Akamai Diversity
Home > Web Security

Recently in Web Security Category

DNS Hijacking: Dangers and Defenses

By Patrick Laverty, Clark Shishido, Dave Lewis, Mike Kun, Larry Cashdollar and Bill Brenner

We're always concerned about where the next attack is coming from. We worry about DDoS, SQL injection, defacements and a host of other attack techniques. One attack in particular can bypass even the best security protections and give attackers the keys to the kingdom.

That attack is called DNS Hijacking. This happens when attackers gain access to a domain registrar account and change the DNS resource recordsto point to server(s) under the attacker's control.

Latest Security Whiteboard Videos

Last month, we released three new security whiteboard videos. Here's the whole package, for your viewing pleasure and ongoing security education.

At Akamai, incidents happen daily. Despite strong controls, it's inevitable that problems will arise when so much content is being handled, processed and distributed within Akamai and on behalf of customers. To deal with that reality, the company has a set of procedures to manage incidents as they materialize. Most incidents are resolved by small interventions in the network. In this whiteboard presentation, Bill Brenner gives an overview.

Vulnerability assessment and pen testing both deal with finding and fixing security holes. But they are not the same thing. In this whiteboard presentation, Akamai security researcher Patrick Laverty explains the differences between the two, and how both are critical to the vulnerability management process at Akamai.

In this whiteboard presentation, Akamai InfoSec Program Manager James Salerno explains what FedRAMP is, why it was created and why it's become an important part of Akamai's security compliance process.

A public vulnerability in the GNU C Library that could be exploited to take remote control of vulnerable Linux systems was recently disclosed. Akamai is aware of this disclosure and is currently evaluating its exposure to this vulnerability, if any.

Specifically, the problem is a heap-based buffer overflow in the glibc's __nss_hostname_digits_dots() function used in gethostbyname() and gethostbyname2() glibc function calls. The vulnerability, commonly known as "Ghost" in the media, affects Linux systems.

Here are some excerpts from information that is publicly available:

  • According to the Red Hat Bugzilla advisory, an attacker could remotely exploit this condition to make an application call either of these functions. In the process, the attacker could launch malicious code with the permissions of the user running the application.
  • Threatpost published a report on the vulnerability this morning, having this to say:  "The vulnerability, CVE-2015-0235, has already been nicknamed GHOST because of its relation to the _gethostbyname function. Researchers at Qualys discovered the flaw, and say it goes back to glibc version 2.2 in Linux systems published in November 2000."
  • The issue was first reported Tuesday by security vendor Qualys. In a separate advisory, Qualys researchers said they stumbled upon the vlnerability during an internal code audit. "We discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc)," Qualys said in the advisory. "This bug is reachable both locally and remotely via the gethostbyname*() functions, so we decided to analyze it -- and its impact -- thoroughly, and named this vulnerability GHOST."

    The issue has so far been addressed in several popular Linux distributions.

Blizzard 2015: The Power Of Redundancy

A blizzard rages outside as I write this, and the governor of Massachusetts has banned travel on the roads. Many of us from Akamai's Cambridge headquarters will spend today at home, and possibly tomorrow.

But Akamai will continue to run. Being spread across the globe makes that a given. It illustrates the power of redundancy.

Luna Authentication and Authorization

Yesterday, my colleague Michael Smith shared a write-up on Akamai's Luna Authentication and Authorization services, telling his Twitter followers: "This will save your life if you are an Akamai customer. Set it up now."

It is an important part of what we offer, and a refresher course is appropriate here as well. So here we go:

We continue to preview sections of the Q4 State of the Internet - Security Report due out next week. Last week we told you about a DDoS attack from a group claiming to be Lizard Squad and the unintended consequences of many bots, spiders and scrapers. Tuesday, we shared a history of malware evolution.

Today, we preview the Attack Metrics/Trends section of the report, and what we see for the future.

Malware Evolution: A History

With the Q4 State of the Internet - Security Report due out later this month, we continue to preview sections of it. 

Last week we told you about a DDoS attack from a group claiming to be Lizard Squad and the unintended consequences of many bots, spiders and scrapers. Today, we preview the evolution of malware -- including the way security researchers label it.

The Trouble With Bots, Spiders and Scrapers

With the Q4 State of the Internet - Security Report due out later this month, we continue to preview sections of it.

Earlier this week we told you about a DDoS attack from a group claiming to be Lizard Squad. Today we look at how third-party content bots and scrapers are becoming more prevalent as developers seek to gather, store, sort and present a wealth of information available from other websites.

These meta searches typically use APIs to access data, but many now use screen-scraping to collect information.

As the use of bots and scrapers continues to surge, there's an increased burden on webservers. While bot behavior is mainly harmless, poorly-coded bots can hurt site performance and resemble DDoS attacks. Or, they may be part of a rival's competitive intelligence program.

Understanding the different categories of third-party content bots, how they affect a website, and how to mitigate their impact is an important part of building a secure web presence.

Open Redirect, XSS and SEO Attacks

A couple of months ago, my colleague Or Katz published an article about an interesting trend that he uncovered, in which Black Hat SEO marketers where abusing Open Redirect vulnerabilities on popular websites to increase the popularity of advertisement sites.

By PLXsert
January 12, 2015

'Twas the season for a not-so-jolly DDoS attack from a group claiming to be Lizard Squad - flinging Christmas tree packets as they are commonly known. Details of the DDoS attack indicate the ongoing development of DDoS attack tools. And while not the largest DDoS attack to date, this TCP flag DDoS attack would hinder or completely clog most corporate infrastructures. One packet exhibited the most flags set of all the packets - only an ACK flag was missing.