Akamai Diversity

The Akamai Blog

"Don't work for recognition, but do work worthy of recognition" - H. Jackson Brown.

A friend sent this quote to me after I explained to her my ambivalence about being recognized by Gartner as a "Leader" in their Web Application Firewall Magic Quadrant.  I had mixed feelings because I wanted to believe that I knew the market, I knew our competitors, and I certainly already knew what our customers were telling us about our Web Application Firewall.  Our customers are happy.  The product is getting better.  Market share is growing in a growing market.  I didn't need someone else to tell me we were a leader!   In other words, like most - if not all - of my colleagues and friends, I want to feel intrinsic pride in the work that I do. 

Week 5 of the Girls Who Code program at Akamai was action-packed. The class attended a User-Experience (UX) workshop onsite at Akamai's headquarters in Cambridge, Mass. The instructors, formerly of Twitter and currently Google UX experts, led the girls through an activity in which they designed their own photo-sharing application.

A Rich Policy Language for the DNS

For many years ISPs in certain parts of the world have been required by their regulators/governments to redirect certain websites that were deemed malicious or suspicious. DNS offered a straightforward way to do this; and Nominum, now part of Akamai, is a DNS company, developed an early mechanism using a DNS zone file that made it simple for ISPs to comply. The technology was originally named "Malicious Domain Redirection" (MDR), and it basically allowed DNS server operators to perform a single action for a given domain name. Actions could be categorized so that each action or redirection did not have to be repeated.

Part 2: Reading SPAM For Research

A couple weeks ago, I posted a blog that is a follow up of an article I published in Information Security Magazine. In that post I wrote about collecting phishing samples and identifying domain squatters that might be looking to harvest information from their target. This is the final blog entry derived from that article and I'll be discussing a phenomenon that has been dominating the media recently - Fake News.

The summer is flying by, and we have reached the mid-point of our Girls Who Code Summer Immersion program. Our students are smart, engaged, learning a ton, and seem to be having a lot of fun!

Get Ready For The Holidays With Cloudlets

It's summer, which means it's time for hitting the beach, enjoying outdoor barbeques with friends and family, going for hiking, biking, kayaking and savoring cold craft beers. But for savvy retailers like you, summer is the ideal time to start getting your apps, websites and infrastructures ready for the holidays.

Larry's Cabinet of Web Vulnerability Curiosities

One of my responsibilities as a member of the Akamai Security Intelligence Response Team (SIRT) is to research new web application vulnerabilities. For the last year, I have focused on Wordpress plugin vulnerabilities, and looking for any interesting code tidbits in my box of Wordpress toys.  There are almost 50,000 wordpress plugins (at time of publication) and Wordpress is the Content Management System (CMS) of choice for over 30 million websites. This creates a very large Internet footprint.  I've been asked if I have any 0days or interesting research tidbits that I've come across and would be willing to share.  The answer is, "No, I don't have high value 0days to sell on the dark web!"

Winning at Launch Time

Your extraordinary work on game development through concept to crunch, your tireless community building, brand awareness, and engagement all converge on one moment: Launching the game.

Is it possible to ever finish building a video game? The longer the dev cycle, the more likely it is you'll run out the clock on tech, slipping down the slope toward obsolescence. The more time you give your team, the more features and assets they'll want to include and incorporate.

Ransomware has changed a lot since it was introduced back in 1989 by Dr. Joseph Popp, where 20,000 floppy disks were distributed via snail mail. The malware hid files on a victim's hard drive and encrypted only the file names, rather than the entire files themselves. As one might assume, the entire remediation process was manual, rather than digital. Popp's program asked victims to print the ransom note and send $189 to a bank in Panama. When he was caught, he was determined unfit to stand trial. All the money he obtained was donated to AIDS research.

Part 1: Reading SPAM for Research

 I recently wrote an article for Information Security Magazine where I explained how internet security researchers could use their spam folders as a resource tool.  It got me thinking about going into greater detail on what I've found in my inbox.

Phishing Sites

I noticed an increase in "free gift cards" and other e-commerce type offers in my spam email account around Black Friday the day after Thanksgiving, which didn't subside until the end of the holiday season, several weeks later. These e-mails claimed to offer me a free $50 dollar Amazon gift card. When I click the link it leads me to a bogus but almost legitimate looking Amazon login site in an attempt to nab my login credentials.  The broken TLS lock icon and odd looking URL are a dead giveaway as to suspect this site isn't legitimate.