Akamai Diversity

The Akamai Blog

Bill Brenner

Bill Brenner

October 20, 2014 8:33 AM

Akamai InfoSec at BASC 2014

The Boston Application Security Conference (BASC) was this past weekend, and Patrick Laverty from Akamai InfoSec's CSIRT team gave a talk called "How Hackers View Your Web Site." Patrick recorded the talk and posted it on his YouTube channel. Like everything he does, it's quite good. So I'm sharing it here. Laverty described his talk this way:"As defenders, we have to be right 100% of the time where an attacker

Bill Brenner

Bill Brenner

October 16, 2014 8:35 PM

Poodle FAQ: What Akamai Customers Need to Know

The Poodle attack (CVE-2014-3566) raised many questions from our customers, peers, auditors, and prospects. This post addresses some of the most frequently asked questions, and provides an update on how Akamai is handling its operations during this industry-wide event. For a basic background on Poodle, please read Akamai CSO Andy Ellis's overview blog post, or Akamai Security Researcher Daniel Franke's in-depth analysis.

Bill Brenner

Bill Brenner

October 15, 2014 5:30 PM

UPnP Devices Used in DDoS Attacks

Attackers are using Universal Plug and Play (UPnP) devices to launch massive DDoS assaults, Akamai's Prolexic Security Engineering & Research Team (PLXsert) warned this morning in an advisory.PLXsert estimates that 4.1 million UPnP devices are potentially vulnerable to exploits used for reflection DDoS attacks. That's about 38 percent of the 11 million devices in use around the world. PLXsert plans to share the list of potentially exploitable devices to

Andy Ellis

Andy Ellis

October 14, 2014 6:48 PM

SSL is dead, long live TLS

An attack affectionately known as "POODLE" (Padding Oracle On Downgraded Legacy Encryption), should put a stake in the heart of SSL, and move the world forward to TLS. There are two interesting vulnerabilities: POODLE, and the SSL/TLS versioning fallback mechanism. Both of these vulnerabilities are discussed in detail in the initial disclosure. POODLE POODLE is a chosen-plaintext attack similar in effect to BREACH; an adversary who can trigger requests from

Bill Brenner

Bill Brenner

October 14, 2014 5:12 PM

Excerpt: How POODLE Happened

The following is an excerpt from Akamai Security Researcher Daniel Franke's blog post on the POODLE vulnerability.  Bodo Möller, Thai Duong, and Krzysztof Kotowicz have just broken the internet again with POODLE, a new and devastating attack against SSL. POODLE, an acronym for Padding Oracle On Downgraded Legacy Encryption, permits a man-in-the-middle attacker to rapidly decrypt any browser session which utilizes SSL v3.0 -- or, as is generally the case,

Bill Brenner

Bill Brenner

October 14, 2014 2:46 PM

Your Microsoft Patch Update for October 2014

Microsoft released its October 2014 Security Update Tuesday. Windows, Internet Explorer, Office, Developer Tools and .NET Framework are among the items affected.Here is the full patch matrix:

Akamai

Akamai

October 14, 2014 11:00 AM

Internet Hygiene: What web applications vulnerabilit ...

When you consider security solutions, there is no catchall Internet security solution that addresses every web application security challenge. A multi-layered approach to Internet security is the most effective way to guard against all types of cyber-attacks, including DDoS, application-layer attacks and data breaches. But this is much more security technology and tools. You need to add what we call "Internet hygiene" to your defenses - taking internal measures to

Bill Brenner

Bill Brenner

October 14, 2014 5:31 AM

Five Good Security Articles

Articles I'm reading include such topics as the mounting cost of social engineering, the Mayhem Botnet's exploitation of Shellshock, and some tips for better security in the healthcare industry.

Bill Brenner

Bill Brenner

October 7, 2014 5:54 AM

Akamai University: FedRAMP 101

Akamai Edge 2014 continues today with the second day of Akamai University and API Boot camp. To coincide with this, I'm running two security lessons that are part of an upcoming video series. This is the final installment, and was written by Akamai program managers James Salerno and Dan Philpott.First installment: Vulnerability Management vs. Penetration Testing