Get In Touch
January 2015 Archives
For content distribution of its live stream of Super Bowl XLIX, NBC Sports Digital has again turned to Akamai to help deliver the online experience through its NBC Sports Live Extra streaming service. Live events and live sports are not unfamiliar to us at Akamai. We just wrapped up 2014 with record traffic and viewership for multi-day events including the Winter Olympics and the World Cup.
On Tuesday, Akamai learned about and published a blog post highlighting a public vulnerability in the GNU C Library that could be exploited and used to take remote control of vulnerable Linux systems. Today, following our internal investigation, we have some additional information to share. How Is Akamai protected? Akamai's engineers have examined the primary software components that power the Akamai platform and to date have found they are not
The Q4 2014 State of the Internet - Security report is out today. We've previewed sections this past week (see sidebar below), but now we can share some numbers. PREVIEW POSTS: Coming 1/29: Q4 2014 State of the Internet Security EditionMalware Evolution: A HistoryThe Trouble With Bots, Spiders and ScrapersTCP Flag DDoS Attack by Lizard Squad Indicates DDoS Tool Development
By Patrick Laverty, Clark Shishido, Dave Lewis, Mike Kun, Larry Cashdollar and Bill Brenner We're always concerned about where the next attack is coming from. We worry about DDoS, SQL injection, defacements and a host of other attack techniques. One attack in particular can bypass even the best security protections and give attackers the keys to the kingdom. That attack is called DNS Hijacking. This happens when attackers gain access
In the third quarter of 2013, the State of the Internet Report started to include insight into IPv6 adoption based on data gathered from across the Akamai Intelligent Platform™. Throughout the last year, we've seen impressive growth rates across the top countries and network providers on both a quarterly and yearly basis as native IPv6 connectivity is made available to more end users.
Last month, we released three new security whiteboard videos. Here's the whole package, for your viewing pleasure and ongoing security education. At Akamai, incidents happen daily. Despite strong controls, it's inevitable that problems will arise when so much content is being handled, processed and distributed within Akamai and on behalf of customers. To deal with that reality, the company has a set of procedures to manage incidents as they materialize.
A public vulnerability in the GNU C Library that could be exploited to take remote control of vulnerable Linux systems was recently disclosed. Akamai is aware of this disclosure and is currently evaluating its exposure to this vulnerability, if any. Specifically, the problem is a heap-based buffer overflow in the glibc's __nss_hostname_digits_dots() function used in gethostbyname() and gethostbyname2() glibc function calls. The vulnerability, commonly known as "Ghost" in the media,
A blizzard rages outside as I write this, and the governor of Massachusetts has banned travel on the roads. Many of us from Akamai's Cambridge headquarters will spend today at home, and possibly tomorrow.But Akamai will continue to run. Being spread across the globe makes that a given. It illustrates the power of redundancy.
Yesterday, my colleague Michael Smith shared a write-up on Akamai's Luna Authentication and Authorization services, telling his Twitter followers: "This will save your life if you are an Akamai customer. Set it up now." It is an important part of what we offer, and a refresher course is appropriate here as well. So here we go:
We continue to preview sections of the Q4 State of the Internet - Security Report due out next week. Last week we told you about a DDoS attack from a group claiming to be Lizard Squad and the unintended consequences of many bots, spiders and scrapers. Tuesday, we shared a history of malware evolution. Today, we preview the Attack Metrics/Trends section of the report, and what we see for the future.
Yesterday in Tel Aviv, investors, VCs, and entrepreneurial supporters watched as six cybersecurity startups presented their businesses. These companies have just completed the Microsoft Ventures Accelerator Akamai was proud to partner with Microsoft in this exciting program through business and technical/engineering mentoring as well as financial support. You can read my colleague's post detailing his experience as a technical mentor here.
Through the Akamai-Microsoft cybersecurity accelerator program, I had the privilege to act as a mentor to six cyber-security startups. The accelerator ran through Fall 2014, now coming to an end with the demo-day planned for January 21st, 2015.
The Internet is a far more complex entity than the "series of tubes" image that is often invoked. Similarly, keeping up with the current solutions for your IT infrastructure and modern application delivery, such as the Application Delivery Controller (ADC), may seem equally daunting if you're not staying current with the key terminology; fortunately, Akamai is here to help you navigate the current atmosphere:
With the Q4 State of the Internet - Security Report due out later this month, we continue to preview sections of it. Last week we told you about a DDoS attack from a group claiming to be Lizard Squad and the unintended consequences of many bots, spiders and scrapers. Today, we preview the evolution of malware -- including the way security researchers label it.
With the Q4 State of the Internet - Security Report due out later this month, we continue to preview sections of it. Earlier this week we told you about a DDoS attack from a group claiming to be Lizard Squad. Today we look at how third-party content bots and scrapers are becoming more prevalent as developers seek to gather, store, sort and present a wealth of information available from other
Microsoft's announcement that it will no longer offer advance patch notification to the masses has rekindled the debate over how best to handle vulnerability disclosure. Bill Brenner, Dave Lewis and Martin McKeay discuss this and other issues.Listen to the full episode
A couple of months ago, my colleague Or Katz published an article about an interesting trend that he uncovered, in which Black Hat SEO marketers where abusing Open Redirect vulnerabilities on popular websites to increase the popularity of advertisement sites.
