Akamai Diversity

The Akamai Blog

Matt Soares.jpg

 

 

 

 

 

 

 

 

 

 

When Matt Soares was offered a role at Akamai, it was the flexibility that sold him. "It allowed me to make it my own and I thought that was pretty cool!" he said. Today, Matt is the lifeline of the Akamai Americas campuses as the manager of facilities operations. If a employee's  office isn't below freezing, they can probably thank him. During his days at Akamai, he's involved in office functionality and in the planning of the new Cambridge headquarters building. He's also a chronic cereal wolfer and a big fan of his newest cooking accessory. Matt recently shared a little about his professional and personal experiences, his biggest challenge, favorite mistake and go-to winter pastime.

Vulnerability found in Apache Struts

On Monday, March 6th, the Apache team patched a vulnerability in Apache Struts2 framework.   Apache Struts is an open-source web application framework for developing Java web applications.  The vulnerability exists in the Jakarta Multipart parser, which can be tricked into executing attacker-provided OGNL code. The impacted versions are 2.3.5 through 2.3.31, and 2.5 through 2.5.10 of the Apache Struts framework.  If you are currently running an affected version of the software, malicious users could execute code on the system remotely by using a maliciously crafted Content-Type header.  Successful exploitation does not require the user to be authenticated. Apache has classified the vulnerability as a "possible remote code execution"; however, the vulnerability is easy to exploit and allows code to be executed using the user context of the account running the Tomcat server. At least two working exploits have been seen in the wild already.

With the acquisition of Soha Systems, Akamai's vision of bringing a simpler, more secure access approach to the enterprise is now available. We have blogged about this, most notably an excellent piece penned by Lorenz Jakober titled "Secure Enterprise Access Needs to Evolve".

If this is a new topic for you, the case for enterprises needing a new access model is:

  • VPNs, a staple of IT Networking for more than twenty years, have failed to evolve to meet today's remote access requirements.
  • Today, employees are mobile, and need to access applications hosted in different clouds and physical datacenters.
  • In increasing numbers, enterprise contractors, partners and customers - the global partner ecosystem - are also accessing "behind-the-firewall" applications. 
  • Using traditional VPNs to support these requirements brings increased complexity and support overhead to both IT and InfoSec teams. 

Today, we published the Fourth Quarter, 2016 State of the Internet / Connectivity Report.  This issue of the report concludes its ninth year of publication.  Over that time, everyone involved with the report at Akamai has worked hard to make it one of Akamai's most successful thought leadership programs.  And of course, our readers have made the report a success through their ongoing interest in, and use of, its data, effectively making it a de-facto reference within the broadband industry.

Mobile App Users: The Next Generation

What does the morning of a typical mobile user look like? It's probably something like this:

  • 6:00 a.m. - Your alarm wakes you up and automatically starts increasing the brightness to your bedroom lamps. The snooze button is not an option today!
  • 7:00 a.m. - On your morning run, you track your total mileage and pace, and then share your workout details and scoreboard on Facebook.
  • 8:00 a.m. - You check your phone to make sure your train is on time, you can't be late to work!
  • 8:15 a.m. - You catch your train and check Facebook, LinkedIn, Snapchat, and your standard news apps to get up to speed.
  • 8:30 a.m. - As you get off your stop, you choose your coffee order and pay for it, so it's ready and waiting for you - no more waiting in line at Starbucks!
  • 8:45 a.m. - With coffee in hand, you walk to the office and check your office slack, Skype, and Whatsapp groups to prepare for the day ahead.
  • 9:00 a.m. You enter the office and get your day started.

So...what do all of the activities above have in common? Mobile apps. And in the first three hours of a day, it's totally normal to have interacted with 10+ apps to accomplish a variety of tasks. This is the reality of today's mobile user.

Fighting Cybercrime with DNS

I recently sat down with Steve Saunders of Light Reading to talk about the role DNS plays in understanding and fighting emerging cyberthreats. In the interview, we went through the highlights of Nominum's, now part of Akamai, recent Data Science report, in which our Data Science team studied more than 15 trillion queries over a three-month period and reported on the world of cybersecurity through the lens of DNS, uncovering trends in phishing attacks, DDoS, the Mirai botnet, Locky ransomware, IoT-based threats and more.

On Web Cache Deception Attacks

Summary

On Monday, February 27, 2017, security researcher Omer Gil published a blog post laying out a data exfiltration method called a "Web Cache Deception Attack." The attack leverages web caching functionality to potentially expose sensitive information or allow for account takeover (ATO) attacks. Caching is often used to reduce load and time-to-delivery for a web server receiving requests for content, but this attack shows ways in which, given certain web configurations, the caching feature can be misused to serve content not intended for caching. Both the caching proxy and the origin site can have individually valid configurations, but in concert lead to unexpected behavior in light of this new attack method. This attack affects all forms of web caching and is not limited to proxies or Content Delivery Networks (CDNs). Akamai is actively working with customers to identify configurations which may be affected and assist them in protecting their sites against this attack.

On memory overflow and responses

On February 23, 2017, Cloudflare released information on a bug that was disclosed by Google security researcher, Tavis Ormandy, in their content delivery network. The bug potentially exposed sensitive customer data to the Internet. Approximately 1 in every 3,300,000 HTTP requests may have contained potentially sensitive information.  This information would normally be stored and cached by users and search engines as part of normal website sessions.  This bug is similar to Heartbleed, in that uninitialized memory was accidentally being sent along with regular data. Unlike Heartbleed, which required malicious requests, this bug was in Cloudflare's HTML parser code, which means that sensitive data could be sent as part of normal client requests.

How the cloud streamlines video workflows

Rock, meet hard place.

On the one side, sophisticated audiences are watching more video online and demand ever-higher quality. On the other, your challenge to simply deliver - keeping in mind scalability, workflow complexity, and cost.  

Three keys to victory in the OTT video race

The numbers are impressive.

By 2020, Digital TV Research predicts the Over-the-Top (OTT) video market will be worth $55 billion in consumer spending. In the U.S., the average OTT-enabled household already has 1.4 subscriptions to providers such as Netflix and Amazon, and that number is rapidly increasing. In China, eMarketer expects subscription video on demand to increase by a stunning 1,400 percent in the next five years.