The Akamai Blog Subscribe
SSL is dead, long live TLS
An attack affectionately known as "POODLE" (Padding Oracle On Downgraded Legacy Encryption), should put a stake in the heart of SSL, and move the world forward to TLS. There are two interesting vulnerabilities: POODLE, and the SSL/TLS versioning fallback mechanism. Both of these vulnerabilities are discussed in detail in the initial disclosure. POODLE POODLE is a chosen-plaintext attack similar in effect to BREACH; an adversary who can trigger requests from
Excerpt: How POODLE Happened
The following is an excerpt from Akamai Security Researcher Daniel Franke's blog post on the POODLE vulnerability. Bodo Möller, Thai Duong, and Krzysztof Kotowicz have just broken the internet again with POODLE, a new and devastating attack against SSL. POODLE, an acronym for Padding Oracle On Downgraded Legacy Encryption, permits a man-in-the-middle attacker to rapidly decrypt any browser session which utilizes SSL v3.0 -- or, as is generally the case,
Your Microsoft Patch Update for October 2014
Microsoft released its October 2014 Security Update Tuesday. Windows, Internet Explorer, Office, Developer Tools and .NET Framework are among the items affected.Here is the full patch matrix:
Internet Hygiene: What web applications vulnerabilit ...
When you consider security solutions, there is no catchall Internet security solution that addresses every web application security challenge. A multi-layered approach to Internet security is the most effective way to guard against all types of cyber-attacks, including DDoS, application-layer attacks and data breaches. But this is much more security technology and tools. You need to add what we call "Internet hygiene" to your defenses - taking internal measures to
Five Good Security Articles
Articles I'm reading include such topics as the mounting cost of social engineering, the Mayhem Botnet's exploitation of Shellshock, and some tips for better security in the healthcare industry.
Akamai University: FedRAMP 101
Akamai Edge 2014 continues today with the second day of Akamai University and API Boot camp. To coincide with this, I'm running two security lessons that are part of an upcoming video series. This is the final installment, and was written by Akamai program managers James Salerno and Dan Philpott.First installment: Vulnerability Management vs. Penetration Testing
Akamai University: Vulnerability Management vs. Pen ...
Akamai Edge 2014 begins today and tomorrow with two days of Akamai University and API Boot camp. To coincide with this, I'm running two security lessons that are part of an upcoming video series. This is the first installment, written by Akamai CSIRT researcher Patrick Laverty.
Akamai Edge 2014: Shellshock and Heartbleed Resource ...
Akamai Edge attendees will hear the names of two security vulnerabilities a lot this week: Shellshock and Heartbleed. Both shook the security industry to the core this year, and Akamai security staff spent countless hours working to protect customers against these threats.Before Edge gets underway, here are some resources to get familiar with what we've done to address the threats.More on the Web Security Track at Akamai Edge 2014:Akamai Edge
Akamai Launches New Protection for Shellshock-Bash
Akamai has created custom rules to help protect customers from the Shellshock-Bash vulnerabilities. The official names of these vulnerabilities and the WAF rules to address them are as follows: