Get In Touch
Fellow security practitioners: OWASP AppSec USA 2015 will take place in San Francisco Sept 22-25. The call for papers closes March 14. It's probably the biggest application security conference of the year, so it's a great speaking opportunity.From the OWASP website: OWASP encourages and prioritizes submissions around the three focus areas of AppSec USA 2015: Web Application securityDevOpsCloud SecurityIn addition to these focus areas, OWASP is interested in all topics related
The following was written by Akamai CSIRT researcher Patrick Laverty:Akamai has seen multiple media reports where a group will claim to have hacked hundreds or thousands of sites in a single night. The intent is to instill a sense of widespread unease to the casual observer. When we look a little closer, we see that there may be more to it. One can rightly assume that many of these have
Among the security content on Akamai's new State of the Internet website is a very cool map where you can view DDoS attack activity worldwide in near real-time, including global sources, types, volume and targets. The most recent 5000 DDoS attacks blocked by Akamai appear on the map. Each DDoS attack source can command hundreds or thousands of DDoS bots. Viewers can customize their view by zooming in or out.
The following, written by Rich Salz, deals with Akamai's response to CVE 2015-0204. The vulnerability has been exploited by such exploits as the so-called FREAK attack. Back in the last century, the United States tried to control the export of strong cryptography. This policy made its way into the SSL/TLS standards in two ways. The first part was to add several cipher suites that used small, easily breakable keys. These
A new attack threatens enterprises and Software-as-a-Service (SaaS) providers: chaotic actors using Joomla servers with a vulnerable Google Maps plugin installed as a platform to launch DDoS assaults. The attack technique was discovered by researchers from Akamai's Prolexic Security Engineering & Research Team (PLXsert), working alongside PhishLabs' Research, Analysis, and Intelligence Division (R.A.I.D). You can download the full advisory from Akamai's State of the Internet website for free.
Akamai security staff will be at RSA Conference 2015 in force, and some of us will be giving talks. A preview:
Last week I told you about my speaking appearances at SecureWorld Boston March 4. There's one schedule change to tell you about:Instead of participating in a panel on emerging threats, I'll be on this panel instead:Protecting Your Data as it Roams, March 4 from 1:15-2:15 p.m. Today your data moves fast and across platforms. Security professionals are charged with protecting valuable information as it moves from data centers to employee
BSides Boston 2015 takes place Saturday, May 9 at Microsoft, and organizers have issued their call for papers. WHAT: Security BSides Boston 2015 Call for Presentations/Papers WHO: Your awesome 45 minute presentation on a security/tech/hacking topic. Marketing/advertising presentations will be rejected. WHEN: Deadline for submissions: March 1st midnight EST WHERE: 1 Cambridge Center, Cambridge, Massachusetts HOW (Format): Talk Title (under 10 words)200ish words abstract with links to any pertinent backup
In two weeks I'll give a presentation and participate in a panel discussion at SecureWorld Boston 2015. The event takes place March 4-5 at the Hynes Convention Center. Akamai is a gold sponsor. My talk, March 4 from 8:30-9:15 a.m., is called "Attack Techniques and Defenses." I'll explain how the bad guys are targeting companies and how to fight back based on threat research and remediation techniques used by Akamai