Get In Touch
July 2013 Archives
One of the things I've always loved about Security B-Sides is that it offers a nurturing environment for people who are young in their InfoSec careers. An example of that is playing out this week in Las Vegas.Among the tracks of talks being offered is one devoted entirely to newbies and the more seasoned veterans who have been guiding them along in a successful mentoring program. The track -- called "Proving
I get the question a lot at conferences like Black Hat: What do I see as the next big thing in security? I usually respond with a blank stare. The reason is that I see absolutely nothing new, and haven't for some time.Some might say that's a cynical, jaded response. I don't think so. Security doesn't need a constant torrent of new trends to be interesting and important.A decade ago,
A big topic of conversation in Las Vegas this week is the death of famed hacker Barnaby Jack, who was scheduled to give a presentation on how to hack into pacemakers and implanted defibrillators from 30 feet away. His speaking slot will instead be a celebration of his life and work. "Black Hat will not be replacing Barnaby's talk on Thursday, Aug. 1," event organizers said in a statement. "No
It's the end of my first day in Las Vegas, where I'm spending the week at Black Hat and BSidesLV. Along with DEF CON, which begins later in the week, these events are important for those of us in Akamai's InfoSec department. It's a place for vital networking and discussion on the threats and defensive measures for which we're responsible.Also see: "A Black Hat, BSidesLV and DEF CON Survival Guide"Attending
One of the most interesting highlights of our latest "State of the Internet" report -- in my opinion -- involves something called account checker attacks. The big victim here: e-commerce websites.--Please join us on Sept 26th at 11 AM ET for our next "Crush the Rush" holiday readiness webinar to learn more about how to protect your site and holiday season revenue. Mike Smith, director of our CSIRT Team, and Daniel
Yesterday, I shared details from the latest Akamai "State of the Internet" report regarding attack traffic and where it's coming from. Today, we look at what the report has to say about DDoS attacks.The full report can be downloaded here.We have quite a vantage point here at Akamai. Our globally-distributed Intelligent Platform helps us gather huge piles of data on everything from connection speeds, attack traffic, network connectivity/availability/latency problems, and
I'm pleased to invite you to our 6th Akamai Edge 2013 this October 7 - 11 in Washington, D.C. at the Gaylord National Harbor Resort and Conference Center. Join us and meet up with more than 1,000 of your industry peers and our best line-up yet of industry innovators, as we create the experiences that to drive a Faster Forward World. Our Biggest and Best Customer Conference Yet! More sessions, tracks and
In this video, Akamai CSO Andy Ellis explains why security means different things to different people.
Akamai's latest "State of the Internet" report is rich in detail about attack traffic and other areas of security. I'll be sharing all the security bits with you in the coming days. The full report can be downloaded here. We have quite a vantage point here at Akamai. Our globally-distributed Intelligent Platform helps us gather huge piles of data on everything from connection speeds, attack traffic, network connectivity/availability/latency problems, and IPv6
In this video, Akamai CSIRT Director Michael Smith walks viewers through the regulatory minefield. It's a great primer, though we suggest, as always, that you consult your own attorneys to understand how the laws and standards discussed in this video apply to you.
The holiday season is already creeping up and by far will be the most vital online shopping period of the year for retailers. Thanksgiving week will no doubt once again present one of the largest online shopping weeks of the year. Now, more than ever, time is literally money when it comes to Web performance. As online retailers face another big holiday shopping season, they have to make sure
This time next week the security community will head to Las Vegas for Black Hat and BSidesLV. I won't be staying for DEF CON due to family obligations, but several Akamai InfoSec colleagues will be. What follows is a rough outline of where we'll be and what we'll be doing.Let's start with me...This will be the first conference I've attended without a press badge, since I'm now working for Akamai.
