Akamai Diversity

The Akamai Blog

Rich Bolstridge

Rich Bolstridge

August 4, 2015 11:49 AM

Quantum Dawn and the Need for Testing in Security In ...

Last night I watched an On Demand episode of The American Experience titled Blackout, which recounted the 1977 power failure in New York City and its lasting impact on city due to widespread looting and destruction. With the power completely out, the operators at Con Ed got to work restoring power using a manual that was last updated after another massive blackout - in 1965.

Akamai

Akamai

August 4, 2015 5:46 AM

Talk on CDN vulnerability at Black Hat USA 2015

Akamai is aware of a talk scheduled for Black Hat USA 2015 this week that will discuss some potential issues with platforms like ours. Mike Brooks and Matthew Bryant, security analysts at Bishop Fox, will give the following talk on Aug. 6: BYPASS SURGERY ABUSING CONTENT DELIVERY NETWORKS WITH SERVER-SIDE-REQUEST FORGERY (SSRF) FLASH AND DNS

Benjamin Brown

Benjamin Brown

July 31, 2015 9:03 AM

BIND DoS Vulnerability (CVE-2015-5477)

Akamai is aware of a recently disclosed critical vulnerability in BIND (CVE-2015-5477) that can be exploited to cause a denial of service. How does the attack work? An attacker can cause BIND to exit by using a constructed packet to trigger a REQUIRE assertion via defective handling of a TKEY query. How is Akamai affected? Akamai's Fast DNS / EDNS authoritative name servers do not run BIND and as

Bill Brenner

Bill Brenner

July 29, 2015 7:22 AM

OurMine Team Attack Exceeded 117 Gbps

A new hacking group has landed on the Akamai's PLXsert and CSIRT radar for taking responsibility for launching DDoS attacks against several of our customers in the financial services sector.The entity calls itself the "OurMine Team" and if it is to be believed, it has gained access to one customer's $500,000 account. The group has announced it will give that money to the poor.

Or Katz

Or Katz

July 23, 2015 9:57 AM

How to Tell a Landscaper From a Thief

If I can see a person standing in front of a neighboring house inspecting the windows and the doors, should I call the police? Maybe it is the air-condition technician looking for the best place to install a new air-condition unit, or maybe it is a robber doing reconnaissance and checking what is the easiest way to get into the house. It is hard to tell! Now what if

Bill Brenner

Bill Brenner

July 20, 2015 9:05 AM

Threat Watch: Bad Actors and Attack Techniques, Part ...

A roundup of attack activity, vectors and those responsible, based on PLXSert/CSIRT advisories issued in recent weeks: DD4BC: Operation Update and FAQ DD4BC, the malicious group responsible for several Bitcoin extortion campaigns last year, continues to expand attacks against Akamai customers. Researchers from Akamai's PLXsert and CSIRT teams continue to investigate attack activity related to the group. RIPv1 Reflection DDoS Making a Comeback Akamai's Prolexic Security Engineering & Research Team

Akamai

Akamai

July 16, 2015 6:00 AM

DD4BC: Operation Update and FAQ

DD4BC, the malicious group responsible for several Bitcoin extortion campaigns last year, continues to expand attacks against Akamai customers. Researchers from Akamai's PLXsert and CSIRT teams continue to investigate attack activity related to the group. In recent weeks, the frequency of customers receiving ransom emails from this band of chaotic actors has steadily grown. DD4BC continues to inform victims that they will launch a DDoS attack of 400-500 Gbps

Renny Shen

Renny Shen

July 15, 2015 10:00 AM

Time-to-Mitigate SLAs and the Irony of Being a Marke ...

As a professional marketer, it can be a little ironic how often you're frustrated when people you care about are influenced by marketing in ways that can't possibly be good for them. Everybody knows that marketers do nothing but lie all day - or "spin" as they call it. And as far as the profession goes, there's probably some truth to that. But there are plenty of marketers out

Bill Brenner

Bill Brenner

July 9, 2015 9:21 AM

OpenSSL Vulnerability (CVE-2015-1793)

Akamai is aware of the OpenSSL vulnerability addressed in OpenSSL versions 1.0.2d and 1.0.1p on Thursday, July 9, 2015. Akamai does not use the vulnerable versions of OpenSSL and is therefore not affected. The OpenSSL team advisory outlines the vulnerability and fixes. The advisory states:During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such