Akamai Diversity

The Akamai Blog

Web Security in Healthcare Matters

It's hard to miss all the media attention surrounding data breaches in healthcare.  If you're involved in information security at a healthcare organization, it's no surprise to you that more than 143 million individuals have been affected by data breaches since HHS started tracking incidents in September 2009.

WAF: False Positives vs. False Negatives

I said in my last article that one of the key factors when it comes to judging the effectiveness of a WAF is accuracy. There is a metric that, measured in an objective way, provides an unmistakable view of quality and accuracy of a WAF solution: false negatives and false positives.

Defining OTT Webinar Series

All indications are that Over-the-Top (OTT) video services will attract larger audiences, be delivered at higher bit rates, and provide viewers with more entertainment options than ever before, all of which can further complicate your already complex media strategy.

Please join me on Wednesday, December 9th at 2PM ET/11AM PT as we define and discuss the rapidly shifting OTT 2.0 landscape. Whether you've already launched a new OTT service or you're still exploring where you fit in, I'd like to share strategies for helping you win in this increasingly competitive market.

The in-depth presentation will be followed by a live Q&A session. I look forward to your participation!

John Bishop
Akamai
CTO, Media Business Unit

Register Today

Now Available: Q3 State of the Internet Security Report

The Q3 2015 State of the Internet Security Report is now available for download at www.stateoftheinternet.com/security-reportAmong the highlights: a continued upward trend in DDoS attacks, and attacks fueled by the easy availability of DDoS-for-hire sites that identify and abuse exposed Internet services, such as SSDP, NTP, DNS, CHARGEN, and even Quote of the Day.

Winning Web Performance - Takeaways from Akamai Edge Part 1

At the Akamai Edge Conference some of the world's biggest, most innovative brands shared ways they move their online businesses faster forward using Akamai. In a multi-part blog post series, we'll be sharing the most valuable lessons learned in the Web Performance space.

WAF. Under myth-busters' scrutiny.

Tangina Barros, the medium in the Poltergeist film series, taxes and Internet security.
These three things have in common that they scare, they intimidate and they may keep you awake at night. With regards to the first two topics, the only thing I can do is remember that Poltergeist is just a movie, seriously, just a movie (I keep saying that to convince myself, quite unsuccessfully, though) and that with the adequate online help, tax filling can be done without making mistakes (I also keep saying that, with the same purpose, and the same futile outcome). But still, I sleep with one eye open.

Web Security Lacking at Hospitals

While hospitals are ramping up security efforts to protect information, a large percentage of them are vulnerable to attacks on their web sites.  Less than two-thirds of hospitals participating in a recent survey reported having on-premise web application firewalls in place, and fewer than half reported having defenses in place to thwart distributed denial of service (DDoS) attacks.  Read more here.

Last of OWASP's Top 10 Still a Potent Threat


Open redirection is the last item on the OWASP Top 10, and it is considered a Web application functionality that can be used by attackers to redirect users from trusted domains to untrusted domains. But it is a potent problem, as Akamai's Threat Research Team discovered in their research on an unusual malicious SEO attack campaign that abused Web applications' open redirect functionality.

Developing a PoC Step by Step

I've received numerous questions about how I found so many Wordpress plugin vulnerabilities and how to write the exploits that were essential to the research.  I'll be honest, it's not hard if you have some experience in php programming and basic knowledge of secure programming.  To simplify things, we will narrow down certain traits of what plugins to examine.

Cyber Monday: DDoS vs. Flash Mob

Today is Cyber Monday, which is historically the day when many retailers encourage online holiday shopping. Online retailers may see large spikes in traffic to their sites. It is possible that some may interpret these spikes as a DDoS, but in reality it may be what we refer to as a "flash mob". 

A flash mob is a large amount of legitimate traffic being sent to a specific site. One way we can often differentiate between a flash mob and a DDoS is by the number of requests per client. A DDoS can have a high or low number of clients with a very high number of requests each client. A flash mob will have a very high number of clients but a relatively low number of requests per client. This is because in the flash mob, the client requests are being sent from a human and not an automated script. 

The remediation of a flash mob is cache offloading, so as much content as possible can be served from the edge and leave the origin servers for tasks that only they can do.

If you are an Akamai customer who feels they are being attacked with DDoS traffic, please follow the usual incident protocols and contact your Customer Care representative, but Akamai's SIRT is also available to assist and to investigate deeper into the traffic.