Akamai Diversity
Home > August 2015

August 2015 Archives

Girls Who Code Summer Immersion Program Wrap-Up

We recently said farewell to the twenty terrific young women of the Akamai Girls Who Code Summer Immersion Program. They learned and grew so much over their seven weeks with us, and we will miss them!   


At their graduation ceremony, Tom Leighton spoke about how much is possible if one is intelligent, curious, and hard working. I see that every day at Akamai, and I saw it in spades among the girls in our program. They approached each new opportunity with gusto, whether it was learning about the internet, algorithms for genome sequencing, data visualization, data structures, or personal robots. They were always curious and asked great questions. They brought the same energy to coding, and the Girls Who Code staff said they often had to pry the girls off of their computers at the end of the day to send them home. It was wonderful to witness their satisfaction in making things work - whether debugging the ball physics in their "Pong" game, or building a personal web site.

Teens Busted for Exploiting Lizard Squad Attack Tool

In January, we told you about Lizard Squad, an attack group that ruined Christmas for a lot of Sony Playstation and Xbox users by launching DDoSes against those gaming networks. The authorities have been chasing them down since then, and this month six teens were arrested for using Lizard Squad's signature Lizard Stresser DDoS attack tool.


There can sometimes be a fine line between suspicion and guilt. Determining malicious or "good" activity can be a challenging task in today's cyber world full of hidden and dark secrets. A system based on accuracy and thorough analysis of all evidence will lead to the true malicious actor.
Consider a popular way to illegally extract money from someone's bank account for example. The malicious actor has created a malicious link to exploit a vulnerability using a Cross Site Forgery Request (CSRF) on a vulnerable banking site. The malicious actor makes sure that the victim clicks on the malicious link while logged onto his online banking account with the vulnerability. He thinks he is transferring $2,000 to pay the rent but this malicious link changes the request to have $20,000 from his account transferred to an anonymous bitcoin account. The money is laundered away before it can be traced.
There are a lot of excellent reasons to come to our new Healthcare Forum at Edge in October.  Watch our video to learn more.

Learn more about Edge and register here.

Ginny Carpenter is the manager of industry marketing for healthcare at Akamai.

OTT at your doorstep: Are you ready?


Consider this - the number of months needed to reach 1 million users in India since launch[1] :


Facebook - 10 months

Twitter - 12 months

Instagram - 2.5 months

HotStar - .2 months (6 days !!!)


So what is HotStar?  HotStar is one of the recent OTT video applications launched by Star India, launched to coincide with the start of the cricket world cup. Star is one of the largest media broadcasting houses in India and is part of the global NewsCorp network.  In the 40 days since being launched, Hotstar reached 40 million downloads and is still going strong. The platform today streams a wide variety of entertainment content and is reported to support more than 7000 device types.

In part 1 of the deep dive we learned about the best practices involved in choosing an appropriate image format in preparation for web delivery. In part 2 we will discuss different configurations to leverage Akamai's Adaptive Image Compression (AIC).

As many web developers and content designers know, compression is as much an art as it is a science. Knowing when to apply compression and how much compression to apply is paramount to your user experience. A one size fits all method means you're either not compressing enough and leaving potential performance gains on the table (forcing your user to wait) or potentially compressing too much, putting your user experience and product in jeopardy.

Akamai Assists ISPs in Providing a Family-Friendly Internet


Family and Internet safety advocates have lobbied long and hard to government regulators and Internet service and content providers for stronger measures and controls over the types of content viewable by children when online. And based on recent reports, some ISPs have responded in a favorable way, by implementing services that place automatic blocks on "high risk" websites including those that feature nudity or sexual content or are related to drugs, alcohol or tobacco, among others. Furthermore, users seem to be taking advantage of these services rather than opting out of them, creating safer Internet environments in their homes, while Internet providers reap the benefits of high scores for customer satisfaction and the potential for long-term revenue growth. A true win-win!

As the new Industry Marketing Manager for Financial Services at Akamai, I am thrilled to be attending my very first Edge Customer Conference! The Edge conference will provide a great opportunity to network with like-minded professionals, nurture existing relationships, and build new ones.

Picture this - you arrive to your office early in the morning to finalize your back to school promotions so you can move on to your holiday marketing plans. As you are busily trying to answer emails, you came across an ominous message explaining to you that if you don't pay 40 Bitcoins, a group you've never heard of would knock your site offline in 24 hours with a powerful distributed denial of service (DDoS) attack. A DDoS attack can be carried out in many different ways but at the most basic, it is executed by flooding a website with more traffic or requests than the infrastructure can handle - thus taking it offline for legitimate customers. It may sound like the plot to a movie but unfortunately it's a reality.  Check out our coverage of the DD4BC operation here.  

It's summertime!  While most people are relaxing at the beach or enjoying a BBQ, here at Akamai we've already shifted sights towards the winter to provide relief for retailers by ensuring they have fast, reliable and secure e-commerce sites in time for the holidays.  The holiday season, after all, is just around the corner.  Here are four key ways we are helping retailers convert more shoppers into buyers while also securing their web experiences:

(1)  Make the experience fast

Last year, for the first time, Akamai saw more than 50% of holiday traffic from mobile devices during certain periods of the day.  This trend will undoubtedly continue as shoppers embrace multi-channel experiences while accessing content from different devices at different times of the day.  Akamai's Real User Monitoring (RUM) provides retailers with a detailed understanding of the actual page load time visitors experience across the myriad of devices and networks.  Akamai Ion provides the fastest acceleration for content accessed on all types of devices and networks including the unique challenges of responsive web design, congested cellular networks and those pesky API calls which slow down the mobile app experience.

Delivering High Performing Images on the Akamai Edge

Deep Dive - Part 1: Image Formats

In our previous entry, we got a glimpse into the capabilities of the Akamai Adaptive Image Compression (AIC) product, and how it can help in making the fastest sites on the Internet even faster. But how does fast delivery of images actually happen? In this two part deep dive, we will address:

  • Initial decision points content developers need to keep in mind when evaluating image formats, and their image compression options
  • The Adaptive Image Compression implementation process, and how to choose your compression settings

Is HTTP/2 worth the performance price of TLS?

HTTP/2 (h2) is incredibly exciting: The first major rev to HTTP in 15 years, focused on modern web development, performance minded, etc., etc.  But one thing that has people looking at it with trepidation is that to use it you effectively need to move your site over to TLS (i.e. HTTPS).  Though not a requirements in the protocol, no major browser has plans to put h2 in the clear.  Whether you think this is a good thing or a bad thing ( I personally am thrilled ) it brings front and center the questions you may have been avoiding: should I move my site to TLS? We have done extensive testing of h2 performance.  Akamai's Foundry team spent time after every significant revision of the draft specification seeing what worked and what did not.  What we saw was consistent: improvements in page load time in the common case between 0% and 25%.  What is significant about these particular numbers is they are comparing an HTTP version of a site against an HTTPS version using TLS and h2.  In other words, the 'goodness' of h2 should make up for the overhead of TLS and then some in most cases.  Performance can be very situational, so mileage will vary in specific scenarios and on specific webpages, but it is exciting to see improvements on the horizon.

Stephen Ludin is a Chief Architect for Akamai's Web Experience group. He currently heads the company's Foundry team - a small group dedicated to innovating on the edge of technology. He joined Akamai in 2002 and works out of Akamai's San Francisco office. His primary focus has been on projects related to the core proxy technology that is responsible for routing, accelerating, and securing Akamai's traffic.

I love a good roundup of stats, and the webcast I did yesterday -- a "state of the union" for mobile web performance optimization, which you can watch here -- offered up some good roundup fodder on everything from user expectations to common performance issues.

How Can You Trust a Website?

During an early summer morning on August 1982, in the brightly lit hallway of a non-descript academic building on the campus of University of California Berkeley, two scientists who were working on what the world will later know as the Internet, had a brief but very important conversation:

"How can we trust ARPANET?"

"Because you can trust your colleagues."

Media Coverage of the Q2 2015 SOTI Security Report

It's only been a couple days since we released the Q2 2015 State of the Internet Security Report, but it has already generated a fair amount of media coverage. The following articles are what we've seen so far.

Attackers are using insecure routers and other home devices for DDoS attacks (Computerworld)

A report released Tuesday by cloud services provider Akamai Technologies shows that the number of DDoS attacks is on the rise. During the second quarter of 2015 it increased by 7 percent compared to the previous three months and by 132 percent compared to the same period last year, the company's data revealed.

End-User Mapping Brings Users Closer to Internet Nirvana

It goes without saying that people enjoy using the Internet more when response times are fastest. But most of us are not as concerned about why websites respond more quickly, as long as they do. There are many factors that contribute to faster (and more satisfying) web experiences. Certainly, faster broadband connectivity and well-designed web sites play a role. And websites that leverage content delivery networks (CDNs), which distribute web content to servers located closer to end-users, outperform sites that don't.

Happy 17th Anniversary Akamai!

