Akamai Diversity

The Akamai Blog

July 2015 Archives

Benjamin Brown

Benjamin Brown

July 31, 2015 9:03 AM

BIND DoS Vulnerability (CVE-2015-5477)

Akamai is aware of a recently disclosed critical vulnerability in BIND (CVE-2015-5477) that can be exploited to cause a denial of service. How does the attack work? An attacker can cause BIND to exit by using a constructed packet to trigger a REQUIRE assertion via defective handling of a TKEY query. How is Akamai affected? Akamai's Fast DNS / EDNS authoritative name servers do not run BIND and as

Bill Brenner

Bill Brenner

July 29, 2015 7:22 AM

OurMine Team Attack Exceeded 117 Gbps

A new hacking group has landed on the Akamai's PLXsert and CSIRT radar for taking responsibility for launching DDoS attacks against several of our customers in the financial services sector.The entity calls itself the "OurMine Team" and if it is to be believed, it has gained access to one customer's $500,000 account. The group has announced it will give that money to the poor.

Akamai

Akamai

July 28, 2015 1:49 PM

Conversion Impact Score: What is it? And why do you ...

From a user experience perspective, in an ideal world every page would load in less than a second, we'd zip through a transaction in moments, and boom, we'd be done. But as I've written about in the past, not all web pages are created equal. People react differently to slowdowns on different pages in the conversion funnel, which means you need to approach each page differently. While it would be

Or Katz

Or Katz

July 23, 2015 9:57 AM

How to Tell a Landscaper From a Thief

If I can see a person standing in front of a neighboring house inspecting the windows and the doors, should I call the police? Maybe it is the air-condition technician looking for the best place to install a new air-condition unit, or maybe it is a robber doing reconnaissance and checking what is the easiest way to get into the house. It is hard to tell! Now what if

Akamai

Akamai

July 23, 2015 8:00 AM

Mobile Browser Usage in Q1 2015

In June 2012, Akamai launched the Akamai Internet Observatory (IO) destination site that highlights browser usage across desktop and other connected devices. The data presented in the full Q1 2015 State of the Internet ReporBe and this blog post are derived from the Akamai IO site.

Julie Paris

Julie Paris

July 22, 2015 11:00 AM

One Extra Hour - What Do You Do With It?

The number of hours that Americans sleep at night is down more than an hour from what it was in 1942. Does this mean that we've gained an hour more to do other, more productive things? Or, an hour more to do things like read and spend time with our family?

Akamai

Akamai

July 22, 2015 6:00 AM

Challenging the WAF Status Quo

Akamai is proud to have recently improved its position in the "Challengers" quadrant of Gartner, Inc.'s Magic Quadrant for Web Application Firewalls*. Gartner states: "By year-end 2020, more than 60% of public Web applications protected by a Web application firewall (WAF) will use WAFs delivered as a cloud service or Internet-hosted virtual appliance -- up from less than 15% today."

Raphael Edwards

Raphael Edwards

July 21, 2015 2:34 PM

High Performing Images - A practical approach to ima ...

HTTP is ubiquitous. Seems like everything today is being served from the web. We are using smartphones to do everything from answering our doorbells while we are at work to remotely controlling SUV's. All of this, happening on a platform we call the World Wide Web. Websites are delivering richer and more personalized content than ever before, creating user experiences that were never conceived of. This means, more than ever,

Bill Brenner

Bill Brenner

July 20, 2015 9:05 AM

Threat Watch: Bad Actors and Attack Techniques, Part ...

A roundup of attack activity, vectors and those responsible, based on PLXSert/CSIRT advisories issued in recent weeks: DD4BC: Operation Update and FAQ DD4BC, the malicious group responsible for several Bitcoin extortion campaigns last year, continues to expand attacks against Akamai customers. Researchers from Akamai's PLXsert and CSIRT teams continue to investigate attack activity related to the group. RIPv1 Reflection DDoS Making a Comeback Akamai's Prolexic Security Engineering & Research Team

Akamai

Akamai

July 17, 2015 8:00 AM

Mobile Connectivity in Q1 2015

The Q1 2015 State of the Internet Report records usage from: smartphones, tablets, computers, and any other device that connects to the Akamai Intelligent Platform via a mobile network provider. Usage is then aggregated at a country/region level. To qualify for inclusion in the report (and this blog post), a minimum of 25,000 unique IP addresses from a country/region are required to connect to Akamai's network. In total, 62 countries/regions

Akamai

Akamai

July 16, 2015 6:00 AM

DD4BC: Operation Update and FAQ

DD4BC, the malicious group responsible for several Bitcoin extortion campaigns last year, continues to expand attacks against Akamai customers. Researchers from Akamai's PLXsert and CSIRT teams continue to investigate attack activity related to the group. In recent weeks, the frequency of customers receiving ransom emails from this band of chaotic actors has steadily grown. DD4BC continues to inform victims that they will launch a DDoS attack of 400-500 Gbps

Akamai

Akamai

July 15, 2015 11:10 AM

Mobile page bloat: The average page served to mobile ...

