Akamai Diversity
Home > July 2014

July 2014 Archives

World Cup 2014: The Drama in the Data

The excitement and drama of this year's World Cup combined with huge connected audiences, more devices and higher Internet connection speeds helped drive unprecedented levels of live online video streaming. FIFA itself called the tournament "the biggest multimedia sporting event in history." 

According to Mediaset España, the World Cup drove significant traffic thanks to the increasing use of mobile devices. "We needed to provide our users with high-quality experiences regardless of what device they used or the location from where they accessed our content," explained Jorge Martín Ibarra, IT Director at Mediaset España. Ibarra said they chose to work with Akamai because they "were confident that the breadth of the Akamai cloud services, including high-quality video, site performance and security would improve the viewer experience while watching the tournament."

By helping more than 50 rights-holding customers live stream every match into over 80 countries, Akamai was afforded a unique vantage point of traffic patterns and trends during the tournament (Ok, and maybe catch a match or two while we were at it.). While we're leaving it to the rights holders to reveal details on their respective streaming figures, engagement rates, device usage and the like, we've been able to draw some interesting observations from the overall traffic that was delivered across the Akamai Intelligent Platform. 

The numbers below are all measured in Terabits per second (Tbps). For some simple context, 1 Tbps is the equivalent of downloading the 1981 classic soccer film, "Victory" (Sylvester Stallone, Michael Caine, Pele), 625 times per second.

The Netherlands-Argentina World Cup semifinal traffic peak of 6.9 Tbps is the equivalent of downloading 4,312 copies of "Victory" every second.

The IETF as a Nexus of Cryptography

Thumbnail image for Thumbnail image for rsalz.jpg

The following is a guest post from Akamai Principal Security Engineer Rich Salz.

The Internet Engineering Task Force (IETF) is becoming a center for the application of cryptography. There are a handful of factors contributing to this:

· It is the technical organization that defines the protocols and standards that enable the Internet.
· The recent Snowden revelations that showed how much government spying there is on Internet traffic.
· The IETF response (RFC 7258) to treat pervasive monitoring as an attack that must be mitigated.
· Increasing recognition in the academic community that TLS is an important protocol; papers discussing attacks on it get noticed.

Top Five Web Performance Pitfalls: How to prevent them

Every web site is unique, and each presents its own set of performance challenges and opportunities. These challenges can be exacerbated by perfectly reasonable business goals and site features, which can negatively affect the overall end-user experience. Business requirements (more features/ads), analytics (data beacons), time to market (we want it now), resources and cost constraints are all considerations that should be balanced with their effect on delivering a web experience that meets end-user expectations.

Microsoft and Akamai have teamed up with Jerusalem Venture Partners (JVP) to create a security-focused accelerator program. It's based at the Microsoft Ventures Accelerator in Israel, and interested entrepreneurs and startups can apply now

Startups accepted into the program will be announced Sept. 7 and the class will run through January.

Security in the News, July 28

A look at security stories in the news that are relevant to Akamai customers and beyond.

Akamai has once again been chosen to help protect the leading global broadcasters, advertisers, partners and sponsors' sites for this year's World Cup. This has given us the opportunity to capture an incredible amount of data for analyzing specific trends.

BSidesLV Speaker Schedule, Shuttle Info, Etc.

The schedule for BSidesLV is out, along with details on a shuttle service that will transport attendees from the BSides venue to points throughout Las Vegas. Some of the speaker schedule is below, followed by the transportation and party details.

George Orwell once said, "International football is the continuation of war by other means" - as we will demonstrate in this post - Mr. Orwell was spot-on, according to statistics on web application layer attacks collected by Akamai's Cloud Security Intelligence platform, the 2014 world cup soccer matches spurred sophisticated cyber attacks between soccer-fan-hackers of competing sides.

In this episode of the Akamai Security Podcast, I talk to Adi Ludmer, a senior researcher from Akamai's security engineering team in Tel Aviv, Israel. He discusses the daily role his team plays in keeping Akamai customers secure, and shares some of the research he's currently focused on.


