Akamai Diversity

The Akamai Blog

Akamai SIRT Alerts

Akamai SIRT Alerts

July 18, 2016 12:12 PM

Akamai Mitigates httpoxy Vulnerability

Dominic Scheirlinck and the httpoxy disclosure team disclosed a vulnerability on Monday, July 18th that affects many PHP and CGI web-apps. Many origin web applications (particularly PHP and CGI applications) unsafely trust the "HTTP_PROXY" environment variable when generating forward requests. The CGI spec (which PHP also follows) calls for the incoming header to be converted to an environment variable before executing the cgi application. The conversion specifies that "HTTP_" be

Akamai

Akamai

July 13, 2016 2:48 PM

See You at American Banker's CyberSec 2016 Conferenc ...

I am excited to attend American Banker's new conference, Cybersec 2016 in NYC on July 19. This is a new conference for American Banker and it is bringing together some great speakers from USAA, Bank of the West, BBVA and many other innovative financial institutions. I am particularly looking forward to hearing Frank Abagnale speak - I really enjoyed his book "Catch Me if You Can"!

Akamai

Akamai

July 5, 2016 10:19 AM

Are bots muddying your marketing analytics?

In short, most likely. Bots have become a hot topic with many retailers lately as security has become a higher priority. Malicious bots can be part of a Distributed Denial of Service (DDoS) attack or efforts to extract valuable customer data, or both.

Miguel Serrano

Miguel Serrano

June 23, 2016 11:15 AM

How real can fiction become?

It is interesting to see how fiction can affect our judgement or, at least, our opinions. Below, what you have is an excerpt (the first chapter) of a draft of a novel that I have come across and made me think a lot. Bear with me: read this entire article and then come back to this post. If nothing else, you may enjoy 4 minutes of literature.

Akamai

Akamai

June 15, 2016 10:35 AM

Machine Learning - The new bicycle of the mind

I was on a flight to Brazil last night to kick off a week of meetings with partners and customers in Latin America. During the eight-and-a-half-hour flight from Atlanta, I got an opportunity to watch a few movies I've been meaning to catch up on, and on the top of the list was Steve Jobs. There's a scene near the end of the movie where Steve is trying to recruit

Ryan Barnett

Ryan Barnett

June 10, 2016 10:15 AM

Web Application Defender's Field Report: Account Tak ...

I am scheduled to give a security talk next week at the Gartner Security Summit entitled: Web Application Defender's Field Report. In the talk, I will be covering statistics and technical details of web application attacks from our just released State of the Internet (SOTI) Report for Q1 2016. One of the more interesting details of the report centers around the analysis of massive Account Takeover (ATO) attack campaigns that

Helen Yang

Helen Yang

June 8, 2016 9:02 AM

How to Better Understand the Bot Ecosystem

Jason Miller, our chief strategist of Commerce, was recently published in Retail TouchPoints magazine. In his article, How to Better Understand the Bot Ecosystem, Jason talks about the different ways to distinguish between good bots and bad bots and how the distinctions change across applications and environments.

Akamai SIRT Alerts

Akamai SIRT Alerts

June 2, 2016 10:00 AM

Q1 2016 SOTI Security Preview: Reflection DDoS Attac ...

By Akamai SIRT Two quarters ago, we introduced Sankey diagrams to the State of the Internet: Security Report. Sankey graphs help visualize energy, material, or cost transfers between processes. The Sankey graph below shows how DDoS reflection attacks have trended during the past five quarters. We tracked ten infrastructure-layer DDoS-reflection vectors. The most used vectors seem to correlate with the number of Internet devices that use these specific service protocols

Akamai SIRT Alerts

Akamai SIRT Alerts

June 1, 2016 10:00 AM

New DDoS Reflection/Amplification Method Exploits TF ...

Akamai SIRT is investigating a new DDoS reflection and amplification method that abuses TFTP. This is yet another UDP-based protocol that has been added to the list of DDoS amplification scripts available for malicious use. A new advisory authored by Jose Arteaga outlining the threat and suggested defenses can be downloaded here.