Get In Touch
By PLXsert January 12, 2015 'Twas the season for a not-so-jolly DDoS attack from a group claiming to be Lizard Squad - flinging Christmas tree packets as they are commonly known. Details of the DDoS attack indicate the ongoing development of DDoS attack tools. And while not the largest DDoS attack to date, this TCP flag DDoS attack would hinder or completely clog most corporate infrastructures. One packet exhibited the
ShmooCon has always been one of my favorite security conferences. Unfortunately, I can't be there this year. But for those who are going this weekend, here's what to expect.
Akamai Security Advocate Dave Lewis and I made Tripwire's list of "Top Influencers in Security You Should Follow in 2015." For each security practitioner selected, Tripwire included Twitter handles, blog URLs and reasons for selecting the individuals. Tripwire also asked us what infosec-related superpower we wished to have, in keeping with this year's theme of "InfoSec Avengers."Thanks to Tripwire for including us on the list!
This morning Akamai released its State of the Internet Report for the third quarter of 2014. Here are the security highlights:
Recently, the Akamai Threat Research Team unveiled a unique distributed brute force attack campaign targeting nearly five hundred WordPress applications. What's interesting about this campaign? It clearly demonstrates how Web attackers are becoming more sophisticated, attempting to evade security controls - specifically Web Application Firewalls (WAFs) and rate control protections. Continue reading on "The Security Ledger": https://securityledger.com/2014/12/cat-and-mouse-web-attacks-increasingly-sidestep-waf-protections/
The following PLXsert advisory came out last week, but I'm just back from vacation and catching up on what I missed. This one is high-risk and worth mentioning here. Public dumps of compromised data from several high-profile attacks have fueled an increase in automated and systematic attempts to reuse stolen credentials at multiple websites. The requests show user agents are systematically randomized. One of the most targeted sectors is online
The January meeting of OWASP Boston is Wednesday, 6:30 p.m., at Akamai Headquarters -- 150 Broadway, on the 2nd floor. Akamai CSIRT's Patrick Laverty will give a talk called "How a Hacker Views Your Web Site." Laverty offered these details of the talk: As defenders, we have to be right 100 percent of the time where an attacker only needs to be right once. The attack surface of a modern
Compiling a full list of security conferences for a 12-month period is hard. There are the obvious ones, like RSA, Black Hat and Defcon. But there are countless more with content and networking opportunities security practitioners can benefit from.To that end, I want to direct you to this excellent list from Henry Dalziel, a security blogger with Concise Courses. It's the most comprehensive list I've ever seen.
I've never been a fan of security predictions, though I've written about them too many times to count. I guess that makes me a hypocrite. I could take the high road and tell you my bosses always make me write about it, but why pass the buck? In the world of tech media, we ALL write about predictions. Call it a case of doing one of those tasks you hate