Get In Touch
March 2015 Archives
Welcome to the inaugural episode of Akamai's State of the Internet Security Podcast. This will be an ongoing podcast series where I talk to Akamai security researchers about the threats they are tracking and the defenses they identify.
Episode 1 takes us to a fairly new attack technique that exploits Microsoft's SQL Server Resolution Protocol.
Our research team recently discovered that the bad guys are using a reflection-based tactic to tamper with the Microsoft SQL Server Resolution Protocol and launch DDoS attacks.
Akamai first spotted attackers using the technique in October. But last month an independent researcher studied another such attack and we were able to replicate it by creating a script based on Scapy, an open-source packet manipulation tool.
Joining me to talk about this is Akamai PLXSert Principal Researcher Rod Soto.
Akamai is aware that details are now available for the OpenSSL vulnerabilities we first told you about on Tuesday. The full OpenSSL Security Advisory is available here and outlines 14 different issues.
At this time, most of the issues don't appear to affect Akamai, though we continue to investigate.
One of the high-severity vulnerabilities affects OpenSSL v1.0.2., which Akamai does not yet use.
If our investigation uncovers additional risks, we will use additional blog posts and Luna advisories to update customers on how we are affected and what we're doing about it.
More Akamai perspective on patching and vulnerability management:
The experience your customers have while interacting with your company's online presence says so much about your business, its priorities, and your brand. Whether your company conducts online transactions or not, performance optimization have become more of a "need" than a "want". A slow performing web site is bound to have less engagement among critical audiences, lower transaction volume, degraded brand fidelity, and higher bounce rates. In this post, we will talk about some of the key considerations when evaluating web performance technologies and vendors.
In June 2013, Akamai announced the latest release of Ion. Ion is a solution that's designed to meet the unique challenges of optimizing the desktop and mobile web experiences. One feature of Ion is a capability known as Real User Monitoring (RUM). RUM takes performance measurements from real web users to provide developers with insights into performance across a multitude of devices and networks. Ideally, RUM is used in tandem with synthetic testing to generate a comprehensive picture of a user's web experience to help developers best calibrate their applications.
Akamai is aware of an announcement from OpenSSL revealing vulnerabilities in the OpenSSL stack.
Based on information provided by the OpenSSL team, the high-severity vulnerability only affects OpenSSL v1.0.2. Akamai does not use this version of OpenSSL and is therefore not susceptible to that vulnerability. We continue to investigate, however.
The full advisory will be available on March 19. Akamai will have further details about our response plans at that time.
One my favorites from that ad series is the one where "Mayhem" is your car's GPS system - he seems to be recalculating at every other turn! Don't you hate that moment when you're traveling along on a road trip, following the pleasant voice prompts from your car or your smartphone's GPS and then all of a sudden you realize the road you are supposed to take is closed? You're now being redirected to a new route? What's worse is when you get to a point where you have to make a decision "do i go left?" or "do I go right?" you look at the GPS and it's "Recalculating!"
Microsoft yesterday released its most significant patch update in a long while, fixing the so-called FREAK vulnerability, among other things.
In all, 14 security issues were addressed, five of which are tagged as critical. Affected systems include the consumer and server editions of Windows, Internet Explorer, Office, Server and Exchange Server and SharePoint.
Akamai addressed the CVE 2015-0204 vulnerability -- which FREAK exploits -- two weeks ago. You can read about our response here.
Here's the full patch matrix for Microsoft's March 2015 Security Update:
From the OWASP website:
OWASP encourages and prioritizes submissions around the three focus areas of AppSec USA 2015:
- Web Application security
- Cloud Security
Submission of proposal closes: March 14, 2015 - 11:59 Pacific
Notification of acceptance: April 15 - May 15, 2015
Conference Date: September 22-25, 2015
To submit a proposal, send an abstract of your intended presentation (500 - 4000 characters), a brief biography (150 - 800 characters), a headshot, and a signed copy of the speaker agreement. Talks without all required information probably won't be considered.
Akamai has seen multiple media reports where a group will claim to have hacked hundreds or thousands of sites in a single night. The intent is to instill a sense of widespread unease to the casual observer.
When we look a little closer, we see that there may be more to it. One can rightly assume that many of these have been done through a type of automation. But if we look even closer, we see something else interesting about the attacks.
If we look at the IP address for the hundreds of web sites affected, we notice that many and sometimes all of them have the same IP address.
When we see this, it leads us to believe the sites are running on the same server.
Bill Brenner, Dave Lewis and Martin McKeay discuss the latest incidents in the never-ending fight against evil.
Among the security content on Akamai's new State of the Internet website is a very cool map where you can view DDoS attack activity worldwide in near real-time, including global sources, types, volume and targets.
The most recent 5000 DDoS attacks blocked by Akamai appear on the map. Each DDoS attack source can command hundreds or thousands of DDoS bots. Viewers can customize their view by zooming in or out. There's also a section that ranks bot activity by country.
Security content on the site focuses on:
- Network and DNS security
- Web application security
- DDoS protection and DDoS mitigation
- Threat advisories and attack trends
It pairs well with the security section on Akamai's main website. Check in on both sites daily for the full security picture around the world.
The following, written by Rich Salz, deals with Akamai's response to CVE 2015-0204. The vulnerability has been exploited by such exploits as the so-called FREAK attack.
Back in the last century, the United States tried to control the export of strong cryptography. This policy made its way into the SSL/TLS standards in two ways.
The first part was to add several cipher suites that used small, easily breakable keys. These are all identified with the name EXP at the beginning.
For example, EXP-DES-CBC-SHA. DES normally uses a 56-bit key (which is considered laughably weak these days), and EXP-DES is a variant that uses a 40-bit key -- sixty-five thousand times weaker than "laughably weak". (We're using the common OpenSSL names, not the official names from the TLS RFC.)
The second change is more problematic and, for technical purists, very "ugly."