Get In Touch
February 2015 Archives
In early 2012 something remarkable happened: a call went out for proposals for a new version of HTTP. From the perspective of an Internet whose warp and weft seemingly shift on a daily basis, this may appear to be just one change amongst many, but because of the importance of HTTP in our daily lives, its impact is difficult to overstate. If you are reading this, it is likely
We all know that web site performance is important for companies especially if they operate an e-comm platform to serve consumers. For the end users, a slow site is simply annoying and a major reason to browse elsewhere; there goes the revenue stream.
On Tuesday, February 24th, Akamai had the honor of being a sponsor at the inaugural Lead On: Silicon Valley Conference For Women. 5,000 women attended the event, which featured big name keynote speakers including, Diane Von Furstenberg, Candy Chang, Kara Swisher, Brene Brown and Hillary Clinton, along with two speakers from Akamai - Susan LaPointe (Vice President of Human Resource Operations), and myself! As I have done for previous conferences,
A new attack threatens enterprises and Software-as-a-Service (SaaS) providers: chaotic actors using Joomla servers with a vulnerable Google Maps plugin installed as a platform to launch DDoS assaults. The attack technique was discovered by researchers from Akamai's Prolexic Security Engineering & Research Team (PLXsert), working alongside PhishLabs' Research, Analysis, and Intelligence Division (R.A.I.D). You can download the full advisory from Akamai's State of the Internet website for free.
Akamai security staff will be at RSA Conference 2015 in force, and some of us will be giving talks. A preview:
Last week I told you about my speaking appearances at SecureWorld Boston March 4. There's one schedule change to tell you about:Instead of participating in a panel on emerging threats, I'll be on this panel instead:Protecting Your Data as it Roams, March 4 from 1:15-2:15 p.m. Today your data moves fast and across platforms. Security professionals are charged with protecting valuable information as it moves from data centers to employee
The success of any business is intrinsically linked to its website performance, regardless of the user-agent or user location. The fact that a CDN can help you in delivering the content is a well-established fact. However, resolving in-region (where the origin server is located in close proximity to most end users) performance issues can still be a challenge.
BSides Boston 2015 takes place Saturday, May 9 at Microsoft, and organizers have issued their call for papers. WHAT: Security BSides Boston 2015 Call for Presentations/Papers WHO: Your awesome 45 minute presentation on a security/tech/hacking topic. Marketing/advertising presentations will be rejected. WHEN: Deadline for submissions: March 1st midnight EST WHERE: 1 Cambridge Center, Cambridge, Massachusetts HOW (Format): Talk Title (under 10 words)200ish words abstract with links to any pertinent backup
In two weeks I'll give a presentation and participate in a panel discussion at SecureWorld Boston 2015. The event takes place March 4-5 at the Hynes Convention Center. Akamai is a gold sponsor. My talk, March 4 from 8:30-9:15 a.m., is called "Attack Techniques and Defenses." I'll explain how the bad guys are targeting companies and how to fight back based on threat research and remediation techniques used by Akamai
A look at security news from around the Web. The Great Bank Heist, or Death by 1,000 Cuts? (KrebsonSecurity) A look at the Carbanak gang, which deployed malware via phishing scams to get inside of computers at more than 100 banks and steal upwards of USD $300 million -- possibly as high as USD $1 billion. Google Adds Grace Period for Software Developer to Fix Security Flaws (eWeek) In what
The bad guys are using a fairly new technique to tamper with the Microsoft SQL Server Resolution Protocol (MC-SQLR) and launch DDoS attacks. In an advisory released this morning, Akamai's Prolexic Security Engineering & Response Team (PLXsert) described it as a new type of reflection-based distributed denial of service (DDoS) attack. PLXsert first spotted attackers using the technique in October. Last month, researcher Kurt Aubuchon studied another such attack and
I'm often asked by our customers how their web sites compare to the industry averages, in terms of speed and size. While the numbers vary depending on the business, devices used and audiences, we can leverage the information gathered by httparchive.org to report overall metrics for desktop home pages.
Microsoft has released its February 2015 security bulletin. Windows, Internet Explorer, Group Policy and Office are among the affected items. The full patch matrix is below.More Akamai perspective on patching and vulnerability management:Akamai University: Vulnerability Management vs. Pen TestingTen Years After the Blaster WormBug Bounty Programs: A Turning Point for Microsoft
Awhile back, after we ran a post about SEA's phishing activities and DNS attacks, my old friend Dave Marcus -- director and chief architect of McAfee's Federal Advanced Program Group -- took issue with our advice that companies continue to push for better security awareness among employees and customers.
Having been asked to speak at a security event in Boston next month, I find myself thinking about the art of public speaking. Whether you're in sales, marketing, InfoSec or finance, it's increasingly important to have the ability to get in front of a crowd and articulate your message. The Akamai InfoSec team must do so at orientations for new employees, along with HR and other departments. And some of
Nearly two years ago, we published the blog post "Clarifying State of the Internet Report Metrics," which served as a great reference for those interested in finding out more about the metrics published within the State of the Internet Report. Since the report has evolved, we're releasing an update to clarify existing metrics and review new ones, with the goal of minimizing confusion about terms and data in the report.
Nearly two years ago, we published a blog post titled "Clarifying State of the Internet Report Metrics", and it has served as a great reference for those interested in finding out more about the metrics published within the State of the Internet Report. However, as the report has evolved over the last several years, we thought it would be worth publishing an update to clarify existing metrics and review new
I've seen way too many security advisories over the years to count. The more critical the issue, the more publishable it was. But that was my perspective as a journalist working for news organizations. In the current role, I'm seeing things from the beginning of the internal vetting process. There's a lot we want to make public, but there's a lot we have to keep to ourselves.
During my time as CSOonline's Salted Hash blogger, I wrote something I'd forgotten about until rediscovering it the other day. Three years after writing it, I think this post is still relevant.
2015 "Big Game" ads can cost up to $4.5 million apiece. I believe most of the broadcasters, advertisers, partners and sponsors planned for their investment to help drive users to their respective web sites and generate significant social media buzz.
Five security articles worth your time...US top developer of risky mobile applications (CSOonline) A new report identifies the U.S. as the top developer of malicious and privacy-intruding applications, a finding that contrasts with conventional wisdom that often places the problem squarely in Asia. 2014 cyberattack to cost Sony $35M in IT repairs (Computerworld) Sony has put an estimate to the damage caused by the massive cyberattack against Sony Pictures Entertainment
NBC Sports Digital's live stream of the Super Bowl last Sunday didn't disappoint; records were broken on the field and online. Tom Brady set Super Bowl records for most completions in a game and most career touchdown passes. Meanwhile, NBC Sports Live Extra averaged a Super Bowl record-breaking 800,000 viewers per minute and peak of 1.3 million concurrent users across desktops and tablets.
This year, Akamai Technologies was once again chosen to protect and deliver a high performing experience for the Super Bowl by many customers who either broadcasted, advertised or showcased scores for the big game on Sunday Feb 1st. In doing so, we were afforded a unique look into various traffic patterns across industries on the Internet. Here are a few of the more interesting statistics.
My friend Jennifer Minella is doing a series where she asks folks from the security community about three books that changed their lives. She kicks it off with me. Here's what she has to say about the series: My goals for the year mean some drastic changes to the type of content you're used to seeing from me. One of these goals is to highlight the human aspect of professionals