this issue, Cloudflare offers a free API tool for CAs to perform DCV from multiple vantage points worldwide, making it virtually impossible for an attacker to mislead a CA into thinking they own a domain when they actually don't.
Jun 18, 2019 2,709 words in the original blog post.
The League of Entropy, a consortium of global organizations and individual contributors, has introduced a decentralized randomness beacon called drand to generate publicly verifiable random values every sixty seconds. This initiative aims to provide unpredictable, unbiased, and verifiable random numbers for various applications such as lotteries, election auditing, and cryptocurrency platforms. The distributed nature of the beacon ensures that even if a few servers are compromised, the jointly-produced entropy remains fully unpredictable and unbiasable. Public randomness matters in ensuring transparency and fairness in various processes, and drand offers a solution to generate such random values securely.
Jun 17, 2019 2,030 words in the original blog post.
The article discusses the importance of generating verifiable randomness for various applications such as lotteries, cryptographic computations, and scientific experiments. It introduces a new public randomness beacon by Cloudflare as part of the League of Entropy initiative. This network of beacons produces distributed, publicly verifiable random outputs that can be used in applications where the nature of the randomness must be publicly audited. The underlying cryptographic architecture is based on the drand project. The article also provides a technical overview behind the cryptography used in the distributed randomness beacon and how it can be used to generate publicly verifiable randomness. It explains the concept of entropy, sampling randomness from natural phenomena or external usage characteristics, and the use of threshold cryptography for generating distributed randomness. The drand project uses a distributed key generation (DKG) procedure and a threshold signature scheme as its core components. The DKG procedure creates a distributed secret key that is formed of n different key pairs, each one being held by an entity in the system. The threshold signature scheme allows a set of users holding distributed key-pairs to compute intermediate signatures that can be combined to create an entire signature for the system. The drand protocol involves synchronizing randomness beacons in rounds and producing new signatures using private keys on the previous signature generated and the round ID. These signatures are usually broadcasted, allowing any client to publicly verify the signature over this data to verify that the beacons honestly aggregate. The randomness can be retrieved by combining the signatures from each of the beacons using the threshold property of the scheme. The article concludes with a discussion on how drand works and its potential applications in building a better internet, as well as acknowledging the collaborators involved in the League of Entropy initiative.
Jun 17, 2019 3,401 words in the original blog post.
Cloudflare, a company focused on building a better internet through security compliance certifications, has achieved several significant milestones in the first half of 2019. These include renewing their PCI DSS certification in February, obtaining SOC 2 Type 1 compliance in March, and achieving ISO 27001 certification in April. Most recently, they have announced that they are now compliant with SOC 2 Type 2 standards. The company's security team has been working diligently to obtain these meaningful compliance certifications, which demonstrate their commitment to maintaining the security, confidentiality, and availability of information stored and processed within their environment. These certifications also provide confidence to customers worldwide that Cloudflare is dedicated to upholding high standards of security. Additionally, they have launched a Compliance certification page on their website where customers can view their status on all compliance certifications and download the SOC 3 report.
Jun 16, 2019 907 words in the original blog post.
Cloudflare is hosting Crypto Week 2019 to announce new projects and services that use modern cryptography to build a more secure, trustworthy Internet. The week will feature daily announcements of these initiatives, all of which are free and immediately useful. This includes the League of Entropy, securing certificate issuance using multipath domain control validation, Cloudflare's Ethereum gateway, improving their IPFS gateway, advancing towards post-quantum cryptography in TLS, introducing CIRCL: an advanced cryptographic library, and launching time.cloudflare.com. The Internet of the Future is discussed, highlighting how many pieces of the Internet were designed with different assumptions than today's reality. Constant improvement is not a given, as there are strong incentives to weaken the Internet on a fundamental level by governments, businesses, and financial institutions. Real change requires commitment from all invested parties. Ongoing upgrades to the Internet include routing security, DNS security, and improvements in TLS. The adoption of these technologies is driven by factors such as performance benefits and increased user trust. Researchers are also exploring new ways to distribute trust among multiple time servers while maintaining precision. Cloudflare's global network can help kickstart a flywheel effect for the distributed web, which uses exotic new algorithms and protocols on top of existing Internet infrastructure.