Last week we published the below high-level info-graphic showing how online video performance impacts viewer behavior. These stats are based on a scientific research paper released by Ramesh K. Sitaraman, an Akamai fellow and professor of computer science at UMass-Amherst, and S. Shunmuga Krishnan, a senior system software engineer at Akamai. One of my favorite key takeaways is what we're calling the 2-second rule, which shows that videos with a start-up
The comics world is gathering in San Diego this week for Comic-Con® International and Akamai is excited to help FUNimation Channel stream live from the massive conference. Owned and operated by our partner, Olympusat Telecom, FUNimation Channel's originally produced entertainment news show, Random Pop: Live at Comic-Con, is live streaming July 18-20 from 12 PM-6:30 PM PST. The content is being delivered with Olympusat Telecom's OT Cloud and OT Connect services,
As if serving on the order of two trillion content requests a day isn't enough, there's even more happening on the Akamai Intelligent Platform at any given time: video streaming, route optimization calculations, DNS lookups, and content purges, just to name just a few. In the Akamai NOCC, we have both real-time and long-term (days, months, years) views of platform activity and key metrics, giving us a view of what's
I've been looking over the Black Hat 2013 schedule to see which talks best fit the issues Akamai's InfoSec team is dealing with daily. It's always a roll of the dice when you try to determine which talks to attend, because some look like the right fit on the website but then the talk turns out to be something different. That's not necessarily a bad thing. I've gone to talks
Akamai customers and anyone else relying on Oracle infrastructure should know that the database giant has released its latest Critical Patch Update (CPU). A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities and is usually cumulative. But each advisory describes only the security fixes added since the previous CPU. Oracle delivers these updates every three months. The list of affected product releases and versions that are
Yesterday, I wrote about the controversy surrounding DEF CON 21 and the organizers' suggestion that those working for such government agencies as the NSA sit this one out. I didn't offer an opinion on whether it was the right or wrong move, but captured both sides of the argument and asked readers for feedback. And, when tweeting the post, I argued that while some see this as drama, I saw
With three big security conferences coming up in Las Vegas two weeks from now, much of the InfoSec community's attention is on who won't be at the third event: DefCon. Amidst revelations about the NSA's surveillance activities, DefCon organizers have advised feds to skip this year. It's a first in the 21-year history of this hacker gathering, and reaction has been sharply divided.Those outraged by the depth of the NSA's
In this Akamai InfoSec video tutorial, Security Intelligence Director Joshua Corman gives an overview of major areas of technology within security.
In this Akamai InfoSec video tutorial, Akamai CSIRT Director Michael Smith gives an overview of the security team's role within an organization.
We in Akamai InfoSec are sitting on a mountain of educational videos, and I've spent the past month reviewing some 40 items. We'll eventually have a place on the Akamai website where you can easily access them all. But for now, I've decided to start making them available via my blog posts. In this episode, Akamai CSIRT Director Michael Smith gives an overview of the cloud, cloud infrastructure and cloud delivery models.
We in Akamai InfoSec are sitting on a mountain of educational videos, and I've spent the past month reviewing some 40 items. We'll eventually have a place on the Akamai website where you can easily access them all. But for now, I've decided to start making them available via my blog posts. The first one is a favorite of mine: CSO Andy Ellis giving a brief history of cryptography. Enjoy!
I've been looking over the Black Hat 2013 schedule to see which talks best fit the issues Akamai's InfoSec team is dealing with daily. It's always a roll of the dice when you try to determine which talks to attend, because some look like the right fit on the website but then the talk turns out to be something different. That's not necessarily a bad thing. I've gone to talks that didn't
This is the third installment in a series of posts that discuss various challenges of online video and how Akamai's Sola Media Solutions can be used to address those challenges.One of the most common challenges that we hear from customers - of any type - is the uphill battle they face when attempting to prepare content for delivery to multiple devices. Even dividing devices into categories seems daunting: mobile phones,
I've been looking over the schedule for BSidesLV to see which talks best fit the issues Akamai's InfoSec team is dealing with daily. It's always a roll of the dice when you try to determine which talks to attend, because some look like the right fit on the website but then the talk turns out to be something different. That's not necessarily a bad thing. I've gone to talks that didn't
Microsoft has released seven security bulletins addressing 34 CVEs. Since so many Akamai customers run Windows environments, we find it important to let you know whenever these are rolled out.Jonathan Ness, an engineer for Microsoft's Security Response Center, says six bulletins have a maximum severity rating of critical, and one has a maximum severity rating of Important. Below is a table to help you prioritize patch deployments in your environment.BulletinMost
According to the Department of Homeland Security, almost 50 US Financial Institutions have suffered more than 200 Distributed Denial of Service attacks since September 2012 . Because we protect the majority of world's biggest banks, asset management firms, and online brokers, Akamai is in the unique position of having witnessed and actively defended against many of these attacks, and can describe the evolution of attack targets as well as attack techniques.
This morning a story caught my attention regarding the potential for another wave of DDoS attacks. The article, by Tracy Kitten at Bank InfoSecurity, quotes researchers who see modifications being made to Brobot -- a favorite weapon in attacks against the banking sector. She wrote:Experts say distributed-denial-of-service attacks against U.S. banks are not over, despite what's now been a two-month cease-fire by the hacktivist group Izz ad-Din al-Qassam Cyber Fighters. Security
Many security professionals are making plans for a week in Las Vegas at the end of this month for three big InfoSec conferences: Black Hat, Defcon and BSidesLV. Several of us from Akamai InfoSec have been going for years and are familiar with what to expect and how to make the best use of our time there. If you're a first-time attendee, however, the experience can be overwhelming.For that reason, each