The Akamai Blog: August 2018 Archives

Paul Calvano

August 29, 2018 8:36 AM

On Becoming a Contributor to the HTTP Archive

The HTTP Archive is an open source project that tracks how the web is built. Twice a month it crawls 1.3 million web pages on desktop and emulated mobile devices, and collects technical information about each of the web pages. That information is then aggregated and made available in curated reports. The raw data is also made available via Google BigQuery, which makes answering interesting questions about the web accessible

Larry Cashdollar

August 23, 2018 11:30 AM

Apache Struts Vulnerability CVE-2018-11776

On Wednesday, August 22nd, the Apache team patched another vulnerability in the Apache Struts2 framework. Apache Struts is an open-source web application framework for developing Java web applications. The vulnerability exists when these conditions are met: The alwaysSelectFullNamespace flag setting is set to true in the Struts configuration. The Struts configuration file contains an <action ...> tag that does not specify either the optional namespace attribute or a wildcard namespace.

Jim Black

August 22, 2018 11:55 AM

How's that Security Back Door Doing? (Part 2)

In the first part of this blog post I wrote about how recursive DNS (rDNS) is an attack surface that many enterprises don't currently protect. Bad actors are exploiting that fact and developing advanced targeted threats that use DNS to bypass conventional security tools such as firewalls, secure web gateways and endpoint antivirus.

Nicholas Hawkins

August 21, 2018 10:12 AM

How to evolve your enterprise network security to a ...

In the land behind the firewall, build a fortress in the cloud.

John Neystadt

August 20, 2018 2:47 PM

Dispelling the Myths Surrounding Security Technology ...

Many of our customers conducting business in Europe are concerned about how the new General Data Protection Regulation ("GDPR") impacts the ability to protect their organization's data, network and IT system resources. In particular, many worry that the requirements of GDPR will restrict their abilities to decrypt, analyze or log networking traffic for security purposes. However, enterprises needn't worry, as GDPR actually does permit these types of security controls.

Akamai InfoSec

August 20, 2018 11:23 AM

On Cache Poisoning

In March 2017, Akamai released a post, "On Web Cache Deception Attacks". A presentation at the Black Hat conference by James Kettle from Port Swigger on web cache poisoning has recently raised awareness of cache poisoning. This is a class of vulnerability with a long history. Cache poisoning can be defended against by properly configuring caching controls on both customer sites and the Akamai platform. Customers should consult with their

Akamai

August 15, 2018 1:00 PM

Linux Kernel IP Vulnerability 2

On the week of July 15th, researcher Juha-Matti Tilli disclosed a vulnerability in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland (NCSC-FI), CERT Coordination Center (CERT/CC), and Akamai. The vulnerability, CVE-2018-5391, is a resource exhaustion attack triggered by a specially crafted stream of IP datagrams that cause expensive processing within the Linux kernel. This vulnerability is similar to the Linux TCP vulnerability announced August,

Gregory Griffiths

August 9, 2018 10:14 AM

How to build customer trust online

For most brands, customer data and consents are their most treasured assets. Data fuels innovations in products and services and enables the level of personalized experience that many channel managers view as necessary for maximizing consumer loyalty. However, mishandled and stolen data have led to marked degradation in the level of trust that many consumers have in online services, commerce and marketing. Developing and implementing a data strategy that fosters

Akamai

August 6, 2018 11:15 AM

Linux Kernel TCP Vulnerability

On the week of July 15th researcher Juha-Matti Tilli disclosed a vulnerability he discovered in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland (NCSC-FI), CERT Coordination Center (CERT/CC), and Akamai. The vulnerability, CVE-2018-5390, is a resource exhaustion attack triggered by a specially crafted stream of TCP segments which creates expensive processing within the Linux kernel. In preparation for the public disclosure of the vulnerability,

Tommy Cormier

August 3, 2018 7:44 AM

Threat Identity...The First Line of Defense

Last quarter, we discussed zero trust and identity in regard to remote application access. This focus was primarily looking at enterprise users seeking to gain access to applications on a network where there are no boundaries: The internet. In the concept of zero trust, the internet is considered hostile and users are accessing resources from multiple devices and from many different locations. With this in mind, it is critical for

OVERVIEW

What We Do

INTELLIGENT EDGE PLATFORM

The Competitive Edge

THREAT RESEARCH

Cybersecurity Insights from the Experts

FREE TRIALS

Try Us Free

FEATURED

What's new with the Akamai Intelligent Edge Platform™

SECURITY

Security Solutions

WEB PERFORMANCE

Web Performance Solutions

MEDIA DELIVERY

Media Delivery Solutions

NETWORK OPERATOR

Network Operator Solutions

SERVICES

Services

DEVELOPERS

Akamai for DevOps

FEATURED

Security Solutions

CASE STUDIES

Customer Case Studies

INSIGHTS

Internet Observatory

REPORT

State of the Internet Report

DOCUMENT LIBRARY

Our Library

CDN LEARNING CENTER

About Content Delivery Networks (CDNs)

GLOSSARY

Cloud Computing Glossary

DOCUMENTATION

Technical Documentation

FOR DEVELOPERS

For Developers

COMMUNITY

Community

FEATURED

Our Library

GET IN TOUCH

Global Support Phone Numbers

SUPPORT

Support Resources

UNDER ATTACK

Are You Under Attack?

UNDER ATTACK

Are You Under Attack?

LOCATIONS

Our Offices

CONTACT

Get in touch

August 2018 Archives