By PLXsert January 12, 2015 'Twas the season for a not-so-jolly DDoS attack from a group claiming to be Lizard Squad - flinging Christmas tree packets as they are commonly known. Details of the DDoS attack indicate the ongoing development of DDoS attack tools. And while not the largest DDoS attack to date, this TCP flag DDoS attack would hinder or completely clog most corporate infrastructures. One packet exhibited the
Our series of posts over the past few weeks covered a number of topics regarding the new world of application delivery, from discussions about the challenges posed by globalization to summaries of the benefits of a Cloud-based application delivery solution. We concluded on how you can move your business forward in terms of application delivery, and now it's important to lay out a number of best-practice techniques for getting the
ShmooCon has always been one of my favorite security conferences. Unfortunately, I can't be there this year. But for those who are going this weekend, here's what to expect.
There has been a huge surge in the demand to access a variety of popular applications via mobile devices. The demand for access to business information and websites through mobile technologies has caused the business managers to drive mobility as part of their business technology. It is becoming imperative for companies to have their content effectively available on the mobile devices.
Akamai Security Advocate Dave Lewis and I made Tripwire's list of "Top Influencers in Security You Should Follow in 2015." For each security practitioner selected, Tripwire included Twitter handles, blog URLs and reasons for selecting the individuals. Tripwire also asked us what infosec-related superpower we wished to have, in keeping with this year's theme of "InfoSec Avengers."Thanks to Tripwire for including us on the list!
Single page apps and hybrid mobile apps share something in common: a rich semi-static wrapper that makes API calls for small objects, normally JSON. It is a performance oriented design pattern where large content is cached as close as possible to the client (Edge server, client cache, etc.) and non-cacheable content is small and can be compressed and minified.
This morning Akamai released its State of the Internet Report for the third quarter of 2014. Here are the security highlights:
Recently, the Akamai Threat Research Team unveiled a unique distributed brute force attack campaign targeting nearly five hundred WordPress applications. What's interesting about this campaign? It clearly demonstrates how Web attackers are becoming more sophisticated, attempting to evade security controls - specifically Web Application Firewalls (WAFs) and rate control protections. Continue reading on "The Security Ledger": https://securityledger.com/2014/12/cat-and-mouse-web-attacks-increasingly-sidestep-waf-protections/
The following PLXsert advisory came out last week, but I'm just back from vacation and catching up on what I missed. This one is high-risk and worth mentioning here. Public dumps of compromised data from several high-profile attacks have fueled an increase in automated and systematic attempts to reuse stolen credentials at multiple websites. The requests show user agents are systematically randomized. One of the most targeted sectors is online
Although our goal was to publish it in mid-December, unexpectedly busy schedules and holiday time off derailed those plans. Fear not, though, as the Q3 2014 State of the Internet Report will be published just after the start of the New Year. As a belated holiday present for our readers, we will also be launching an updated connectivity visualization on the State of the Internet website, a new State of the Internet subspace on
What type of device are you using to read this post right now? No sixth sense is necessary to determine that the answer would range from "laptop," to "smartphone." Nor would it be required to guess that you already have several work-related emails in your inbox that are stamped with "Sent from my iPhone." It's also likely that this has caused controversy amongst the Android users in your life at
The January meeting of OWASP Boston is Wednesday, 6:30 p.m., at Akamai Headquarters -- 150 Broadway, on the 2nd floor. Akamai CSIRT's Patrick Laverty will give a talk called "How a Hacker Views Your Web Site." Laverty offered these details of the talk: As defenders, we have to be right 100 percent of the time where an attacker only needs to be right once. The attack surface of a modern
Although our goal was to publish it in mid-December, unexpectedly busy schedules and holiday time off derailed those plans. Fear not, though, as the Third Quarter, 2014 State of the Internet Report will be published just after the start of the New Year. As a belated holiday present for our readers, we will also be launching an updated connectivity visualization on the State of the Internet Web site, a
2nd of a 2-part blog post. Read the first one now! It's all about the user experience At Akamai, our observation through in-depth discussions with our 150+ SaaS Provider customers, and ongoing engagements with analysts and press, is that the best way for SaaS Providers to increase customer retention and minimize churn is to have a maniacal focus on the end-user experience.
Compiling a full list of security conferences for a 12-month period is hard. There are the obvious ones, like RSA, Black Hat and Defcon. But there are countless more with content and networking opportunities security practitioners can benefit from.To that end, I want to direct you to this excellent list from Henry Dalziel, a security blogger with Concise Courses. It's the most comprehensive list I've ever seen.
I've never been a fan of security predictions, though I've written about them too many times to count. I guess that makes me a hypocrite. I could take the high road and tell you my bosses always make me write about it, but why pass the buck? In the world of tech media, we ALL write about predictions. Call it a case of doing one of those tasks you hate