Akamai Diversity
Home > Web Security

Recently in Web Security Category

The Q1 2015 State of the Internet - Security Report is due out next month, and we think the week of RSA Conference 2015 is a good time to start previewing sections.

Yesterday we reviewed the potential security risks of widespread IPv6 adoption. Today, we look at the continuing trend of website defacements and DNS Hijacking.

Q1 2015 SOTI Preview: IPv6 Security Challenges

The Q1 2015 State of the Internet - Security Report is due out next month, and we think the week of RSA Conference 2015 is a good time to start previewing sections.

Let's begin with the potential security risks of widespread IPv6 adoption.

An Evening With Akamai and AT&T During #RSAC 2015

As RSA Conference 2015 attendees continue to finalize evening schedules, here's a suggestion: Come by our event with AT&T. Meet and mingle with Akamai, AT&T and your fellow security professionals. Enjoy libations and hors d'oeuvres.

The Burritt Room,
Mystic Hotel

Date & Time:
Wednesday, April 22
7:30-10:30 p.m.

Register today to attend this invitation-only reception at Burritt Room in the historic Mystic Hotel just North of Union Square in San Francisco.

Hope to see you there!


Agenda for #BSidesSF 2015

A lot of attention is on RSA Conference 2015, which commences a week from Monday. But let's not forget that BSidesSF is also that week. Below is a full agenda for the event, which is April 19 and 20 at the OpenDNS offices at 135 Bluxome St., San Francisco.

Long Live the Botnet

Botnets are, in many ways, living organisms. They are formed by their creators - both malicious and benign - and then roam the internet. Much has been written about good and bad bots, but not much as been written about the lifecycle of the bot. Do Bots die? If so, when? What is the average life-span of a good bot? A bad bot?

Your 2015 Survival Guide for #rsac and #BSidesSF

It's two weeks until RSA, the biggest security conference of the year. For first-timers, this is the time to start preparing and understanding what lies ahead. It can be an overwhelming experience, with two loud exhibit halls, too many evening events to count on two hands, and so many talks it can be hard to choose what's best for your interests.

To that end, here's some advice for RSA 2015, which takes place April 20-24 at the Moscone Center in San Francisco:

After last week's news that RSA Conference 2015 will ban so-called booth babes, I heard from a lot of people who agree vendors need to find other ways to attract attention during security conferences. Others felt the issue was nothing but useless security industry drama, but there is a lesson in this discussion for marketers.

One reader told me the use of booth babes isn't the result of bad intentions. It's just that some marketing teams don't know any better. They assume the booth babes work because they see others using them. I think there's some truth to that.

So I've decided to give marketing practitioners some examples of successful exhibits that succeeded without the sex.

Here are four examples of exhibits that won on the strength of the security message. They use other gimmicks, to be sure, but in my opinion they are more about creativity than exploitation. Feel free to disagree with what follows, or share other examples of displays that worked.

State of the Internet Security Podcast, Episode 1

Welcome to the inaugural episode of Akamai's State of the Internet Security Podcast. This will be an ongoing podcast series where I talk to Akamai security researchers about the threats they are tracking and the defenses they identify.

Episode 1 takes us to a fairly new attack technique that exploits Microsoft's SQL Server Resolution Protocol.

Our research team recently discovered that the bad guys are using a reflection-based tactic to tamper with the Microsoft SQL Server Resolution Protocol and launch DDoS attacks.

Akamai first spotted attackers using the technique in October. But last month an independent researcher studied another such attack and we were able to replicate it by creating a script based on Scapy, an open-source packet manipulation tool.

Joining me to talk about this is Akamai PLXSert Principal Researcher Rod Soto.

Full episode here.

MIT's Fourth STAMP Workshop This Week

This week, MIT holds its 2015 STAMP Conference. Staff from Akamai InfoSec will participate in this event, which makes perfect sense given our close ties and history with MIT.


OpenSSL Vulnerability Details Released

Akamai is aware that details are now available for the OpenSSL vulnerabilities we first told you about on Tuesday. The full OpenSSL Security Advisory is available here and outlines 14 different issues.

At this time, most of the issues don't appear to affect Akamai, though we continue to investigate.

One of the high-severity vulnerabilities affects OpenSSL v1.0.2., which Akamai does not yet use.

Another issue, outlined in CVE-2015-0204, was previously addressed when we turned off export ciphers. More details on that are available here and here.

If our investigation uncovers additional risks, we will use additional blog posts and Luna advisories to update customers on how we are affected and what we're doing about it.

More Akamai perspective on patching and vulnerability management: