Get In Touch
December 2014 Archives
In our last blog post, we discussed aesthetics, and online and mobile merchant site responsiveness. Here is the second and final half of our installment: Did the site make as much revenue as it could have?
Part 1 of a 2-Part Blog Series The peak holiday online shopping season is in full-force now. Most eCommerce merchants spent months preparing their sites for an onslaught of the web traffic they both hope for - and fear, depending on their role in the organization. If you are in business management (i.e., CIO, CMO or VP of Ecommerce) you'll want to encourage as much traffic as possible to
The genre of Science Fiction and its contributors has given us plenty of glimpses into what the future of mobile devices might look like, from the hand-held communicators of "Star Trek" that inspired the first cellular flip phones to both cinema and comic-inspired wearable devices. However, compared to the smartphones and other devices that are currently on the market, these formerly advanced devices of the past now look and
While eCommerce certainly continued to grow year-over-year this holiday season, reports about growth numbers are a mixed bag, depending on who you ask. One thing is for certain, though: Mobile commerce hit its stride this year.
Beyond all the hype, industry reorientations and analyst projections, the emergence of cloud computing as a common internal business tool (whether authorized CRM and data management applications or unauthorized note-taking and organizational tools) is an interesting example of companies following where their employees have led.
Akamai's Prolexic Security Engineering & Response Team (PLXsert) has issued a new advisory about a Xsser mobile remote access Trojan (mRAT) attackers are using to target iOS and Android devices. The Xsser mRAT is spread through man-in-the-middle and phishing attacks and may involve cellphone tower eavesdropping for location-specific attacks.
Vulnerability assessment and pen testing both deal with finding and fixing security holes. But they are not the same thing. In this whiteboard presentation, Akamai security researcher Patrick Laverty explains the differences between the two, and how both are critical to the vulnerability management process at Akamai.
At Akamai, incidents happen daily. Despite strong controls, it's inevitable that problems will arise when so much content is being handled, processed and distributed within Akamai and on behalf of customers. To deal with that reality, the company has a set of procedures to manage incidents as they materialize. Most incidents are resolved by small interventions in the network. In this whiteboard presentation, Bill Brenner gives an overview.
In this whiteboard presentation, Akamai InfoSec Program Manager James Salerno explains what FedRAMP is, why it was created and why it's become an important part of Akamai's security compliance process.
Video growth is overwhelming the enterprise network. We have all been there. At work trying to watch the live company all-hands video, or the latest training, or perhaps even the latest YouTube video. But all we end up with are pixelated videos that take forever to start and constantly re-buffer. The workplace video experience can be abysmal if the WAN is not ready. Most of us will avoid a painful
The following was written by CSIRT Manager Mike Kun:While investigating an attack against an Akamai customer, Akamai's CSIRT discovered a server hosting a web-based attack tool -- a variant of the account checker tool first discovered in 2012.
Purging URLs at the Edge when its underlying content changes at the origin infrastructure may seem to be the best way to manage a website dynamic content. Or is it? In this post, we'll explore the pros and cons of purging, and offer an alternative when appropriate.
Microsoft released its security bulletin for December 2014 this week, fixing security holes in Windows, Exchange, Office and Internet Explorer. The full patch matrix is below.More Akamai perspective on patching and vulnerability management:Akamai University: Vulnerability Management vs. Pen TestingTen Years After the Blaster WormBug Bounty Programs: A Turning Point for Microsoft
The following advisory was written by CSIRT Manager Mike Kun:We are aware of a newly-announced vulnerability found by Adam Langley and Brian Smith in some implementations of the TLS 1.x protocol that allows for a man-in-the-middle attack. This can result in insecure compromised transactions over TLS 1.x. For more details, read the original article.
As enterprises further embrace cloud environments for both business and mission critical applications, it is important to have easier ways to connect with other cloud based services. Akamai recognizes this need and this is why we are excited to announce our participation as a Silver sponsor of the Cloud Foundry Foundation. Cloud Foundry is an open source Platform as a Service (PaaS) that provides capabilities to distribute applications to one
In the latest episode of the Security Kahuna Podcast, Dave Lewis, Martin McKeay and I discuss the security breach at Sony, lawsuits between the banks and Target, and much more. Rather than give the latest victims a lashing over mistakes that allowed the breach to happen, we focus on the lessons learned and how companies can better protect themselves going forward.Listen to the full episode
Microsoft has released a preview of the security bulletin it plans to release Tuesday, Dec. 9, 2014. If the plan holds, the software giant will release seven bulletins -- three of them for critical vulnerabilities in Windows, Office and Internet Explorer. The full preview is below.More Akamai perspective on patching and vulnerability management:Akamai University: Vulnerability Management vs. Pen TestingTen Years After the Blaster WormBug Bounty Programs: A Turning Point for
1st of a 2-part blog post SaaS is growing like crazy. We have all observed the fact that the SaaS market has experienced tremendous growth over the course of the past few years, and that rapid growth is forecasted to continue for the next several years.
Because Akamai is trusted by thousands of online retailers, and in fact all of the 20 top global eCommerce sites, we see and analyze enormous amounts of attack data during events such as Black Friday. This year we tracked requests coming into dozens of online retailers over 24 hour periods for each of the 5 Fridays leading up to Black Friday. During that period we analyzed 4.2 billion HTTP
I recently sat down for a discussion with Contrast Security CTO Jeff Williams, host of the Security Influencer Podcast. We covered a lot of ground, including the most recent data breaches making news and the recent uptick in attacks against third-party web services.Access the podcast and interview transcript here
We are committed to investing in the education of our future innovators. In the spirit of the holiday season, we are proud to contribute to: Code.Org Room To Read Plan International With a charitable donation in our customers' names!
A Bitcoin extortion campaign is underway, launched by a group of bad actors calling themselves DD4BC. The group repeatedly tried to blackmail Bitcoin exchanges and gaming sites -- threatening victims with DDoS attacks in order to extort bitcoins. Akamai's Prolexic Security Engineering and Response Team (PLXsert) reports the following:
The Boston chapter of OWASP (Open Web Application Security Project) will have its next meeting at Akamai headquarters the evening of Wednesday, Dec. 3. Details are available on the OWASP Boston website, but here's a summary of the agenda:
Akamai has observed a fresh wave of DNS poisoning attacks, where web sites are hijacked and placed under the control of malicious actors. It's a tactic Akamai has seen before, and there are ways for companies to defend themselves.Anatomy of attacks The Domain Name System (DNS) converts the text of a domain name (ie. akamai.com) to the server's IP address. Using DNS hijacking, a malicious user is able to update