The Akamai BlogSubscribe
January 2014 Archives
Top Tweets of the Week: 1/24 - 1/31
It's Friday - so it's time for our next installment of "Top Tweets of the Week"! This week we launched our latest Akamai State of the Internet Report, (along with a brand new iOS app), helped stream the Grammy's, and found out that you'll lose viewers if you webpage takes more than 3 seconds to load. Have a great weekend, and don't forget to keep on tweeting!
A Preview of #BSidesSF
For those planning the trip to San Francisco next month for RSA Conference and BSidesSF, there's a lot of good talks to choose from. Here's a look at the BSidesSF agenda. I apologize in advance to those I missed. These are the items that piqued my interest at first glance.
Streaming Olympic Coverage for Athletes Families - A ...
As a mother of an athlete that grew up aspiring for the London 2012 Olympics when I saw this story about Olympic athletes requesting that their families stay home it broke my heart.
A Drop in DDoS Attacks for Q3 2013
For the first time in nearly a year, Akamai researchers saw a drop in the number of DDoS attacks targeting customers. The details are outlined in the newly-released State of the Internet Report for the third quarter of 2013.Download the full report HERE
China Again the Top Producer of Attack Traffic
Akamai released its Third Quarter 2013 State of the Internet Report yesterday. On the security side, we saw a return of sorts to the status quo.
Live Streaming from Mercedes-Benz Fashion Week
More than a century ago, clothing designer Tiger of Sweden was founded with the radical idea of sending its tailors to customers rather than waiting for customers to visit the shop. During this week's Mercedes-Benz Fashion Week Stockholm, the cutting-edge designer is again bringing its fashions to the people, this time by way of live streaming the showcase of its 2014 Fall and Winter clothing lines.With no margin for error,
Introducing the new Akamai State of the Internet iOS ...
Over the last six years, Akamai's State of the Internet Report has primarily been available as a PDF download or a printed report. We've also made related data available through map- and graph-based visualizations on the State of the Internet page on www.akamai.com, as well as posting related news and information on the @akamai_soti Twitter feed. Today, we're bringing that all together in a new mobile app for iOS users.
Podcast: James Arlen at #ShmooCon 2014
At the recent ShmooCon conference, industry leader James Arlen discussed the need for better business etiquette among security practitioners.
Next Akamai Meet-Ups in February
UPDATE: Due to scheduling conflict the Reston Meetup event has been moved to Wednesday, March 19th, 2014. Our sincere apologizes for any inconvenience" Akamai's Professional Services team is hosting two new security-focused meet-ups in February. These interactive technical sessions cover key trends and tips for Akamai customers. To learn more about our upcoming events, read below.
Punish Users for Security Mistakes?
In the world of information security, complaining about the user is a sport as old as the profession itself. Users falling for phishing attacks. Users failing to install patches. The list of complaints goes on.
Top Tweets of the Week: 1/17 - 1/24
It's that time of the week again! This week, CEO Tom Leighton went to Davos for the World Economic Forum and chatted with Bloomberg News about innovative technology, while Bill Brenner starts looking forward to RSA and we all learn about the "Business Value of a Fast Website." I hope you enjoy this week's edition of "Top Tweets of the Week"
The Business Value of a Fast Website
While everybody agrees a fast site is better than a slow one, mobilizing business to invest in making their site faster often requires showing how this preference translates to dollars. In this video Ravi Maira, VP Web Experience Products at Akamai, explains how performance ties to the top and bottom lines, and backs it up with public data.
A Two Week Overview of the Latest Massive Scale RFI ...
In the past several weeks, Akamai was in a unique position to witness a massively orchestrated attack, designed to map Internet facing web servers that are susceptible to certain specific vulnerabilities.
ISO 30111 Vulnerability Handling Processes Published
One of the big news items from ShmooCon 2014 was that the ISO 30111 Vulnerability Handling Processes is now published. The document, edited by Microsoft Senior Security Strategist Lead Katie Moussouris, has been a long time coming. Specifically, it outlines how vendors should investigate, triage, and resolve all potential vulnerabilities, whether reported from external finders or via the vendor's internal testing.
#ShmooCon, Day 2: For the Love of LobbyCon
I've said it about other conferences: The most important activity -- even more so than attending talks -- is the networking that goes on in the lobby, something that's become popularly known as LobbyCon. It's especially true for those attending ShmooCon here in the nation's capital.
#ShmooCon, Day 2: Instant Messaging Insecurity
At Akamai, one of our security policies goes something like this: If you want to do instant messaging for personal matters, use whatever you want. If you want to discuss company business on IM, however, you have to use a specialized instant messaging program we've set up specifically for communication between colleagues.
#ShmooCon, Day 2: Security Tools You Can Use
As the second day of ShmooCon 2014 dawns over Washington DC, I'm reflecting on the talks that kicked off the weekend yesterday. Particularly useful was a presentation by security practitioner Rob Fuller called "Attacker Ghost Stories: Mostly Free Defenses That Give Attackers Nightmares."
Top Tweets of the Week: 1/10 - 1/17
It's been another busy week here at Akamai! We had the next installment of our web technology video publish, a security bloggers take on why he is attending Shmoocon and a few other interesting things that happened this week. Hope you enjoy this installment of "Top Tweets of the Week!" Happy Friday!
#ShmooCon, Day 1: Schwag for the Security Messaging ...
After getting my badge for this weekend's ShmooCon conference in Washington DC, I excitedly emptied the contents of my bag on the table. Schwag. Lots of it. There was a wooden airplane kit. A harmonica. Stickers aplenty. All branded with the names of various security vendors and organizations.
