Akamai Diversity

The Akamai Blog

Bill Brenner

Bill Brenner

August 12, 2015 4:49 AM

Q2 SOTI Security Preview: Attackers Focus on SYN and ...

The Q2 2015 State of the Internet Security Report (SOTI Security) is due out in the next couple of weeks, and today we continue previewing various sections. Yesterday we told you about security risks that come into play when third-party plug-ins are used with Wordpress. Today we look at attack vectors the bad guys favored in Q2.

Bill Brenner

Bill Brenner

August 11, 2015 5:06 AM

Q2 SOTI Security Preview: WordPress and the Danger o ...

The Q2 2015 State of the Internet - Security Report (SOTI Security) is due out in the next couple of weeks, and today we begin previewing various sections. Let's begin with the potential security risks that come into play when third-party plug-ins are used with Wordpress. WordPress is the world's most popular website and blogging platform. Its ever-growing popularity makes it an attractive target for attackers who aim to exploit hundreds

Bill Brenner

Bill Brenner

August 10, 2015 5:09 AM

Before Q2's State of the Internet Security Report is ...

This month we'll release the Q2 2015 State of the Internet Security Report. Tomorrow, we'll begin previewing sections of that report in this blog.But before we begin, a look back at the previous quarter's report is in order. Such a review will better position readers to digest the new report and do some comparing and contrasting. Every report highlights a new trend, but we also see things that don't change

Mani Sundaram

Mani Sundaram

August 7, 2015 8:44 AM

Defending Against DD4BC Cyber Attacks

To date, over a dozen Akamai customers have been the targets of DD4BC, a group of cyber attackers who use a series of politely worded, yet increasingly threatening email messages to extort a 25 Bitcoin ransom (approximately $5,750 in US dollars) in exchange for stopping attacks on the victims' sites and number if victims is increasing. DD4BC starts out with what they call "small demonstrative attacks" that will not crash

Akamai

Akamai

August 6, 2015 12:51 PM

Details on the Cross-Site Request Forgery Vulnerabil ...

Earlier today (Aug 6, 2015) at the Black Hat Security Conference in Las Vegas, Bishop Fox, a security research and penetration testing firm, announced the discovery of a vulnerability that allows an outside actor to conduct a cross-site request forgery (CSRF)/Server-Side Request Forgery (SSRF) attack using a combination of exploits. This vulnerability relied on the Akamai platform in two ways: specially-crafted legacy resource locators (also called v1 ARLs) in combination

Akamai

Akamai

August 6, 2015 9:22 AM

Flash Boys & Web Performance on the Riviera Maya

I was ready for a relaxing vacation on the Mexican Riviera Maya where the warm waters and cool drinks would provide the backdrop for a great week.  Making the Internet fast, reliable and secure every day is demanding work so I was happy to temporarily leave my thoughts about Akamai at home, spend quality time with family, and sneak in a book that I've been wanting to read for a

Rich Bolstridge

Rich Bolstridge

August 4, 2015 11:49 AM

Quantum Dawn and the Need for Testing in Security In ...

Last night I watched an On Demand episode of The American Experience titled Blackout, which recounted the 1977 power failure in New York City and its lasting impact on city due to widespread looting and destruction. With the power completely out, the operators at Con Ed got to work restoring power using a manual that was last updated after another massive blackout - in 1965.

Akamai

Akamai

August 4, 2015 5:46 AM

Talk on CDN vulnerability at Black Hat USA 2015

Akamai is aware of a talk scheduled for Black Hat USA 2015 this week that will discuss some potential issues with platforms like ours. Mike Brooks and Matthew Bryant, security analysts at Bishop Fox, will give the following talk on Aug. 6: BYPASS SURGERY ABUSING CONTENT DELIVERY NETWORKS WITH SERVER-SIDE-REQUEST FORGERY (SSRF) FLASH AND DNS

Benjamin Brown

Benjamin Brown

July 31, 2015 9:03 AM

BIND DoS Vulnerability (CVE-2015-5477)

Akamai is aware of a recently disclosed critical vulnerability in BIND (CVE-2015-5477) that can be exploited to cause a denial of service. How does the attack work? An attacker can cause BIND to exit by using a constructed packet to trigger a REQUIRE assertion via defective handling of a TKEY query. How is Akamai affected? Akamai's Fast DNS / EDNS authoritative name servers do not run BIND and as