On this date in 1998 - 17 years ago - Danny Lewin and I incorporated Akamai.  That day marked the official start of Akamai as a business, and our team of about a dozen people (mostly MIT undergrads) moved out of my office at MIT and into a small rented space in Cambridge.  None of us had any prior experience in business.  We believed in our technology, we believed in our people, we believed in our business plan, and we were determined to make a difference.  Success was far from guaranteed--at that time, only one out of every sixty technology startups that opened for business would last for a year.
Since our founding, Akamai has been at the vanguard of the Internet revolution.  From day one, we have worked hard to gain an understanding of how our customers want to use the Internet to make their businesses be more agile, more customer-centric, and more profitable.  And we use that understanding to guide our innovation and to invent new solutions to help make our customers' visions a reality.

Search Engine Optimization (SEO) campaigns are prevalent and legitimate ways to promote web applications in order to get a better visibility and more traffic to your web application. But what happens when an SEO campaign crosses the line into the dark side and becomes malicious?

Recently the Akamai Threat Research Team discovered a highly sophisticated SEO attack campaign that was promoting the search results rating for a web application that allows users to share their cheating and infidelity stories.

Do the WAF Revolution

Akamai famously lost the first competition it entered, the MIT 50k, before securing funding and becoming a wildly successful start up and one of the largest IPOs in history.  Today Akamai is a 2B public company that prides itself on fighting the odds in order to challenge the status quo and provide business value to customers.

Akamai's 8th Annual Customer Conference is approaching quickly and we have some great industry speakers joining us to share how they are overcoming some of the toughest challenges in Commerce. 

Speakers from Norwegian Cruise Lines, Crocs, Mary Kay and Guitar Center, among many others will share ideas, best practices and tactics to improve customer experience and increase key performance metrics as we address key trends shaping the industry.

Doubling Down on OTT

It's no secret that digital video entertainment is in the midst of a massive transformation that includes the way content is packaged, distributed and consumed. The days of consumers demanding large cable TV packages and renting feverishly from local video stores are a distant past. Today, electronic consumer media spend has already surpassed physical, the words "skinny bundle" have crept into our vocabulary and those of us in the US are now more likely to belong to a broadband enabled household that subscribes to an OTT video service than not. Streaming services that offer ubiquitous access to quality premium video content at an affordable price are currently all the rage. As new and existing services jockey for position to secure consumer mindshare, it's apparent OTT as whole will continue to be a critical growth area as recent data predicts the OTT video market to grow at a CAGR of 18.40% from 2014-2019.

Q2 2015 State of the Internet Security Report Released

Akamai has released the Q2 2015 State of the Internet Security Report. This quarter's report, which provides analysis and insight into the global cloud security threat landscape, can be downloaded here.

Previews for the Q2 State of the Internet Security Report:

Mobile is Feeding My #FreeBrady Obsession

As a New Englander and avid Patriots fan, I have been obsessed with watching everything #FreeBrady related.  I can't get enough.  Short of reading the entire 243-page Wells report - Snooze - I want to watch everything that is going on with deflategate in order to support my favorite QB against all the haters out there.  

Holiday season in July?

Has Amazon's Prime Day officially kicked-off the holiday selling period? Probably not, but its success does suggest people are ready for a discount, which means retailers should prepare for a busy holiday season. So what can retailers expect in the coming weeks and months?

Here are four trends retailers need to consider when planning for the holidays:

1. Consumer confidence is rising

Consumers seem increasingly willing to shop. The National Retail Federation (NRF) 2015 Holiday Planning Playbook has consumer confidence climbing in parallel with some of the lowest gas prices seen in six years. All signs are pointing to a strong holiday selling period.

Q2 SOTI Security Preview: The Shellshock Effect

This is the final preview for the Q2 2015 State of the Internet Security Report, which comes out tomorrow. Here, we take a look at web application attacks and the impact that comes with adding two attack types to the picture. Note: We'll show the actual percentages for these attacks once the report is officially released. One more day!

Previews for the Q2 State of the Internet Security Report:

Q2 SOTI Security Preview: Tor Pros and Cons

The Q2 2015 State of the Internet Security Report (SOTI Security) is due out in the next couple of weeks, and today we continue previewing various sections. 

Tuesday we told you about security risks that come into play when third-party plug-ins are used with Wordpress. Yesterday we looked at attack vectors the bad guys favored in Q2. Today we look at the security risks businesses face when using Tor.

The Q2 2015 State of the Internet Security Report (SOTI Security) is due out in the next couple of weeks, and today we continue previewing various sections.

Yesterday we told you about security risks that come into play when third-party plug-ins are used with Wordpress. Today we look at attack vectors the bad guys favored in Q2.

Hi. I'm Bhuvana Husain, Director of Programs & Operations in Akamai's Web Experience Business Unit. I'm also the Program Coordinator for this year's Girls Who Code Summer Immersion Program here at Akamai. As described in the previous blog posts by Kate Jenkins (Girls Who Code Summer Immersion Program at Akamai and Week 1 update on Akamai's Girls Who Code), we are thrilled to be hosting a group of 20 high school girls onsite at Akamai HQ in Cambridge so they can learn how to code. 

