Get In Touch
HTTP Strict Transport Security (known as HSTS for short) is a security signal that instructs the browser to attempt all requests to your website using HTTPS. In short, with HSTS enabled, a modern browser will never attempt to visit your site on HTTP. Furthermore, the browser remembers this instruction for an amount of time you set. So the next time a user visits your website, their browser won't attempt a
By Bill Brenner, Akamai SIRT Senior Tech Writer Akamai's Security Intelligence Research Team (SIRT) continues to see the BillGates trojan/bot family of malware being used to launch DDoS attacks. Attackers who control the malware -- first disclosed on a Russian IT website in February 2014 -- can gain full control of infected systems. Akamai SIRT member Tsvetelin Choranov led the research effort outlined in this advisory.
I was about to hop on the Caltrain to San Francisco when I got the call. Over the metal on metal screech of the locomotive pulling into the station I could only make out the last few words, "to verify a few recent transactions". After boarding the train, I stood in the vestibule whispering for 20 minutes. It was my bank. Someone had gotten access to my debit card information
In this article we'll review how to handle known bot traffic. As discussed in the first part, you may not be comfortable serving content to all legitimate bots for various reasons. But even when you're willing to serve content to known bots, several options are available. Just like for unknown bots, you'll have to decide on the response strategy that works best for you.
In part 1 of this series we've discussed the difficult problem of differentiating the good vs. the bad. In this article we'll review how to go about defining a response strategy to manage bots that you think are bad for your business. First thing you'll have to decide is whether you want to serve any content at all to these bots. We recommend you do to keep the bot at
As you may have heard, Akamai recently introduced a new product, Bot Manager. I've been working at Akamai for close to 10 years and, in my past roles here (Technical Support Engineer, Enterprise Architect), I've had the opportunity to work closely with many customers who had issues with bots. Generally, this was about protecting the site against "bad bots" but also making sure that "good bots" were not impacted by
We're used to hearing about cyber attacks against financial institutions and retailers. But another industry faces a growing threat: Media. Digital media publishers strive to provide meaningful content and a user experience that will grow a dedicated base of content consumers. This allows the publisher to partner with and provide services to marketing and advertising concerns to build cash flow that can be used to further enhance the experience for
By Bill Brenner, Akamai SIRT Senior Tech Writer Akamai this week launches the first in a series about bots and scrapers, based on continued research by Akamai's Security Intelligence Research Team (SIRT). In the first installment, we discuss the various types of bots and scrapers that we have encountered, and how you may want to react to each. This paper will mainly focus on the known "good bots", -- traffic
3/8/16 UPDATE: Akamai continues to harden systems against the DROWN vulnerability (CVE-2016-0800), which exploits legacy encryption protocols in order to compromise keys that secure modern protocols, like TLSv1.2. (It does not leak the SSL/TLS keys themselves.) We have taken the necessary steps to protect both our customer-facing and critical internal systems from this vulnerability as of March 1, 2016. We will continue to identify and patch non-critical systems on an