Highlights of Prolexic Attack Report for Q2 2014

As attacks go, the second quarter of 2014 was quieter than the first. But when you compare the numbers to this time last year, that's of little comfort. According to Prolexic's newly-released attack report for Q2 2014, the rate of DDoS attacks rose 22 percent over the second quarter of 2013.

The report is now available for download HERE.

Web Security in the News, July 21

A look at security stories in the news that are relevant to Akamai customers and beyond.

How would you rate your last "Mobile Moment"?

One of the best parts of my job is speaking with our customers about their business challenges, and my favorite topic is the mobile user experience. Recently I spoke with the CEO of one of our financial services customers about their challenge to understand and deliver the right mobile experience to both the phone and the tablet.

Like many discussion around mobile experience, your top-of-mind thoughts and ideas come not from scientific market research or customer polls, but directly from your own personal experience - in this case, the CEO's most recent "mobile moment".

Oracle Releases Massive Security Update

Note: Akamai CSIRT member Larry Cashdollar contributed to Oracle's latest CPU. He appears in the advisory credits. We always knew he'd be famous!

Oracle has released a monster Critical Patch Update (CPU) -- 113 security fixes in all affecting a vast portion of the company's product line.

In a blog post outlining the fixes, Oracle's Eric Maurice wrote:

This Critical Patch Update provides 113 new security fixes across a wide range of product families including: Oracle Database, Oracle Fusion Middleware, Oracle Hyperion, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle Industry Applications, Oracle Java SE, Oracle Linux and Virtualization, Oracle MySQL, and Oracle and Sun Systems Products Suite.

Here's the full list of products affected:

A Tale of Mobile Waiting

A few weeks back at the Velocity Conference, Akamai's own Guy Podjarny released a little book he wrote on the intersection of responsive web design and performance. Many of you have downloaded it, but if not, I urge you to do so here.

But if you weren't at Velocity, and in particular weren't around for Guy's keynote; then you missed a very special "Book Reading" (and a pretty special hat) by (on) the author himself.

Akamai at RSA Conference Asia Pacific & Japan 2014

Several people from Akamai's InfoSec team will be at RSA Conference Asia Pacific & Japan July 22 and 23 at Marina Bay Sands, Singapore. 

You can visit us at Booth G7 and see live attacks against protected Web properties using multiple popular attack methods. You can also schedule a private meeting with us so we can update you on recent enhancements and answer any specific questions you may have about Akamai, our security solutions and the recent Prolexic acquisition.

We'll also be giving some talks. Here's a roundup:

Welcome to the Future

This has been an amazing year in online video streaming at Akamai. Between the 96 live games of the Sochi Olympics, the 64 games of the World Cup, and a variety of other high profile live streaming events (remember the Super Bowl?), the Akamai support teams have certainly earned a summer vacation. Of course, since Akamai supports a lot more web activity above and beyond these high profile events every day, some of the team members are going to have to stick around, because the Internet does not take vacations.
All companies with a web presence want search engines to crawl their sites and index their content because it's the easiest way to drive traffic, improve visibility and increase business.

The fact is that companies want search engines to crawl their site on a regular basis and index as much content as possible. As such, they usually assume that all search engine requests are legitimate and really don't pay much attention to them.

Security Kahuna Podcast, Episode 1

Episode 1 summary: In the first episode of the Security Kahuna Podcast, Bill Brenner, Dave Lewis and Martin McKeay discuss the big security issues of the day.

They've been friends for a decade and have collaborated on many projects in the security industry. They've been working together at Akamai for just over a year. They figured the time was right to start doing a podcast together, discussing all manner of useful security topics.

What could possibly go wrong?

Access Episode 1 HERE.


