Get In Touch
Recently by Or Katz
Overview Can you imagine anyone buying a car without airbags and without seat belts? I bet you can't! So why is it that we buy computers without Antivirus software already installed, home routers without a firewall already installed or connected devices (IoT) that are lacking proper security controls?
Have you ever tried to login to your favorite website and mistakenly typed the wrong user name and password once, or even twice? I bet you have. And what about submitting a third consecutive false attempt? In most cases, at that point a secure website will start questioning the integrity of your actions. From a defense point of view, websites should suspend and limit false login attempts to confirm authenticity
Yearly Review 2016 was an exciting year; a year in which hazards related to the Intent of Things (IoT) became trendy small talk in many living rooms around the world. For us, the members of the InfoSec community, it was the year when the security risks of IoT devices evolved from being theoretical to becoming a practical problem to us all. It was the year in which we all realized
Boolean Operator Different cultures and nationalities have different naming conventions; I came from a one that led me to face the universe with a personal name "Or". I fact, my name has different meanings in different languages. In English the meaning of "Or" is function word that indicate alternatives and in computer coding languages the name "Or" is being used as Boolean operator that enable us to write conditions in
Akamai Edge conference is here and I'm really excited to share some of my insights and thoughts about credential abuse attacks in my session "Akamai Threat Research into Credentials Abuse". Credential abuse attacks become a common disturbing threat in recent years, a successful credential abuse attack campaign can result with a potential damage that include losing access and control over the accounts, data breach and even fraudulent transactions.
A year ago Akamai's Threat Research Team exposed a "Blackhat Search Engine Optimization (SEO)" attack campaign. The goal of the campaign was to manipulate search engines rankings and grow visibility for a web site that allows users to share their cheating and infidelity stories.
A common defensive rule of information security is that once you detect an attack against your organization's Web applications, you must mitigate the attack by stopping it. In other words: "stop it once you can." But what if the rules of the defenders vs. attackers "game" have changed and the teams are not playing in the same league anymore? For example, here are some of the "game" changers from recent
When we were young, we had fun playing hide and seek. As 5 year olds there were a limited number of places our friends could hide, and we could methodically check each one and then giggle when we found them. As we grew older, we expanded the boundaries of the game. Today, as security researchers, hide-and-seek is no longer so fun because the boundaries are nearly infinite. How do you
Open redirection is the last item on the OWASP Top 10, and it is considered a Web application functionality that can be used by attackers to redirect users from trusted domains to untrusted domains. But it is a potent problem, as Akamai's Threat Research Team discovered in their research on an unusual malicious SEO attack campaign that abused Web applications' open redirect functionality.