Akamai Diversity

The Akamai Blog

October 2014 Archives

Akamai

Akamai

October 30, 2014 2:54 PM

Preparing for the Holidays: Security Trends

Last time in our "Preparing for the Holidays" series, we focused on what you should know about mobile trends. And as promised, we're back at it with some more trends you should be aware of. This time, it's all about security. If security hasn't been top of mind in the past, it certainly is (or should be) now, given the number of high-profile breaches we've seen over the past

Akamai

Akamai

October 29, 2014 5:05 AM

Security Kahuna Podcast: From Heartbleed to Shellsho ...

In this latest episode, I talk to Akamai Security Advocates Dave Lewis and Martin McKeay about the increased frequency of severe vulnerabilities affecting SSL and related technology.We start with the most recent case, Poodle, and move on to Shellshock and Heartbleed. A full list of resources for all of these incidents can be found here.We also look ahead to potential security trends in 2015.Listen here.

Bill Brenner

Bill Brenner

October 27, 2014 5:19 AM

Poodle (CVE-2014-3566) Attack and Mitigation Details ...

Akamai's Prolexic Security Engineering & Research Team (PLXsert) issued a new advisory Monday that provides a full analysis of the Poodle vulnerability, including actions companies can take to blunt the impact. It's the latest in a series of postings Akamai has done to keep the public informed of its Poodle response. In addition to reviewing this new advisory, please refer to the following posts as well: Poodle FAQ: What Akamai

Akamai

Akamai

October 24, 2014 11:00 AM

Preparing for the Holidays: Mobile Trends

While the holiday season may seem far off to consumers, retailers know all too well that it has already begun. But just as the hot toy changes from year to year, so do the issues that retailers face. It's never too early to prepare for the holiday rush, so over the next few weeks we'll be sharing what you should know when it comes to mobile and security trends and

Akamai

Akamai

October 23, 2014 3:33 PM

Akamai PLXsert's Q3 2014 State of the Internet - Sec ...

CAMBRIDGE, Mass. - October 23, 2014 - Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today announced availability of the Q3 2014 State of the Internet - Security Report. Akamai's Prolexic Security Engineering and Research Team (PLXsert) is a recognized leader in Distributed Denial of Service (DDoS) protection services and strategies. This quarter's report, which provides analysis and insight

Bill Brenner

Bill Brenner

October 23, 2014 6:30 AM

Akamai PLXsert's Q3 2014 State of the Internet Repor ...

Today we've launched the first all-security edition of the State of the Internet report. State of the Internet also has its own website now, where readers can delve into Akamai's threat intelligence, threat advisories, data visualizations and more. Highlights of the security edition for Q3 2014 include a four-fold year-over-year increase in DDoS attack size and volume; new attacks targeting hand-held devices and the proliferation of easy-to-use attack tools. Download

Bill Brenner

Bill Brenner

October 22, 2014 5:16 AM

Podcast: Websites Attacked Via 3rd-Party Services, W ...

In the latest episode of the Akamai Security Podcast, I talk to CSIRT Manager Mike Kun about what he calls an "interesting new attack vector" where bad actors forgo direct attacks against websites in favor of targeting third-party services the site is using. "Rather than go against a target directly, bad actors are looking at what other services that website is using," Kun explains. "A simple one is DNS. If

Akamai

Akamai

October 21, 2014 10:37 AM

The Changing Requirements of Application Delivery So ...

The correlation between the success of a company and its operational agility is no secret - the faster an enterprise is able to tackle new challenges and introduce new innovations, the more likely it is to be successful in those areas. The rapid pace of technological developments in the modern world has introduced wrinkles to this paradigm and left many businesses shackled to old methods of networking and legacy

Akamai

Akamai

October 21, 2014 5:11 AM

Poodle, Shellshock and Heartbleed: Resources

It's been a year of major security vulnerabilities. Last week we worked to mitigate the Poodle vulnerability. Two weeks before that was Shellshock and in April we had Heartbleed. All have shaken the security industry to the core, and Akamai staff have spent countless hours working to protect customers against these threats.To get a wider perspective of our actions in the face of such incidents, here's a collection of resources

Bill Brenner

Bill Brenner

October 20, 2014 8:33 AM

Akamai InfoSec at BASC 2014

The Boston Application Security Conference (BASC) was this past weekend, and Patrick Laverty from Akamai InfoSec's CSIRT team gave a talk called "How Hackers View Your Web Site." Patrick recorded the talk and posted it on his YouTube channel. Like everything he does, it's quite good. So I'm sharing it here. Laverty described his talk this way:"As defenders, we have to be right 100% of the time where an attacker

Amanda Fakhreddine

Amanda Fakhreddine

October 17, 2014 2:23 PM

The Best of #AkamaiEdge 2014!