The Q2 2015 State of the Internet - Security Report (SOTI Security) is due out in the next couple of weeks, and today we begin previewing various sections. Let's begin with the potential security risks that come into play when third-party plug-ins are used with Wordpress.

WordPress is the world's most popular website and blogging platform. Its ever-growing popularity makes it an attractive target for attackers who aim to exploit hundreds of known vulnerabilities to build botnets, spread malware and launch DDoS campaigns.

This month we'll release the Q2 2015 State of the Internet Security Report. Tomorrow, we'll begin previewing sections of that report in this blog.

But before we begin, a look back at the previous quarter's report is in order. Such a review will better position readers to digest the new report and do some comparing and contrasting. Every report highlights a new trend, but we also see things that don't change much from one quarter to the next. The challenge is in finding activity that bucks normal trends.

Defending Against DD4BC Cyber Attacks

To date, over a dozen Akamai customers have been the targets of DD4BC, a group of cyber attackers who use a series of politely worded, yet increasingly threatening email messages to extort a 25 Bitcoin ransom (approximately $5,750 in US dollars) in exchange for stopping attacks on the victims' sites and number if victims is increasing. DD4BC starts out with what they call "small demonstrative attacks" that will not crash the site and last for one hour "just to prove that we are serious." Those companies that continue to ignore DD4BC's 24-hour ransom demand receive subsequent emails upping the ransom to 50-100 Bitcoins and threatening long-term UDP flood attacks at 400 to 500 Gbps - which they warn will not be easy to mitigate.

Earlier today (Aug 6, 2015) at the Black Hat Security Conference in Las Vegas, Bishop Fox, a security research and penetration testing firm, announced the discovery of a vulnerability that allows an outside actor to conduct a cross-site request forgery (CSRF)/Server-Side Request Forgery (SSRF) attack using a combination of exploits. This vulnerability relied on the Akamai platform in two ways: specially-crafted legacy resource locators (also called v1 ARLs) in combination with specific versions of Flow Player.

I was ready for a relaxing vacation on the Mexican Riviera Maya where the warm waters and cool drinks would provide the backdrop for a great week.  Making the Internet fast, reliable and secure every day is demanding work so I was happy to temporarily leave my thoughts about Akamai at home, spend quality time with family, and sneak in a book that I've been wanting to read for a while.

Is your cloud strategy delivering for your users?

Enterprise public cloud adoption is becoming a norm around the world. Gartner expects public services cloud to hit $240 billion by 2017. They also suggest that the worldwide software as a service (SaaS) market will grow at 18.1% annually and the market will hit $46.35 billion by 2017 [1]. In addition to traditional dev-ops applications, business critical functions, such as CRM and ERP, are moving onto public cloud infrastructure. The goal is to take advantage of the on-demand scalability, flexibility and cost savings associated with cloud computing.

Last night I watched an On Demand episode of The American Experience titled Blackout, which recounted the 1977 power failure in New York City and its lasting impact on city due to widespread looting and destruction. With the power completely out, the operators at Con Ed got to work restoring power using a manual that was last updated after another massive blackout - in 1965.

Akamai is aware of a talk scheduled for Black Hat USA 2015 this week that will discuss some potential issues with platforms like ours.

Mike Brooks and Matthew Bryant, security analysts at Bishop Fox, will give the following talk on Aug. 6:


I spent a few days in New York City last week attending a couple of meetups, including speaking at a New York City Web Performance Meetup on Thursday night. I had several great conversations around real user monitoring, data science and analytics, and, of course, testing in production (my favorite topic these days!).

I had quite a few discussions around how SOASTA CloudTest manages these large cloud environments and if there are any best practices for load server grid management, especially when performance testing using a very large, location-diverse -- and even cloud provider-diverse -- environment.

Well, of course there are! So what better time to write a blog post about grid management best practices when you've just spent a few days in one of the best city grids in the world -- New York!

Future Stores Follow Up Part 2

Late last month I attended the Future Stores 2015 conference in Seattle. If you haven't heard of Future Stores before, here's some brief background: it's held by Worldwide Business Research and brings together retail, omni-channel, customer web experience, and IT execs to focus on in-store innovation and how to bridge the digital and physical retail environments. As Chief Strategist of Commerce at Akamai, I was excited to learn how future-thinking stores are innovating and better understand how Akamai fits into the picture. This is the second follow post that I'm doing to recap some of the highlights I heard at the conference. My first post highlighted how Macy's Go was personalizing and streamlining the omnichannel shopping experience.