Get In Touch
Welcome to the inaugural episode of Akamai's State of the Internet Security Podcast. This will be an ongoing podcast series where I talk to Akamai security researchers about the threats they are tracking and the defenses they identify. Episode 1 takes us to a fairly new attack technique that exploits Microsoft's SQL Server Resolution Protocol. Our research team recently discovered that the bad guys are using a reflection-based tactic to
This week, MIT holds its 2015 STAMP Conference. Staff from Akamai InfoSec will participate in this event, which makes perfect sense given our close ties and history with MIT.
Akamai is aware that details are now available for the OpenSSL vulnerabilities we first told you about on Tuesday. The full OpenSSL Security Advisory is available here and outlines 14 different issues. At this time, most of the issues don't appear to affect Akamai, though we continue to investigate. One of the high-severity vulnerabilities affects OpenSSL v1.0.2., which Akamai does not yet use. Another issue, outlined in CVE-2015-0204, was previously
The experience your customers have while interacting with your company's online presence says so much about your business, its priorities, and your brand. Whether your company conducts online transactions or not, performance optimization have become more of a "need" than a "want". A slow performing web site is bound to have less engagement among critical audiences, lower transaction volume, degraded brand fidelity, and higher bounce rates. In this post, we
Akamai is aware of an announcement from OpenSSL revealing vulnerabilities in the OpenSSL stack. Based on information provided by the OpenSSL team, the high-severity vulnerability only affects OpenSSL v1.0.2. Akamai does not use this version of OpenSSL and is therefore not susceptible to that vulnerability. We continue to investigate, however. The full advisory will be available on March 19. Akamai will have further details about our response plans at that
Here's an update on Akamai's efforts to address the security vulnerabilities outlined in CVE 2015-0204: As of today -- Wednesday, March 11, 2015 -- we have completed all the necessary change activities. Export Grade Ciphers are now disabled by default on our network.
Microsoft yesterday released its most significant patch update in a long while, fixing the so-called FREAK vulnerability, among other things. In all, 14 security issues were addressed, five of which are tagged as critical. Affected systems include the consumer and server editions of Windows, Internet Explorer, Office, Server and Exchange Server and SharePoint. Akamai addressed the CVE 2015-0204 vulnerability -- which FREAK exploits -- two weeks ago. You can read
Fellow security practitioners: OWASP AppSec USA 2015 will take place in San Francisco Sept 22-25. The call for papers closes March 14. It's probably the biggest application security conference of the year, so it's a great speaking opportunity.From the OWASP website: OWASP encourages and prioritizes submissions around the three focus areas of AppSec USA 2015: Web Application securityDevOpsCloud SecurityIn addition to these focus areas, OWASP is interested in all topics related
The following was written by Akamai CSIRT researcher Patrick Laverty:Akamai has seen multiple media reports where a group will claim to have hacked hundreds or thousands of sites in a single night. The intent is to instill a sense of widespread unease to the casual observer. When we look a little closer, we see that there may be more to it. One can rightly assume that many of these have