Akamai Diversity
Home > Web Security

Recently in Web Security Category

A Drop in DDoS Attacks for Q3 2013

For the first time in nearly a year, Akamai researchers saw a drop in the number of DDoS attacks targeting customers. The details are outlined in the newly-released State of the Internet Report for the third quarter of 2013.

China Again the Top Producer of Attack Traffic

Akamai released its Third Quarter 2013 State of the Internet Report yesterday. On the security side, we saw a return of sorts to the status quo.

Podcast: James Arlen at #ShmooCon 2014

At the recent ShmooCon conference, industry leader James Arlen discussed the need for better business etiquette among security practitioners.

Punish Users for Security Mistakes?

In the world of information security, complaining about the user is a sport as old as the profession itself. Users falling for phishing attacks. Users failing to install patches. The list of complaints goes on.

In the past several weeks, Akamai was in a unique position to witness a massively orchestrated attack, designed to map Internet facing web servers that are susceptible to certain specific vulnerabilities.

ISO 30111 Vulnerability Handling Processes Published

One of the big news items from ShmooCon 2014 was that the ISO 30111 Vulnerability Handling Processes is now published. The document, edited by Microsoft Senior Security Strategist Lead Katie Moussouris, has been a long time coming. Specifically, it outlines how vendors should investigate, triage, and resolve all potential vulnerabilities, whether reported from external finders or via the vendor's internal testing.

#ShmooCon, Day 2: For the Love of LobbyCon

I've said it about other conferences: The most important activity -- even more so than attending talks -- is the networking that goes on in the lobby, something that's become popularly known as LobbyCon. It's especially true for those attending ShmooCon here in the nation's capital.

#ShmooCon, Day 2: Instant Messaging Insecurity

At Akamai, one of our security policies goes something like this: If you want to do instant messaging for personal matters, use whatever you want. If you want to discuss company business on IM, however, you have to use a specialized instant messaging program we've set up specifically for communication between colleagues.

#ShmooCon, Day 2: Security Tools You Can Use

As the second day of ShmooCon 2014 dawns over Washington DC, I'm reflecting on the talks that kicked off the weekend yesterday. Particularly useful was a presentation by security practitioner Rob Fuller called "Attacker Ghost Stories: Mostly Free Defenses That Give Attackers Nightmares."

#ShmooCon, Day 1: Schwag for the Security Messaging Win

After getting my badge for this weekend's ShmooCon conference in Washington DC, I excitedly emptied the contents of my bag on the table. Schwag. Lots of it. There was a wooden airplane kit. A harmonica. Stickers aplenty. All branded with the names of various security vendors and organizations.