Akamai Diversity
Home > Ory Segal

Recently by Ory Segal

HTTP2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred "on the wire" by introducing a full binary protocol, made up of TCP connections, streams and frames, rather than simply being a plain-text protocol. Such a fundamental change between HTTP/1.x to HTTP/2, meant that client side and server side implementations had to incorporate completely new code to support new HTTP2 features - this fact, introduces nuances in protocol implementations, which in turn, might be used to passively fingerprint web clients.

George Orwell once said, "International football is the continuation of war by other means" - as we will demonstrate in this post - Mr. Orwell was spot-on, according to statistics on web application layer attacks collected by Akamai's Cloud Security Intelligence platform, the 2014 world cup soccer matches spurred sophisticated cyber attacks between soccer-fan-hackers of competing sides.

HQL Statement Tampering

Executive Summary

"Hibernate is an object-relational mapping (ORM) library for the Java language, providing a framework for mapping an object-oriented domain model to a traditional relational database. Hibernate solves object-relational impedance mismatch problems by replacing direct persistence-related database accesses with high-level object handling functions." (Wikipedia)

According to a recent Java developer survey, Hibernate was ranked as the 2nd most popular Java framework.

In the past several weeks, Akamai was in a unique position to witness a massively orchestrated attack, designed to map Internet facing web servers that are susceptible to certain specific vulnerabilities.
Overview

According to Wikipedia, WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL, which runs on a web hosting service. Features include a plug-in architecture and a template system. WordPress is used by more than 18.9% of the top 10 million websites as of August 2013. WordPress is the most popular blogging system in use on the Web, at more than 60 million websites.