Akamai Edge 2014 may have wrapped up last week, but it's all we can think about! We had such a great time with all of you in Miami, and we hope you had a great time with us as well. With over 1,500 attendees, it was our largest Akamai Edge yet. Ready to relive a little bit of it? Check out our social story! What was your favorite part of

Bill Brenner

Bill Brenner

October 16, 2014 8:35 PM

Poodle FAQ: What Akamai Customers Need to Know

The Poodle attack (CVE-2014-3566) raised many questions from our customers, peers, auditors, and prospects. This post addresses some of the most frequently asked questions, and provides an update on how Akamai is handling its operations during this industry-wide event. For a basic background on Poodle, please read Akamai CSO Andy Ellis's overview blog post, or Akamai Security Researcher Daniel Franke's in-depth analysis.

Bill Brenner

Bill Brenner

October 15, 2014 5:30 PM

UPnP Devices Used in DDoS Attacks

Attackers are using Universal Plug and Play (UPnP) devices to launch massive DDoS assaults, Akamai's Prolexic Security Engineering & Research Team (PLXsert) warned this morning in an advisory.PLXsert estimates that 4.1 million UPnP devices are potentially vulnerable to exploits used for reflection DDoS attacks. That's about 38 percent of the 11 million devices in use around the world. PLXsert plans to share the list of potentially exploitable devices to

Andy Ellis

Andy Ellis

October 14, 2014 6:48 PM

SSL is dead, long live TLS

An attack affectionately known as "POODLE" (Padding Oracle On Downgraded Legacy Encryption), should put a stake in the heart of SSL, and move the world forward to TLS. There are two interesting vulnerabilities: POODLE, and the SSL/TLS versioning fallback mechanism. Both of these vulnerabilities are discussed in detail in the initial disclosure. POODLE POODLE is a chosen-plaintext attack similar in effect to BREACH; an adversary who can trigger requests from

Bill Brenner

Bill Brenner

October 14, 2014 5:12 PM

Excerpt: How POODLE Happened

The following is an excerpt from Akamai Security Researcher Daniel Franke's blog post on the POODLE vulnerability.  Bodo Möller, Thai Duong, and Krzysztof Kotowicz have just broken the internet again with POODLE, a new and devastating attack against SSL. POODLE, an acronym for Padding Oracle On Downgraded Legacy Encryption, permits a man-in-the-middle attacker to rapidly decrypt any browser session which utilizes SSL v3.0 -- or, as is generally the case,

Bill Brenner

Bill Brenner

October 14, 2014 2:46 PM

Your Microsoft Patch Update for October 2014

Microsoft released its October 2014 Security Update Tuesday. Windows, Internet Explorer, Office, Developer Tools and .NET Framework are among the items affected.Here is the full patch matrix:

Akamai

Akamai

October 14, 2014 11:00 AM

Internet Hygiene: What web applications vulnerabilit ...

When you consider security solutions, there is no catchall Internet security solution that addresses every web application security challenge. A multi-layered approach to Internet security is the most effective way to guard against all types of cyber-attacks, including DDoS, application-layer attacks and data breaches. But this is much more security technology and tools. You need to add what we call "Internet hygiene" to your defenses - taking internal measures to

Bill Brenner

Bill Brenner

October 14, 2014 5:31 AM

Five Good Security Articles

Articles I'm reading include such topics as the mounting cost of social engineering, the Mayhem Botnet's exploitation of Shellshock, and some tips for better security in the healthcare industry.

