The free-to-use nonprofit was founded in 2014 in part by the Electronic Frontier Foundation and is backed by Akamai, Google, Facebook, Mozilla and more. Three years ago Friday, it issued its first certificate. Since then, the numbers have exploded. To date, more than 380 million certificates have been issued on 129 million unique domains. That also makes it the largest certificate issuer in the world, by far....
Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare. It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information...
A surprisingly large number of antivirus and security products are undermining HTTPS connections and exposing browser users to decryption attacks, according to a study by researchers at Google, Mozilla, Cloudflare, and several US universities. Thanks to a multi-pronged effort to enable HTTPS everywhere, as of January half the world’s traffic on the web is encrypted using the secure TCP/IP HTTPS protocol. However, while HTTPS...
Thanks to boosts in visibility when it comes to search and web browsers, you’ve probably noticed more websites (like Engadget) switching to HTTPS, which uses encryption to secure the connection between browser and server. Despite benefits to privacy and security most adult sites, even larger ones, haven’t rolled it out across their domains, but the Washington Post points out there’s a new industry push...
Starting in January of 2017, Google’s Chrome browser will start flagging some websites that don’t use web encryption as “Not Secure”—the first step in Google’s eventual plan to shame all sites that don’t use encryption. In the last couple of years, the web has seen a tremendous rise in the number of websites that use encryption, which is displayed by that little green lock...
Like many forms of encryption in use today, HTTPS crypto protections are on the brink of a collapse that could bring down the world as we know it. Hanging in the balance are most encrypted communications sent over the last several decades. On Thursday, Google unveiled an experiment designed to head off, or at least lessen, the catastrophe. In the coming months, Google servers...
Recent Forum Activity