Akamai Diversity
Home > Web Security > Talk on CDN vulnerability at Black Hat USA 2015

Talk on CDN vulnerability at Black Hat USA 2015

Akamai is aware of a talk scheduled for Black Hat USA 2015 this week that will discuss some potential issues with platforms like ours.

Mike Brooks and Matthew Bryant, security analysts at Bishop Fox, will give the following talk on Aug. 6:

BYPASS SURGERY ABUSING CONTENT DELIVERY NETWORKS WITH SERVER-SIDE-REQUEST FORGERY (SSRF) FLASH AND DNS

Description: It is unlikely when a bug affects almost every CDN and it becomes vulnerable, but when this happens the possibilities are endless and potentially disastrous.

Imagine - a Facebook worm giving an attacker full access to your bank account completely unbeknownst to you, until seven Bentleys, plane tickets for a herd of llamas, a mink coat once owned by P. Diddy, and a single monster cable all show up on your next statement. What a nightmare.

But in all seriousness, thousands of websites relying on the most popular CDNs are at risk. While some application requirements may need a security bypass in order to work, these intentional bypasses can become a valuable link in an exploit chain. Our research has unveiled a collection of general attack patterns that can be used against the infrastructure that supports high availability websites.

This is a story of exploit development with fascinating consequences.


Akamai is working with the Bishop Fox researchers, and is moving to address the issue with customers currently.

A more detailed post on what Akamai is doing will be released after the talk. 

Leave a comment