Bill Brenner

Bill Brenner

October 7, 2014 5:54 AM

Akamai University: FedRAMP 101

Akamai Edge 2014 continues today with the second day of Akamai University and API Boot camp. To coincide with this, I'm running two security lessons that are part of an upcoming video series. This is the final installment, and was written by Akamai program managers James Salerno and Dan Philpott.First installment: Vulnerability Management vs. Penetration Testing

Bill Brenner

Bill Brenner

October 6, 2014 9:32 AM

Akamai University: Vulnerability Management vs. Pen ...

Akamai Edge 2014 begins today and tomorrow with two days of Akamai University and API Boot camp. To coincide with this, I'm running two security lessons that are part of an upcoming video series. This is the first installment, written by Akamai CSIRT researcher Patrick Laverty.

Bill Brenner

Bill Brenner

October 6, 2014 5:40 AM

Akamai Edge 2014: Shellshock and Heartbleed Resource ...

Akamai Edge attendees will hear the names of two security vulnerabilities a lot this week: Shellshock and Heartbleed. Both shook the security industry to the core this year, and Akamai security staff spent countless hours working to protect customers against these threats.Before Edge gets underway, here are some resources to get familiar with what we've done to address the threats.More on the Web Security Track at Akamai Edge 2014:Akamai Edge

Chris Nicholson

Chris Nicholson

October 3, 2014 12:00 PM

Akamai/Vubiquity Win MCN Innovator Award

We're thrilled that Multichannel News has recognized Akamai's joint Content-as-a-Service (CaaS) offering with Vubiquity as one of its inaugural Innovator Award winners. According to the publication, the awards are intended to "honor distinctive new products at the 2014 SCTE Cable-Tec Expo," which took place in Denver this week. Winners were "selected by a panel of cable executives and Multichannel News contributors."

Manuel Alvarez

Manuel Alvarez

October 3, 2014 7:38 AM

The Power of the Community

A couple weeks ago, I had the pleasure to deliver an Ignite session at WebPerfDays NY. In my talk, I explained how humans have reached the top of the food chain by managing knowledge in better ways than other species (slides). One of the key differentiators in human management of knowledge is how we interact with one another socially. Bees don't tell bees from a different beehive where to find

Thomas Orthbandt

Thomas Orthbandt

October 2, 2014 12:16 PM

DNS DDoS Takes Down Hong Kong Paper

The ongoing protests in Hong Kong are attracting worldwide attention. Less visible is a connection to the ongoing DNS-based DDoS attacks that started early this year. On Sunday, Sept 28 attackers used DNS based DDoS to target Passion Times, a local Hong Kong newspaper (http://www.passiontimes.hk/). The site was brought down for most of the day and had to resort to Facebook (https://www.facebook.com/passiontimes) in order to get the news out.

Akamai

Akamai

October 2, 2014 11:41 AM

Akamai Launches New Protection for Shellshock-Bash

Akamai has created custom rules to help protect customers from the Shellshock-Bash vulnerabilities. The official names of these vulnerabilities and the WAF rules to address them are as follows:

David Theobald

David Theobald

October 2, 2014 8:59 AM

Introducing Cloudlets: Value-Added Applications in t ...

Remember Saved by the Bell? You know, Zack Morris, A.C. Slater, Screech and the gang from the early 90's Saturday morning TV show? Mindlessly flipping through the late night channels, I landed on the episode in which Lisa Turtle (Lark Voorhies) was trying to impress a "scholarly gentleman" by posing deep questions about life: "What is art? Are we art? Is art, art?"

Akamai

Akamai

October 2, 2014 6:46 AM

Shellshock CVE-2014-6277 and CVE-2014-6278 Details R ...

Yesterday, we released an article on Akamai's security site detailing all of the CVE advisories now in circulation for Shellshock, and how they relate to Akamai's mitigation strategies. At the time we published, details had not yet been released for two of the six advisories -- CVE-2014-6277 and CVE-2014-6278. Late yesterday, those details were finally released.

Andy Ellis

Andy Ellis

October 1, 2014 3:59 PM

Shellshock Update

The Shellshock vulnerability, originally announced as one critical issue in bash that allowed an adversary to execute arbitrary code, has grown from one vulnerability to six in the last week. For background on Shellshock, we've collected an overview and list of the vulnerabilities; for some history on Akamai's initial responses, read our original blog post. Shellshock raised a lot of questions among our customers, peers, auditors, and prospects. This