Last month I covered the topic of page bloat -- more specifically, calling attention to the fact that the web has reached a brand-new (if ignominious) milestone: the average home page is now more than 2 MB in size.

Renny Shen

Renny Shen

July 15, 2015 10:00 AM

Time-to-Mitigate SLAs and the Irony of Being a Marke ...

As a professional marketer, it can be a little ironic how often you're frustrated when people you care about are influenced by marketing in ways that can't possibly be good for them. Everybody knows that marketers do nothing but lie all day - or "spin" as they call it. And as far as the profession goes, there's probably some truth to that. But there are plenty of marketers out

Akamai

Akamai

July 14, 2015 2:36 PM

Why I joined the digital performance management oppo ...

This week, I joined SOASTA as Senior Vice President of Performance Analytics. Given my background in cloud computing and distributed systems operations -- you may have read my blogs on CNET or GigaOm -- this may surprise you, but I want to explain why this is the perfect time to take on this opportunity with this team.

Akamai

Akamai

July 14, 2015 11:15 AM

Following Up from Future Stores Part 1: Macy's Go

Late last month I attended the Future Stores 2015 conference in Seattle. If you haven't heard of Future Stores before, here's some brief background: it's held by Worldwide Business Research and brings together retail operators, omni-channel, customer experience and IT execs to focus on in-store innovation and how to bridge the digital and physical retail environments. As Chief Strategist of Commerce at Akamai, I was excited to learn how future-thinking

Akamai

Akamai

July 13, 2015 11:30 AM

Situational Performance in Q1 2015

In June 2013, Akamai announced the latest release of Ion. Ion is designed to meet the unique challenges of optimizing the desktop and mobile Web experience. One feature of Ion is a capability known as Real User Monitoring (RUM). RUM takes performance measurements from real Web users to provide developers with insights into performance across a multitude of devices and networks. Ideally, RUM is used in tandem with synthetic testing to

Kate Jenkins

Kate Jenkins

July 13, 2015 9:43 AM

Week 1 update on Akamai's Girls Who Code

After months of planning & preparation, Akamai's Girls Who Code Summer Immersion Program is now underway! This past Monday July 6th, we welcomed 20 high school girls to Akamai's Cambridge headquarters, where they will spend seven weeks learning coding fundamentals and mingling with real-world techies.

Akamai

Akamai

July 9, 2015 1:54 PM

Are Cellular Networks a Bottleneck for Our Mobile Fu ...

In late June I came across a news article on the online marketing company Criteo's "State of Mobile Commerce" Q2 2015 report. According to this report mobile transactions now accounts for 30% of all online transactions. This shouldn't be a surprise to anyone; everybody knows that the world has gone mobile and the move continues with the latest developments such as Pinterest adding a "Buy" button, Google announcing Android

Bill Brenner

Bill Brenner

July 9, 2015 9:21 AM

OpenSSL Vulnerability (CVE-2015-1793)

Akamai is aware of the OpenSSL vulnerability addressed in OpenSSL versions 1.0.2d and 1.0.1p on Thursday, July 9, 2015. Akamai does not use the vulnerable versions of OpenSSL and is therefore not affected. The OpenSSL team advisory outlines the vulnerability and fixes. The advisory states:During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such

Akamai

Akamai

July 7, 2015 2:16 PM

How your CDN changes the performance of your site

Customer expectations are driving ever increasing demands on website performance. Delays are now measured in milliseconds, not seconds, and cause direct financial impact to the business. And yet, despite these pressures for each business to have lightning fast websites and large budgets being spent on performance, most businesses are still plagued with slow sites. The median page load time for the largest 1000 websites is a whopping 6.4 seconds, more

Akamai

Akamai

July 2, 2015 8:00 AM

Internet Penetration in Q1 2015

Through Akamai's globally deployed Intelligent PlatformTM, and by nature of servicing roughly two trillion requests for Web content on a daily basis, Akamai has unique insight into Internet penetration around the globe. In the first quarter of 2015, over 812 million unique IPv4 addresses from 243 unique countries/regions connected to the Akamai Intelligent PlatformTM--a 1.2% increase from the previous quarter.

Bill Brenner

Bill Brenner

July 1, 2015 7:00 AM

RIPv1 Reflection DDoS Making a Comeback

Akamai's Prolexic Security Engineering & Research Team (PLXsert) has been monitoring an uptick in a form of DDoS reflection thought to be mostly abandoned. This attack vector, which involves the use of an outdated routing protocol in RIPv1, began showing up in active campaigns again on May 16th after being dormant for more than a year. The latest attacks observed, as described later, are apparently making use of only a