Get In Touch
I've seen way too many security advisories over the years to count. The more critical the issue, the more publishable it was. But that was my perspective as a journalist working for news organizations. In the current role, I'm seeing things from the beginning of the internal vetting process. There's a lot we want to make public, but there's a lot we have to keep to ourselves.
During my time as CSOonline's Salted Hash blogger, I wrote something I'd forgotten about until rediscovering it the other day. Three years after writing it, I think this post is still relevant.
Five security articles worth your time...US top developer of risky mobile applications (CSOonline) A new report identifies the U.S. as the top developer of malicious and privacy-intruding applications, a finding that contrasts with conventional wisdom that often places the problem squarely in Asia. 2014 cyberattack to cost Sony $35M in IT repairs (Computerworld) Sony has put an estimate to the damage caused by the massive cyberattack against Sony Pictures Entertainment
My friend Jennifer Minella is doing a series where she asks folks from the security community about three books that changed their lives. She kicks it off with me. Here's what she has to say about the series: My goals for the year mean some drastic changes to the type of content you're used to seeing from me. One of these goals is to highlight the human aspect of professionals
On Tuesday, Akamai learned about and published a blog post highlighting a public vulnerability in the GNU C Library that could be exploited and used to take remote control of vulnerable Linux systems. Today, following our internal investigation, we have some additional information to share. How Is Akamai protected? Akamai's engineers have examined the primary software components that power the Akamai platform and to date have found they are not
The Q4 2014 State of the Internet - Security report is out today. We've previewed sections this past week (see sidebar below), but now we can share some numbers. PREVIEW POSTS: Coming 1/29: Q4 2014 State of the Internet Security EditionMalware Evolution: A HistoryThe Trouble With Bots, Spiders and ScrapersTCP Flag DDoS Attack by Lizard Squad Indicates DDoS Tool Development
By Patrick Laverty, Clark Shishido, Dave Lewis, Mike Kun, Larry Cashdollar and Bill Brenner We're always concerned about where the next attack is coming from. We worry about DDoS, SQL injection, defacements and a host of other attack techniques. One attack in particular can bypass even the best security protections and give attackers the keys to the kingdom. That attack is called DNS Hijacking. This happens when attackers gain access
Last month, we released three new security whiteboard videos. Here's the whole package, for your viewing pleasure and ongoing security education. At Akamai, incidents happen daily. Despite strong controls, it's inevitable that problems will arise when so much content is being handled, processed and distributed within Akamai and on behalf of customers. To deal with that reality, the company has a set of procedures to manage incidents as they materialize.
A public vulnerability in the GNU C Library that could be exploited to take remote control of vulnerable Linux systems was recently disclosed. Akamai is aware of this disclosure and is currently evaluating its exposure to this vulnerability, if any. Specifically, the problem is a heap-based buffer overflow in the glibc's __nss_hostname_digits_dots() function used in gethostbyname() and gethostbyname2() glibc function calls. The vulnerability, commonly known as "Ghost" in the media,