Get In Touch
July 2015 Archives
Akamai is aware of a recently disclosed critical vulnerability in BIND (CVE-2015-5477) that can be exploited to cause a denial of service. How does the attack work? An attacker can cause BIND to exit by using a constructed packet to trigger a REQUIRE assertion via defective handling of a TKEY query. How is Akamai affected? Akamai's Fast DNS / EDNS authoritative name servers do not run BIND and as
A new hacking group has landed on the Akamai's PLXsert and CSIRT radar for taking responsibility for launching DDoS attacks against several of our customers in the financial services sector.The entity calls itself the "OurMine Team" and if it is to be believed, it has gained access to one customer's $500,000 account. The group has announced it will give that money to the poor.
From a user experience perspective, in an ideal world every page would load in less than a second, we'd zip through a transaction in moments, and boom, we'd be done. But as I've written about in the past, not all web pages are created equal. People react differently to slowdowns on different pages in the conversion funnel, which means you need to approach each page differently. While it would be
If I can see a person standing in front of a neighboring house inspecting the windows and the doors, should I call the police? Maybe it is the air-condition technician looking for the best place to install a new air-condition unit, or maybe it is a robber doing reconnaissance and checking what is the easiest way to get into the house. It is hard to tell! Now what if
In June 2012, Akamai launched the Akamai Internet Observatory (IO) destination site that highlights browser usage across desktop and other connected devices. The data presented in the full Q1 2015 State of the Internet ReporBe and this blog post are derived from the Akamai IO site.
The number of hours that Americans sleep at night is down more than an hour from what it was in 1942. Does this mean that we've gained an hour more to do other, more productive things? Or, an hour more to do things like read and spend time with our family?
Akamai is proud to have recently improved its position in the "Challengers" quadrant of Gartner, Inc.'s Magic Quadrant for Web Application Firewalls*. Gartner states: "By year-end 2020, more than 60% of public Web applications protected by a Web application firewall (WAF) will use WAFs delivered as a cloud service or Internet-hosted virtual appliance -- up from less than 15% today."
HTTP is ubiquitous. Seems like everything today is being served from the web. We are using smartphones to do everything from answering our doorbells while we are at work to remotely controlling SUV's. All of this, happening on a platform we call the World Wide Web. Websites are delivering richer and more personalized content than ever before, creating user experiences that were never conceived of. This means, more than ever,
A roundup of attack activity, vectors and those responsible, based on PLXSert/CSIRT advisories issued in recent weeks: DD4BC: Operation Update and FAQ DD4BC, the malicious group responsible for several Bitcoin extortion campaigns last year, continues to expand attacks against Akamai customers. Researchers from Akamai's PLXsert and CSIRT teams continue to investigate attack activity related to the group. RIPv1 Reflection DDoS Making a Comeback Akamai's Prolexic Security Engineering & Research Team
The Q1 2015 State of the Internet Report records usage from: smartphones, tablets, computers, and any other device that connects to the Akamai Intelligent Platform via a mobile network provider. Usage is then aggregated at a country/region level. To qualify for inclusion in the report (and this blog post), a minimum of 25,000 unique IP addresses from a country/region are required to connect to Akamai's network. In total, 62 countries/regions
DD4BC, the malicious group responsible for several Bitcoin extortion campaigns last year, continues to expand attacks against Akamai customers. Researchers from Akamai's PLXsert and CSIRT teams continue to investigate attack activity related to the group. In recent weeks, the frequency of customers receiving ransom emails from this band of chaotic actors has steadily grown. DD4BC continues to inform victims that they will launch a DDoS attack of 400-500 Gbps
Last month I covered the topic of page bloat -- more specifically, calling attention to the fact that the web has reached a brand-new (if ignominious) milestone: the average home page is now more than 2 MB in size.
As a professional marketer, it can be a little ironic how often you're frustrated when people you care about are influenced by marketing in ways that can't possibly be good for them. Everybody knows that marketers do nothing but lie all day - or "spin" as they call it. And as far as the profession goes, there's probably some truth to that. But there are plenty of marketers out
This week, I joined SOASTA as Senior Vice President of Performance Analytics. Given my background in cloud computing and distributed systems operations -- you may have read my blogs on CNET or GigaOm -- this may surprise you, but I want to explain why this is the perfect time to take on this opportunity with this team.
Late last month I attended the Future Stores 2015 conference in Seattle. If you haven't heard of Future Stores before, here's some brief background: it's held by Worldwide Business Research and brings together retail operators, omni-channel, customer experience and IT execs to focus on in-store innovation and how to bridge the digital and physical retail environments. As Chief Strategist of Commerce at Akamai, I was excited to learn how future-thinking
In June 2013, Akamai announced the latest release of Ion. Ion is designed to meet the unique challenges of optimizing the desktop and mobile Web experience. One feature of Ion is a capability known as Real User Monitoring (RUM). RUM takes performance measurements from real Web users to provide developers with insights into performance across a multitude of devices and networks. Ideally, RUM is used in tandem with synthetic testing to
After months of planning & preparation, Akamai's Girls Who Code Summer Immersion Program is now underway! This past Monday July 6th, we welcomed 20 high school girls to Akamai's Cambridge headquarters, where they will spend seven weeks learning coding fundamentals and mingling with real-world techies.
In late June I came across a news article on the online marketing company Criteo's "State of Mobile Commerce" Q2 2015 report. According to this report mobile transactions now accounts for 30% of all online transactions. This shouldn't be a surprise to anyone; everybody knows that the world has gone mobile and the move continues with the latest developments such as Pinterest adding a "Buy" button, Google announcing Android
Akamai is aware of the OpenSSL vulnerability addressed in OpenSSL versions 1.0.2d and 1.0.1p on Thursday, July 9, 2015. Akamai does not use the vulnerable versions of OpenSSL and is therefore not affected. The OpenSSL team advisory outlines the vulnerability and fixes. The advisory states:During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such
Customer expectations are driving ever increasing demands on website performance. Delays are now measured in milliseconds, not seconds, and cause direct financial impact to the business. And yet, despite these pressures for each business to have lightning fast websites and large budgets being spent on performance, most businesses are still plagued with slow sites. The median page load time for the largest 1000 websites is a whopping 6.4 seconds, more
Through Akamai's globally deployed Intelligent PlatformTM, and by nature of servicing roughly two trillion requests for Web content on a daily basis, Akamai has unique insight into Internet penetration around the globe. In the first quarter of 2015, over 812 million unique IPv4 addresses from 243 unique countries/regions connected to the Akamai Intelligent PlatformTM--a 1.2% increase from the previous quarter.
Akamai's Prolexic Security Engineering & Research Team (PLXsert) has been monitoring an uptick in a form of DDoS reflection thought to be mostly abandoned. This attack vector, which involves the use of an outdated routing protocol in RIPv1, began showing up in active campaigns again on May 16th after being dormant for more than a year. The latest attacks observed, as described later, are apparently making use of only a