Jun 16, 2019 4,003 words in the original blog post.
Argo Tunnel is a service that allows users to expose their server to the internet without opening any ports, making it easier for administrators to serve traffic from their origin through Cloudflare with a single command. Previously only available to users with Cloudflare accounts, Argo Tunnel can now be used in a free model that creates a new URL known only to the user and proxies traffic to their server. The service aims to remove the burden of securing and connecting servers to the internet by replacing manual and error-prone work with a process that adds intelligence to the last mile between Cloudflare and users' origins or clusters.
Jun 15, 2019 797 words in the original blog post.
Erin Walk, program manager for Cloudflare's Project Galileo, shares her experience working with the initiative that provides free services to vulnerable voices on the internet. She discusses her interactions with participants and partners, including helping them onboard their websites and explaining how Cloudflare's products work. Walk highlights the positive impact of Project Galileo on both its recipients and the company itself, as it brings out the best in the internet and within Cloudflare. The project also serves as a platform for companies to support deserving groups who may not be able to afford their services.
Jun 14, 2019 874 words in the original blog post.
On June 13, 2019, the fifth anniversary of Project Galileo was celebrated. The program currently protects over 550 websites from various types of attacks. These sites are protected by Cloudflare Firewall and Advanced DDoS Protection features which include firewall rules, security level settings, access rules, browser integrity checks, WAF (Web Application Firewall), hotlink protection, HTTP DoS protection, rate limits, and zone lockdown utility. The most interesting feature is the WAF, which identifies and blocks malicious requests based on heuristics and rules learned from customer experiences. A heat map shows that the average Project Galileo site saw malicious traffic for 27 days in a month observed, with almost 60% of sites experiencing daily events. The WAF blocked over 4.5 million requests during this period. DoS attacks are also mitigated by Cloudflare's automatic tools like Gatebot. Customers can use Firewall Rules to block traffic and Access Rules to challenge or block visitors based on IP address, ASN, or country. Rate limiting is used to protect specific pages from heavy load, while the Security Level feature helps in setting up a threshold sensitivity for incoming requests. Overall, these features provide comprehensive security for Project Galileo customers.
Jun 13, 2019 1,356 words in the original blog post.
Today marks the 5th anniversary of Cloudflare's Project Galileo, which provides free security services to nearly 600 politically or artistically important organizations worldwide. The initiative was launched in response to a mistake made by Cloudflare in 2014 when it failed to protect an independent Ukrainian newspaper under attack during the Russian invasion of Crimea. Since then, Project Galileo has grown and now includes 28 partner organizations that help determine which non-profits or small commercial entities are eligible for protection. The initiative is a source of pride for Cloudflare and its employees, as it aligns with their mission to build a better internet by protecting those who need it most.
Jun 12, 2019 1,409 words in the original blog post.
Cloudflare has experienced significant growth in Europe, the Middle East, and Africa (EMEA) over the past few years, with plans for further expansion. The company's EMEA operations are headquartered in London, where it supports customers across various sectors, including digital, online, corporate, and global environments. Cloudflare also has a customer-facing base in Munich to serve the Germany, Austria, and Switzerland (DACH) markets. The company works with committed channel partners throughout the region and is continuously developing new partnerships. With over 180 cities worldwide and more than 70 data centers in EMEA, Cloudflare aims to provide rapid processing of its customers' website traffic for an excellent user experience.
Jun 11, 2019 1,284 words in the original blog post.
