Get In Touch
July 2014 Archives
The following is a guest post from Akamai Principal Security Engineer Rich Salz.
The Internet Engineering Task Force (IETF) is becoming a center for the application of cryptography. There are a handful of factors contributing to this:
· It is the technical organization that defines the protocols and standards that enable the Internet.
· The recent Snowden revelations that showed how much government spying there is on Internet traffic.
· The IETF response (RFC 7258) to treat pervasive monitoring as an attack that must be mitigated.
· Increasing recognition in the academic community that TLS is an important protocol; papers discussing attacks on it get noticed.
Microsoft and Akamai have teamed up with Jerusalem Venture Partners (JVP) to create a security-focused accelerator program. It's based at the Microsoft Ventures Accelerator in Israel, and interested entrepreneurs and startups can apply now.
Startups accepted into the program will be announced Sept. 7 and the class will run through January.
A look at security stories in the news that are relevant to Akamai customers and beyond.
The schedule for BSidesLV is out, along with details on a shuttle service that will transport attendees from the BSides venue to points throughout Las Vegas. Some of the speaker schedule is below, followed by the transportation and party details.
In this episode of the Akamai Security Podcast, I talk to Adi Ludmer, a senior researcher from Akamai's security engineering team in Tel Aviv, Israel. He discusses the daily role his team plays in keeping Akamai customers secure, and shares some of the research he's currently focused on.
Like many discussion around mobile experience, your top-of-mind thoughts and ideas come not from scientific market research or customer polls, but directly from your own personal experience - in this case, the CEO's most recent "mobile moment".
Note: Akamai CSIRT member Larry Cashdollar contributed to Oracle's latest CPU. He appears in the advisory credits. We always knew he'd be famous!
Oracle has released a monster Critical Patch Update (CPU) -- 113 security fixes in all affecting a vast portion of the company's product line.
In a blog post outlining the fixes, Oracle's Eric Maurice wrote:
This Critical Patch Update provides 113 new security fixes across a wide range of product families including: Oracle Database, Oracle Fusion Middleware, Oracle Hyperion, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle Industry Applications, Oracle Java SE, Oracle Linux and Virtualization, Oracle MySQL, and Oracle and Sun Systems Products Suite.
Here's the full list of products affected:
But if you weren't at Velocity, and in particular weren't around for Guy's keynote; then you missed a very special "Book Reading" (and a pretty special hat) by (on) the author himself.
Several people from Akamai's InfoSec team will be at RSA Conference Asia Pacific & Japan July 22 and 23 at Marina Bay Sands, Singapore.
You can visit us at Booth G7 and see live attacks against protected Web properties using multiple popular attack methods. You can also schedule a private meeting with us so we can update you on recent enhancements and answer any specific questions you may have about Akamai, our security solutions and the recent Prolexic acquisition.
We'll also be giving some talks. Here's a roundup:
The fact is that companies want search engines to crawl their site on a regular basis and index as much content as possible. As such, they usually assume that all search engine requests are legitimate and really don't pay much attention to them.
The Fifth Annual BSidesLV will be held in Las Vegas Aug. 5 and 6 at Tuscany Suites & Casino, 255 East Flamingo Rd. Las Vegas, NV. It runs at the same time Black Hat is going on down the street at Mandalay Bay, but it's definitely worth your time.
Unlike previous years, which offered pre-registration for a token refunded fee, this year there will be no pre-registration. Badges will be offered days of the show on a first-come, first-served, walk-in basis. It's a big venue and I seriously doubt anyone will be turned away.
But if you really want to secure a badge in advance, there are ways to do it.
Getting people to commit to an idea is hard.
Let's talk about the difference between a Pitch, a Presentation, and a Proposal.
Akamai's Prolexic Security Engineering & Research Team (PLXsert) is warning companies of stealth surveillance and computer hijacking attacks by the Blackshades Remote Administration Tool (RAT) crimeware kit.
When malicious actors infect machines with the Blackshades RAT malware, they gain the ability monitor video and audio data, record keylogging information from the user, and harvest sensitive credentials to banking, email, websites and applications. Remote access capabilities also let attackers hijack victim machines to run executables and lock out owners' file access, according to an advisory released this morning.
Shopping has long been recognised as a national pastime for Singaporeans, with eCommerce fast becoming a norm. PayPal observed a 12% year-on-year increase in purchases made by online shoppers in Singapore during the year-end holidays of 2013, largely driven by Singaporeans attracted to overseas sale seasons like Black Friday in America and the Chinese New Year sales in China.
The warning from Cheryl Ainoa of Intuit stood starkly on the MainStage screen at the Velocity Conference 2014 in Santa Clara, California. Not an uncommon warning of course - certainly not anything that those in the audience had not heard before. But what followed, advice from a company that has itself survived several significant market disruptions since the 80s was both valuable and actionable.
A month from now I'll be at Black Hat USA 2014 with many of my Akamai colleagues. It's time to start thinking about the talks that will be most relevant to our interests. To that end, here's a look at some of the more interesting items on the agenda so far.
Note: This is not the full agenda, nor is it an objective list. It captures the talks that look most interesting to me.
Source: The Black Hat USA 2014 website
Tl;dr version: Last week at the Velocity Conference I saw a 7 year old girl (and her father) make a presentation and get a standing ovation.
In part 1 of "Cloud Based Media Workflows," Barrett Mononen made the case that the cloud offers opportunities to address the complexity of your online media workflow. He noted that the cloud alone doesn't guarantee success -- that you must take a thoughtful, pragmatic approach to realize the greatest business benefits from the cloud.
In this post, I'd like to discuss a more technical view to online media workflows, but first let's set the stage.