Akamai Diversity

The Akamai Blog

The Dark Side of APIs: Part 1, API Overview

Ryan Barnett, Principal Security Researcher, Akamai

Elad Shuster, Senior Security Researcher, Akamai

 

API Overview

Application Programming Interfaces (API) are a software design approach which enables software and system developers to integrate with other systems based on a defined set of communication methods. APIs serve as software building blocks and allow for software reuse - essentially allowing fast development of new systems based on existing capabilities.

How smart is my smart TV?

Some weeks ago, my friend asked me the headlining question while we were having a random argument about electronics. I found it to be an interesting one, particularly because it underlines the current mindset towards security of electronic devices communicable over computer networks.


Overview

Credential abuse (CA) is a trend that is here to stay. It affects almost every one of us. There are attackers trying to break into every online account and the vast majority of these attacks are happening silently in the background. In the past, credential abuse tools were written and distributed in closed forums and among air-gapped societies. Now, they are widely available; there is a highly active market trade of "cookbooks" - configurations and instructions on how to perform successful logins against a website.

 

Illuminating the Path to Digital Maturity

Research By Akamai and Forrester Sheds New Light on Digital Experience Challenges and Opportunities

Nearly every business today is striving to create and deliver digital experiences that stand apart. But it's no small task turning those visions into reality. Moreover, there's little room for error. Complicating matters is the never-ending introduction of new technologies, approaches, opportunities, and challenges.

Zero Trust and the Slowly Boiled Frog

Disclaimer: No actual frogs were harmed in the writing of the blog post. We wouldn't do that. We like frogs.

What is Zero Trust Networking?

The Zero Trust security model was proposed by John Kindervag of Forrester Research back in 2010. The concept is that the traditional trust model of "trust, but verify" is no longer valid; instead we should "never trust, always verify".

By Arlen Frew 

Top-level Domain (TLD) operators are focused on making the Internet a better and safer place, enabling name registrations, and maintaining the DNS namespace in support of their stakeholders.  The entire Internet ecosystem, including TLDs, is always looking for ways to improve security. This is especially important as everyone and everything gets connected and awareness of the adverse impact of malicious online activity increases.  Some TLD operators are also looking for ways to supplement their revenue streams to better serve the breadth of economic, cultural, and linguistic needs of their constituents, and to meet policy requirements unique to their region or vertical emphasis.

Days of clear-text HTTP, the original but insecure foundation for data communication over the web, are numbered. Over the past few years, Google (and others such as the Internet Architecture Board, Mozilla, and Apple) have nudged developers to encrypt and authenticate their websites using HTTPS which layers HTTP over TLS (Transport Layer Security). This includes measures such as ranking HTTP sites lower in Google search results, not supporting powerful features such as geolocation and service workers, and marking a large subset of HTTP sites as "not secure". As a result, there has been a significant increase in the adoption of HTTPS, resulting in a more secure World Wide Web.

memcached, now with extortion!

Over the past week, memcached reflection attacks have taken the DDoS scene by storm.  With several attacks hitting organizations across many industries, including a record breaking 1.3Tbps attack against an Akamai customer.  Akamai has observed a new trend in extortion attempts using memcached payloads to deliver the message.

 

Memcached-fueled 1.3 Tbps attacks

At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of our customers, a software development company, driven by memcached reflection. This attack was the largest attack seen to date by Akamai, more than twice the size of the September, 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed. Because of memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long.

 

Survey Says: So Long Grey Skies - Telecoms 2018 Outlook

Nominum, a part of Akamai, recently partnered with Telecoms.com to survey over 1,500 telecom professionals to get a sense of their concerns, initiatives and expectations for 2018. The findings are captured in the report Telecoms.com Annual Industry Survey 2017.