Get In Touch
June 2014 Archives
When Akamai's Advance Solutions Group (ASG) launched the Akamai Meet-Up series, we asked ourselves these questions: Would Akamai customers embrace our format? Would they find the events safe for open technical interactions? And would they find Meet-Ups relevant over time? We were pleased when the answer to these questions came in the form of consistent attendance - over 30 per event - and positive feedback from attendees. We created the
The latest Akamai State of the Internet Report is out. Here's a look at what we saw on the security front in the first quarter of 2014.
This week Orange announced that Dailymotion, one of the biggest video platforms in the world, has chosen Orange Business Services to help optimize live streaming of sports and gaming events for its partners. The media delivery solution implemented by Orange Business Services and Akamai uses an extensive network of servers to accelerate the distribution of video content over the internet - enabling users to watch high-quality live video content
As is the case with any conference, attendees can't be everywhere at once. If you attend one talk, you're missing a few others down the hall. If you can't attend, you miss everything.That's one of the things I love about Twitter: You can keep up with what's happening. Such is the case this week during the FIRST conference in Boston. As I attend my chosen talks, I'm keeping up with everything
After security luminary Eugene Spafford gave a keynote at the FIRST conference in Boston this morning, some noted that his overall outlook was dark and depressing.
Security luminary Eugene Spafford gave a rather bleak assessment of the state of the industry in his FIRST Conference keynote this morning. His focus of gloom: Patches. Specifically, the addiction companies and organizations have to patching, at the expense of building more ironclad systems.
I'm at the Forum of Incident Response and Security Teams (FIRST) annual meet-up at the Boston Park Plaza Hotel, and will be blogging about some of the talks in the coming days. But for those who can't make it, I want to direct you to the FIRST homepage, where you can keep track of the action and soak in some of the experience.Two cool noteworthy items here:First, there are several podcasts
The Forum of Incident Response and Security Teams (FIRST) annual Boston meet-up starts in earnest today at the Boston Park Plaza Hotel. For those planning to attend, here's a look at the keynote speaker roster.
You can now subscribe to the Akamai Security Podcast from the iTunes store. Hear interviews with Akamai security specialists as well as security luminaries from the larger industry. Preview the podcast here and, to subscribe, click "view in iTunes." Once iTunes launches, you can hit the subscribe button.Thanks for listening!
In recent days, we've been monitoring attempts by Anonymous and others to cause Internet disruptions during the World Cup. Here's how those attacks are playing out in the media.Related:World Cup 2014 Attack TargetsInternet Disruptions Possible During World Cup 2014Podcast: Online Extortion and World Cup Risks
Next week I'll be attending the Forum of Incident Response and Security Teams (FIRST) annual Boston meet-up at the Boston Park Plaza Hotel along with several Akamai colleagues. FIRST is a global non-profit organization that brings together computer security incident response teams (CSIRTs) from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.
A look at the security issues making headlines so far this week: The €30k data takeaway: Domino's Pizza Faces Ransom Demand After Hack (The Guardian) Hackers have demanded a ransom of €30,000 (£24,000) from Domino's Pizza after stealing personal data on more than 600,000 of its French and Belgian customers. Ruling Raises Stakes for Cyberheist Victims (KrebsOnSecurity) A Missouri firm that unsuccessfully sued its bank to recover $440,000 stolen in
After Akamai acquired Prolexic several months back, a lot of people asked what it would mean in terms of the research we shared. Since then, quite a few Prolexic Security Engineering and Response Team (PLXsert) threat advisories have been published and distributed via the Akamai Blog and Akamai.com's security section. PLXsert monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through attack data forensics and post-attack analysis,
Response to our recently announced product with Cisco has been tremendous thus far. I have met with many customers regarding Akamai Connect, and our team literally gave hundreds of demos at this year's Cisco Live event in San Francisco. It is great to see the high level of interest in Cisco's IWAN with Akamai Connect as companies look to evolve their networks to a hybrid WAN architecture.
The World Cup starts today, and Akamai security researchers are on the lookout for website attacks designed to exploit the event. We've already seen public threats from Anonymous.Related:Internet Disruptions Possible During World Cup 2014Podcast: Online Extortion and World Cup Risks
Microsoft released it's June 2014 Security Update Tuesday. The latest vulnerabilities to be addressed affect everything from Windows, Internet Explorer, Office to Microsoft Lync.
Akamai's PLXSert team has discovered new payloads from the Zeus crimeware kit in the wild, deeming it "high risk" in an advisory released this morning. The advisory says the Zeus framework has evolved from focusing on the harvesting of banking credentials to being used in the control of compromised hosts (zombies) for criminal activity, including distributed denial of service (DDoS) attacks and attacks customized for specific platform-as-a-service (PaaS) and software-as-a-service
This month's Microsoft Patch Tuesday has almost arrived. This time out the tech giant has given advance notification that there will be seven fixes rolled out including two critical patches. The issues that are tackled by these patches are remote execution bugs in Windows, Internet Explorer (versions 6-11 depending on OS level), Office and Lync. I should note that the two critical patches require a system restart after they are
Akamai CSIRT has identified a trend in online extortion that has the potential to impact customer websites and their users. Attackers are using reflected UDP to launch direct-to-origin denial of service attacks at e-commerce sites, then demanding payment to stop the attacks, CSIRT's Mike Kun wrote in an advisory. "We have seen these extortion attempts target e-commerce and retail sites, as well as online collaboration sites, but all sectors are
The OpenSSL Project today disclosed new vulnerabilities in the widely-used OpenSSL library. These are vulnerabilities that can potentially impact OpenSSL clients and servers worldwide. The most interesting is the ChangeCipherSpec Injection, which would enable a man-in-the-middle attack to force weaker ciphers into a communication stream. Akamai SSL services (both Secure Content Delivery and Secure Object Delivery) have been patched for this vulnerability. The other vulnerabilities are relatively uninteresting for our
Akamai Security Advocate Dave Lewis (@gattaca on Twitter) has written a new post for Forbes. He argues that we need to assume that our systems will fail and fail hard. "We need to build network security with failure in mind," he wrote. "There was once a notion of 'bricks and clicks' that was meant to demonstrate a delineation between retail and online presence. This too has fallen by the wayside as
Yesterday was my one-year anniversary at Akamai, and it's been a great learning experience. To measure the journey, I took a look at posts written in the past year. The following compilation captures the lessons that have made the biggest impression so far.
A look at the security issues making headlines so far this week: Phishing campaign touts fake 'Heartbleed removal' tool (Computerworld) The program attached to the emails is actually a keylogger, according to Trend Micro. Iranian Cyberspies Pose as Journalists Online To Ensnare Their Targets (Dark Reading) Cyberspying campaign out of Iran combines social engineering and social media to steal credentials from a wide array of US and Israeli military, government,
Though it's still two months away, this is the time of year when those headed to Black Hat, DEF CON and BSidesLV start fretting over registration, flights and hotel bookings. This year I decided to get a jump on things, and here are a few things I've learned that will hopefully make your lives easier.Akamai security staff will be there in force, and we're certainly looking forward to it.