Akamai Diversity

The Akamai Blog

Recently by Bill Brenner

Bill Brenner

Bill Brenner

September 16, 2014 6:22 AM

Web Vulnerabilities: Low-Hanging Fruit for DDoSers

A new Akamai PLXsert whitepaper was released this morning: "Web Vulnerabilities: The foundation of the most sophisticated DDoS campaigns." The paper can be downloaded here. Security practitioners know this much from long experience: Attackers who successfully build botnets and launch DDoS campaigns start by exploiting web vulnerabilities. It is the low-hanging fruit. In the white paper, PLXsert explores specific examples of the exploitation of popular web content management systems and web management

Bill Brenner

Bill Brenner

September 15, 2014 4:36 AM

Akamai Edge 2014 and National Cyber Security Awarene ...

It's fitting that the Akamai Edge customer conference is in October. It's the same month as National Cyber Security Awareness Month, and we'll have a robust security track at Edge.

Bill Brenner

Bill Brenner

September 4, 2014 11:29 AM

Akamai Offers Further Guidance to Blunt Linux DDoS T ...

Yesterday's advisory about attackers exploiting Linux vulnerabilities for DDoS assaults got a lot of attention. After hearing the feedback, we decided a follow-up post was necessary to help admins mount a better defense.I spoke with David Fernandez, head of our Prolexic Security Engineering Research Team (PLXsert), and he offered additional details on the countermeasures. First, for the basic details of the threat, check out yesterday's post. Now for the next steps...

Bill Brenner

Bill Brenner

September 3, 2014 9:56 AM

Linux Systems Exploited for DDoS Attacks

Linux users have a new threat to worry about.According to Akamai's Prolexic Security Engineering Research Team (PLXsert), the bad guys have discovered a weakness in Linux systems they can exploit to expand their botnets and launch DDoS attacks. PLXsert released an advisory outlining the danger this morning.The full advisory is available HERE.Also read Akamai Security Advocate Dave Lewis' CSOonline blog post about the threat.

Bill Brenner

Bill Brenner

September 2, 2014 4:25 AM

Reminder: Social Engineering Isn't Just An Online Th ...

Shortly after DEF CON last month, friend and journalist Steve Ragan made an observation in his Salted Hash blog: People standing in the many long lines at the event were forgetting a basic social engineering risk.

Bill Brenner

Bill Brenner

August 29, 2014 1:46 PM

6 Ways Young Upstarts Can Get Their Big Security Bre ...

Interviewing Akamai InfoSec's summer interns recently, I was reminded of a six-step guide I wrote a few years ago for CSOonline on how young people can get their break in the industry. I think the suggestions are as valid today as they were then.Also see:Meet Akamai InfoSec's 4th InternJamie Arlen on learning the play the role of InfoSec pro

Bill Brenner

Bill Brenner

August 28, 2014 3:18 PM

What a Broken Arm Teaches Us About Incident Response

I originally wrote this for CSOonline's Salted Hash blog in 2011. But given all my focus on incident management of late, a re-share seems appropriate.You might find it weird that I'd find a teachable infosec moment in my son breaking his arm. But he did do it at a security meet-up, after all.

Bill Brenner

Bill Brenner

August 18, 2014 5:28 AM

Meet Akamai InfoSec's 4th Intern

Last week I recorded a podcast interview with three of Akamai InfoSec's four summer interns. Due to a schedule conflict, the fourth intern -- Boston University Computer Science major Allan Wirth -- was interviewed separately.Wirth will be a senior this fall and hopes to embark on a career in web security. The work he did for Akamai will serve him well to that end. Under the supervision of InfoSec's

Bill Brenner

Bill Brenner

August 14, 2014 9:36 AM

Public Compliance Docs: The List So Far (Updated)

As previously noted, Akamai InfoSec has been working to make its most sought after compliance documents publicly available. The goal is to make it easier for customers to access the answers they regularly seek, and also to show potential new customers how we operate. We're building the foundation in the form of a compliance page on the Akamai Security microsite, and hope to publish up to two fresh public docs a