Cloudflare, a company dedicated to building a better internet, has announced its next iteration of the Partner Program. The program aims to engage and enable partners who share the mission of improving the internet. Matthew Harrell, who recently joined Cloudflare from Google Cloud, will lead Global Channel Sales & Partnerships. He plans to provide tools and programs that allow partners to build a compelling business around Cloudflare's products. The new partner program focuses on helping partners build businesses, making it easy to do business with Cloudflare, and strategically focusing on partnerships.
Jun 06, 2019 682 words in the original blog post.
Cloudflare, a company dedicated to building a better internet, has announced its latest iteration of partnership programs for solutions partners. The program includes categories such as resellers and referral partners, OEM partners, and the new partner services program. This initiative aims to help partners grow their businesses with Cloudflare's global network by offering world-class enablement paths and best-in-class revenue share models. Additionally, the company is expanding its program to include service providers that want to develop profitable services practices around Cloudflare's solutions. The goal is to create a diverse ecosystem of partners to help build a better internet together.
Jun 06, 2019 850 words in the original blog post.
In June 2019, Garrett Galow discussed how he helped evolve Cloudflare's partner platform to support the company's growing needs and changing landscape. The existing partner platform was launched in 2010 but needed a new solution due to the introduction of multi-user access and new products like Argo, Load Balancing, and Cloudflare Workers. IBM became the first customer for the new platform, which aimed to meet the needs of partners and their customers while being scalable for future use. The new partner platform includes tenants and subscriptions systems that allow partners to sell and provision Cloudflare services in a scalable fashion.
Jun 06, 2019 1,927 words in the original blog post.
DEF CON China 1.0, a cybersecurity conference, was recently held in Beijing with the theme "Technology's Promise." The event attracted participants of all ages who engaged in testing, playing, and tinkering with new technologies. Highlights included meetings between Cloudflare team members and DEF CON China visitors and organizers, as well as a Capture The Flag contest. The conference aimed to build a forum for the Chinese security community to gather, connect, and grow together.
Jun 05, 2019 431 words in the original blog post.
Experimentation is crucial in driving business growth, and Optimizely is a leading experimentation platform used by thousands of customers worldwide. When it came time to experiment with reinvigorating their own platform, Optimizely chose Cloudflare Workers. Cloudflare Workers is a globally distributed serverless compute platform that runs across Cloudflare's network of 180 locations worldwide. It allows developers to move decision logic and data into a highly efficient runtime operating in close proximity to end users, resulting in significant performance benefits and flexibility. Optimizely uses Workers to improve performance and increase agility for more complex applications. By hoisting critical logic to the edge with Cloudflare Workers, Optimizely can support many of its use cases while avoiding much of the performance cost associated with traditional client-side A/B testing implementations.
Jun 05, 2019 1,227 words in the original blog post.
Cloudflare has announced new features for its serverless platform, Workers, including a CLI (Command Line Interface) called Wrangler, improved documentation, support for multiple scripts, and a free tier. The aim is to make it easier for developers to focus on coding without worrying about infrastructure setup or management. These updates are part of Cloudflare's ongoing commitment to improving the developer experience with Workers.
Jun 02, 2019 1,048 words in the original blog post.
Cloudflare offers various services beyond traditional Content Delivery Networks (CDNs), such as Load Balancing and Serverless Applications deployment. Their Load Balancing service supports weighting, latency-based routing, and health checks, while remaining independent of public cloud providers. Argo Tunnel simplifies multi-cloud networking by establishing outbound tunnels from virtual machines to Cloudflare's network, allowing seamless addition or removal of machines in new locations without relying on any single cloud provider. Access control can be applied using identity providers like Okta or Active Directory, and SSH access management is also possible. Cloudflare's system design ensures reliability by functioning independently across multiple data centers and utilizing anycast for seamless traffic redirection during network failures. The company aims to build a more reliable and cost-effective Internet through smarter networks that can handle the complexities of multi-cloud environments.
Jun 02, 2019 938 words in the original blog post.