Akamai Diversity

The Akamai Blog

Recently by Bill Brenner

Bill Brenner

Bill Brenner

January 9, 2014 8:27 AM

Like Skipfish, Vega is Used to Target Financial Site ...

Yesterday, we told you about how attackers were exploiting the Skipfish Web application vulnerability scanner to target financial sites. Since then, Akamai's CSIRT team has discovered that another scanner, Vega, is being exploited in the same manner. Skipfish and Vega are automated web application vulnerability scanners available by free download. Skipfish is available at Google's code website and Vega is available from Subgraph. These are scanners intended for security professionals to evaluate

Bill Brenner

Bill Brenner

January 8, 2014 5:56 AM

Attackers Use Skipfish to Target Financial Sites

Akamai's CSIRT team has discovered a series of attacks against the financial services industry. In this instance, the bad guys are exploiting the Skipfish Web application vulnerability scanner to probe company defenses. Skipfish is available for free download at Google's code website. Security practitioners use it to scan their own sites for vulnerabilities. The tool was built and is maintained by independent developers and not Google, though Google's information security

Bill Brenner

Bill Brenner

January 7, 2014 7:37 AM

Why I'm Attending ShmooCon 2014

Here at Akamai, we're busy preparing for RSA Conference 2014. It's the biggest security conference of the year, and we send a platoon of employees every time. Given our role in securing the Internet, it's a no-brainer.But there are many other conferences we attend each year, because:We have a lot of information to share about attacks against Akamai customers and how the security team continues to successfully defend against them.We

Bill Brenner

Bill Brenner

January 6, 2014 7:07 AM

Security Predictions? Here Are Some Facts About 2014

I've said it before and will repeat it here: I absolutely loathe security predictions. I have nothing against those who make them. It's just that most predictions are always so much duh. The rest are marketing creations that have no attachment to reality. Examples of the self evident:Mobile malware is gonna be a big deal.Social networking will continue to be riddled with security holes and phishing attacks.Microsoft will release a lot

Bill Brenner

Bill Brenner

December 18, 2013 5:19 AM

Akamai Security Compliance: The Story So Far

Continuing our weekly series of security anthologies, we focus today on Akamai compliance procedures. We're currently in the midst of an ongoing series on how Akamai approaches it, but the following content presents the story thus far. Four Things to Ask Before Seeking FedRAMP Certification For a look at how we reached FedRAMP certification, I spoke with Akamai InfoSec's Kathryn Kun, the program manager who played a critical role in

Bill Brenner

Bill Brenner

December 17, 2013 5:25 AM

Security at Planetary Scale: An Anthology

We continue this week's series of anthologies with a collection of posts about security at planetary scale.Environmental Controls at Planetary ScaleEach data center in a planetary scale environment is now as critical to availability as a power strip is to a single data center location.  Mustering an argument to monitor every power strip would be challenging; a better approach is to have a drawer full of power strips, and replace

Bill Brenner

Bill Brenner

December 16, 2013 6:35 AM

Attack Techniques and Defenses: An Anthology

Akamai's security team defends customers from a variety of threats 24 hours a day, seven days a week. You name it: DDoS attacks, DNS-related attacks, vulnerability exploitation -- we've seen it all. What follows is a collection of posts focusing on attack techniques and the defenses we have deployed and/or suggested. Indonesian Attack Traffic Tops List; Port 445 No Longer Main TargetIndonesia replaces China as the top producer of attack

Bill Brenner

Bill Brenner

December 12, 2013 9:03 AM

Akamai CSIRT Warns of DNS Record Hijacking

In recent weeks, Akamai's CSIRT team has seen the Web sites of multiple businesses redirected after being hijacked by a malicious user. CSIRT's Patrick Laverty, who authored the advisory, said the intent of these hacks can include the redirection and capture of all company email to a rogue server, or to simply cause embarrassment to the company being affected.For more on this topic, see "The DNS Security Collection"The problem is

Bill Brenner

Bill Brenner

December 10, 2013 6:16 AM

How Origin Offload Improves Patch Management

I frequently write about patching updates, believing its important for customers and the wider business world to keep their machines as updated as possible. But until now, I've never written about the direct role Akamai plays in smoothing the patch management process along.This is a post about origin offload and how it keeps the patch downloading sites of various companies from getting crushed beneath the weight of heavy demand