Responsive Web Design & its Performance Pitfalls
Responsive Web Design (RWD) is a powerful new approach to tackling the challenge of mobile browsing, which advocates having a single website for all devices, but one that adapts to the device width & capabilities on the client itself. While powerful, RWD brings with it a set of performance concerns. This video explains what RWD is and - more importantly - how to understand and avoid the performance concerns it
Your January 2014 Patch Tuesday Update
Patch Tuesday is an important calendar item for Akamai customers, given how dominant Windows machines are in many companies. What follows is Microsoft's January 2014 Security Update.
A New Resource for Training Kids in Internet Safety
I got a message this morning from an Akamai colleague who read yesterday's blog post on the HacKids security conference for children. He wanted me to know that he is doing something similar. Stefano Buttiglione, one of our senior solutions architects, says a school in his home town in Italy asked him to do a training course on the risks of social media to kids and their parents. It started as
HacKid Conference: Security Training for Kids
As I've written before, we in Akamai InfoSec take our security training very seriously. We also know that our success as a security operation depends on the skills and talents of the future. So when I see great examples of training for younger generations, I'm compelled to mention it here. For this post, the subject is the HacKid Conference scheduled for April 19 and 20 at the San Jose Tech Museum of
Top Tweets of the Week: 1/3 - 1/10
Happy 2014! The first full work week of the year has brought us tons of great news. We attended CES, made an announcement regarding our role in the streaming of the 2014 Winter Olympics, added a new member to our Board of Directors and even put up some great window decorations. Check out what happened this week in this edition of "Top Tweets of the Week".
2014 Predictions for the Banking and Financial Servi ...
Overall, we can look back on 2013 and feel very good about the results for the industry as a whole. Earlier in the year I recall a survey stating that over 40% of bankers expected another financial crisis in the near future. Thankfully that didn't happen. Other good news for 2013: no European country defaulted; the Euro held together; home prices in the U.S. are up; the S&P 500 went
Like Skipfish, Vega is Used to Target Financial Site ...
Yesterday, we told you about how attackers were exploiting the Skipfish Web application vulnerability scanner to target financial sites. Since then, Akamai's CSIRT team has discovered that another scanner, Vega, is being exploited in the same manner. Skipfish and Vega are automated web application vulnerability scanners available by free download. Skipfish is available at Google's code website and Vega is available from Subgraph. These are scanners intended for security professionals to evaluate
WordPress Plugins Exploitation Through the Big Data ...
Overview According to Wikipedia, WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL, which runs on a web hosting service. Features include a plug-in architecture and a template system. WordPress is used by more than 18.9% of the top 10 million websites as of August 2013. WordPress is the most popular blogging system in use on the Web, at
Attackers Use Skipfish to Target Financial Sites
Akamai's CSIRT team has discovered a series of attacks against the financial services industry. In this instance, the bad guys are exploiting the Skipfish Web application vulnerability scanner to probe company defenses. Skipfish is available for free download at Google's code website. Security practitioners use it to scan their own sites for vulnerabilities. The tool was built and is maintained by independent developers and not Google, though Google's information security
SPDY & HTTP 2
HTTP is one of the powering forces of the Internet today. However, HTTP has barely changed in over a decade, and carries with it many limitations that cripple our everyday user experience. SPDY, and subsequently HTTP/2, aim to address those limitations and offer a new and improved way to access content on the web. This video explains these new techniques, along with their limitations and status.
Why I'm Attending ShmooCon 2014
Here at Akamai, we're busy preparing for RSA Conference 2014. It's the biggest security conference of the year, and we send a platoon of employees every time. Given our role in securing the Internet, it's a no-brainer.But there are many other conferences we attend each year, because:We have a lot of information to share about attacks against Akamai customers and how the security team continues to successfully defend against them.We
Analyzing a Malicious Botnet Attack Campaign Through ...
Two of the most prominent evolutions in the web application attacks landscape are scale and volume. Nowadays, attackers use tremendous amounts of computing resources such as those provided by cloud computing and botnets, in order to mount distributed large-scale attack campaigns over the Internet while keeping their identity hidden. From a security defense point of view, such attacks are a nightmare - they are much harder to detect and
Akamai/Qualcomm Demo Goes over the Edge at CES
On the eve of this week's International CES in Las Vegas, Qualcomm issued this news release highlighting an interesting demonstration at their booth (#8252 in the Las Vegas Convention Center's central hall), of which Akamai is a part. As a proof of concept, we've worked with Qualcomm's Atheros subsidiary to show how Akamai Intelligent Software can run on an Atheros IPQ smart gateway to make consumer experiences markedly faster and
Security Predictions? Here Are Some Facts About 2014
I've said it before and will repeat it here: I absolutely loathe security predictions. I have nothing against those who make them. It's just that most predictions are always so much duh. The rest are marketing creations that have no attachment to reality. Examples of the self evident:Mobile malware is gonna be a big deal.Social networking will continue to be riddled with security holes and phishing attacks.Microsoft will release a lot
Addressing the 4K Challenge at CES
Big screens, bigger screens and little, tiny screens ... the 2014 International CES is sure to be all about screens - and the gadgets they're attached to - again this year.I, for one, will have my eyes fixed on the Ultra High Definition, or 4K, screens at this year's show. Unlike the 3-D fad in recent years, this technology is here to stay. Tech cycles have quickly evolved and there's