Akamai Diversity
Home > Bill Brenner

Recently by Bill Brenner

PLXsert Eyes Spike in SNMP Reflection DDoS Attacks

Akamai's Prolexic Security Engineering Response Team (PLXsert) has seen a significant resurgence in the use of Simple Network Management Protocol (SNMP) reflection attacks this past month.

In an advisory, PLXsert said these DDoS attacks abuse the SNMP protocol, which is commonly supported by network devices such as printers, switches, firewalls and routers.

More Bricks of Security Enlightenment

Akamai Security Advocate Dave Lewis (@gattaca on Twitter) continues his prolific blogging on CSOonline. He has also begun writing for Forbes. What follows are his posts so far for May 2014. We begin with his inaugural Forbes column.

Public Research Docs: The List So Far

Akamai InfoSec has slowly been making its security advisories public. What follows is a list of what has been released so far. 

These can be found in the security research section of the Akamai Security microsite.

Web Security Buzz

Each week, we compile a list of headlines trending on social media and distribute it internally via a newsletter called "Web Security Buzz." We recently decided to start running a public version via this blog.

What follows are some of the stories we've been keeping an eye on for the past couple of weeks.

Microsoft's May 2014 Patch Load

Microsoft released it's May 2014 Security Update Tuesday. The latest vulnerabilities to be addressed affect everything from Windows, Internet Explorer and Office to Microsoft Server Software, Productivity Software and the .NET Framework.

Internet Disruptions Possible During World Cup 2014

Researchers from Akamai's CSIRT team warn of potential Internet disruptions during the upcoming World Cup event. FIFA's World Cup will be held in Brazil starting June 12.

At the 2010 World Cup hosted in South Africa, some 3,170,856 spectators attended 64 matches. FIFA is again distributing a total of over 3,000,000 tickets for the tournament, where Brazilian and international visitors will attend football (soccer) matches in 12 cities across Brazil. Akamai anticipates increased Internet traffic to and from Brazil throughout the tournament.

Podcast: CSO Andy Ellis on Heartbleed

By now, most of you are aware of the Heartbleed vulnerability that sent shockwaves through the tech industry. Like many of you, Akamai had to work overtime to ensure our customers were protected.

We did that, but as is the case with any large security threat, we continue to be vigilant and, while letting everyone know what we did to keep them secure, we're looking back at the lessons learned and how to turn it into even better security going forward.

The details in this episode are not new, as CSO Andy Ellis has blogged at length about it. I've included those links below. But with so many of us working overtime to address Heartbleed, this was my first opportunity to sit down with Andy and discuss it.

imgres.jpg

Related posts:


Microsoft has released advance notification regarding the security updates it plans to release Tuesday. It looks like a busy month of patching ahead. The breakdown is below.

BSides Boston 2014: HallwayCon

As I noted in previous posts, LobbyCon is an important part of any security conference experience. At BSides Boston Saturday, attendees will enjoy the ritual with a special twist.

Organizers call it HallwayCon. A description from the BSides Boston website:

First come, first served! (Sign-up and put your name and topic on the board!) These lightning talks are 15-minute each and will go throughout the entire day.

A variation of this happened during one of the SOURCE Boston after-events last month. That time, folks were encouraged to speak on a topic at a table in one of the local pubs. I enjoyed it, though it was a bit hard to hear everyone from the other side of a packed table. The BSides Boston version will surely take it to the next level.

talks.jpg

BSides Boston 2014: Dan Geer and Heartbleed

I first met Dan Geer 10 years ago, after he debated Microsoft's Scott Charney on the "Microsoft Monoculture" at a USENIX event in Boston. I was just starting to write about security and the man intimidated me. His intellect and speaking style were light years beyond anything I had comprehended before. As a news reporter, you talk to a lot of police officers, firefighters and politicians who speak in plain, familiar terms. Dan Geer was something else entirely.

Over the years, I got to interview him several more times, and he became a personal favorite among all the security luminaries out there. 

Now CISO of In-Q-Tel, the strategic investment partner of the U.S. intelligence community, Geer will be speak at BSides Boston Saturday. He'll focus on Heartbleed.