Akamai Diversity
Home > Web Security

Recently in Web Security Category

What makes a good "DNS Blacklist"? - Part 1

Reflections on Modern Actionable Threat Intelligence used to turn a DNS Resolver into a Critical Security Tool

Akamai has just launched the Enterprise Threat Protection (ETP) platform. ETP is built on Akamai's global AnswerX Cloud that now reaches 28 countries and is expanding to new countries every month. As a new player in Cloud DNS resolver services, competitors will ask "why Akamai?" or "what gives Akamai the knowledge and capacity to build effective DNS blacklists?" These are good questions from our competition, and are also questions that our customers should ask. Let's explore why Akamai is in a unique position to help enterprises and carriers use Akamai's Cloud Security Intelligence (CSI) as a DNS Security Policy tool.

"Don't work for recognition, but do work worthy of recognition" - H. Jackson Brown.

A friend sent this quote to me after I explained to her my ambivalence about being recognized by Gartner as a "Leader" in their Web Application Firewall Magic Quadrant.  I had mixed feelings because I wanted to believe that I knew the market, I knew our competitors, and I certainly already knew what our customers were telling us about our Web Application Firewall.  Our customers are happy.  The product is getting better.  Market share is growing in a growing market.  I didn't need someone else to tell me we were a leader!   In other words, like most - if not all - of my colleagues and friends, I want to feel intrinsic pride in the work that I do. 

Larry's Cabinet of Web Vulnerability Curiosities

One of my responsibilities as a member of the Akamai Security Intelligence Response Team (SIRT) is to research new web application vulnerabilities. For the last year, I have focused on Wordpress plugin vulnerabilities, and looking for any interesting code tidbits in my box of Wordpress toys.  There are almost 50,000 wordpress plugins (at time of publication) and Wordpress is the Content Management System (CMS) of choice for over 30 million websites. This creates a very large Internet footprint.  I've been asked if I have any 0days or interesting research tidbits that I've come across and would be willing to share.  The answer is, "No, I don't have high value 0days to sell on the dark web!"

Part 1: Reading SPAM for Research

 I recently wrote an article for Information Security Magazine where I explained how internet security researchers could use their spam folders as a resource tool.  It got me thinking about going into greater detail on what I've found in my inbox.

Phishing Sites

I noticed an increase in "free gift cards" and other e-commerce type offers in my spam email account around Black Friday the day after Thanksgiving, which didn't subside until the end of the holiday season, several weeks later. These e-mails claimed to offer me a free $50 dollar Amazon gift card. When I click the link it leads me to a bogus but almost legitimate looking Amazon login site in an attempt to nab my login credentials.  The broken TLS lock icon and odd looking URL are a dead giveaway as to suspect this site isn't legitimate.  

 

There's an old adage that if something seems too good to be true, it probably is. If you're like me, you can apply this to your own experiences. For example, about 5 years ago a small chain of gyms that exclusively used vibrating exercise machines popped up near my home. Their gym goers would stand on a vibration platform for 15 minutes while reading or watching TV. The gym promised weight loss, fat burn, improved flexibility, and enhanced blood flow. The thought of getting a complete workout in 15 minutes without breaking a sweat is pretty appealing. I'm in! Unfortunately, research (or lack thereof) brings us back to reality and it appears that adage about something being too good to be true applies once again and those people who stood on a vibrating platform for exercise, at best experienced minor caloric burn.

Your customers are unique and they all expect fast, secure, personalized digital experiences. They are spread across the world, in regions of varying network connectivity, utilize a plethora of devices and screen sizes - making it challenging to deliver your experiences.

By delivering 95 Exabytes of data over billions of devices every year, Akamai provides the world's largest and most trusted cloud delivery platform that empowers you to provide fast, secure, scalable and reliable experiences. It is the only platform that seamlessly integrates web and mobile performance, cloud security, enterprise access and video delivery solutions helping you deliver consistent superior experiences no matter where the customers are and what device they are using.

Dealing with Petya

Akamai is aware of and is tracking the malware threat known as "Petya". Petya is ransomware spread using several methods, including PSexec, Windows Management Instrumentation Command-line (WMIC), and the EternalBlue exploit used by the WannaCry family of ransomware. The malware spreads via port 139 and 445; it probes IP addresses on the local subnet for vulnerable systems.

HTTP2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred "on the wire" by introducing a full binary protocol, made up of TCP connections, streams and frames, rather than simply being a plain-text protocol. Such a fundamental change between HTTP/1.x to HTTP/2, meant that client side and server side implementations had to incorporate completely new code to support new HTTP2 features - this fact, introduces nuances in protocol implementations, which in turn, might be used to passively fingerprint web clients.

Overview

Can you imagine anyone buying a car without airbags and without seat belts? I bet you can't!

So why is it that we buy computers without Antivirus software already installed, home routers without a firewall already installed or connected devices (IoT) that are lacking proper security controls?

Written by Avi Aminov and Or Katz

Overview

Imagine you are standing in the middle of a crowded train station and want to have a private conversation with an old friend. You've been waiting for the perfect time to contact him and get some advice on how to move forward with some important life choices.

But you couldn't wait any longer, and now you're on a train platform. There are many people around you. They're watching every move you make and listening to each word you say. You really, really need this conversation to be private!