Volunteers Needed for BSidesLV 2014

The Fifth Annual BSidesLV will be held in Las Vegas Aug. 5 and 6 at Tuscany Suites & Casino, 255 East Flamingo Rd. Las Vegas, NV. It runs at the same time Black Hat is going on down the street at Mandalay Bay, but it's definitely worth your time.

Unlike previous years, which offered pre-registration for a token refunded fee, this year there will be no pre-registration. Badges will be offered days of the show on a first-come, first-served, walk-in basis. It's a big venue and I seriously doubt anyone will be turned away.

But if you really want to secure a badge in advance, there are ways to do it.

Akamai Security Storytelling: An Update

It's been awhile since I updated you on our Akamai security storytelling efforts. A lot of awesomeness is afoot. We're writing public versions of our compliance documentation, launching a new podcast, shooting five new videos and spreading the word at several upcoming security conferences.

Pitch. Presentation. Proposal.

Getting people to say they're interested in an idea is easy.

Getting people to commit to an idea is hard.

Let's talk about the difference between a Pitch, a Presentation, and a Proposal.

Blackshades RAT is a Serious Threat

Akamai's Prolexic Security Engineering & Research Team (PLXsert) is warning companies of stealth surveillance and computer hijacking attacks by the Blackshades Remote Administration Tool (RAT) crimeware kit.

When malicious actors infect machines with the Blackshades RAT malware, they gain the ability monitor video and audio data, record keylogging information from the user, and harvest sensitive credentials to banking, email, websites and applications. Remote access capabilities also let attackers hijack victim machines to run executables and lock out owners' file access, according to an advisory released this morning.

Microsoft's July 2014 Patch Load

Microsoft released its July 2014 Security Update a few minutes ago. The latest vulnerabilities to be addressed affect everything from Windows and Internet Explorer to Microsoft Server Software.

Here's the software giant's patching chart for the month:

No holidays for cybercriminals

This year marks the 10th anniversary of the Great Singapore Sale (GSS). Over the years, we have seen how the annual event has evolved - from expanding into the heartlands to retailers moving online, attracting more customers.

Shopping has long been recognised as a national pastime for Singaporeans, with eCommerce fast becoming a norm. PayPal observed a 12% year-on-year increase in purchases made by online shoppers in Singapore during the year-end holidays of 2013, largely driven by Singaporeans attracted to overseas sale seasons like Black Friday in America and the Chinese New Year sales in China.

DEF CON Speaker Schedule is Live

The speaker schedule for DEF CON is now live on the event website. What follows are the talks that look particularly interesting. 

Note: What's listed is based on what interests me personally. It is not a full list, nor do I speak for the many Akamai colleagues who will also be there next month. 

"Stand still at your own risk."

The warning from Cheryl Ainoa of Intuit stood starkly on the MainStage screen at the Velocity Conference 2014 in Santa Clara, California. Not an uncommon warning of course - certainly not anything that those in the audience had not heard before. But what followed, advice from a company that has itself survived several significant market disruptions since the 80s was both valuable and actionable.

Talks of Interest at Black Hat USA 2014

A month from now I'll be at Black Hat USA 2014 with many of my Akamai colleagues. It's time to start thinking about the talks that will be most relevant to our interests. To that end, here's a look at some of the more interesting items on the agenda so far.

Note: This is not the full agenda, nor is it an objective list. It captures the talks that look most interesting to me. 

Source: The Black Hat USA 2014 website

Tl;dr version: Last week at the Velocity Conference I saw a 7 year old girl (and her father) make a presentation and get a standing ovation. 

 Got your attention now?

The following post is part two of a two-part series exploring cloud-based media workflows.

In part 1 of "Cloud Based Media Workflows," Barrett Mononen made the case that the cloud offers opportunities to address the complexity of your online media workflow. He noted that the cloud alone doesn't guarantee success -- that you must take a thoughtful, pragmatic approach to realize the greatest business benefits from the cloud.

In this post, I'd like to discuss a more technical view to online media workflows, but first let's set the stage.