Get In Touch
In the interest of providing an update to the community on Akamai's work to address issues around the Heartbleed vulnerability, we've put together this outline as a brief summary: Akamai, like all users of OpenSSL, was vulnerable to Heartbleed. Akamai disabled TLS heartbeat functionality before the Heartbleed vulnerability was publicly disclosed. In addition, Akamai went on to evaluate whether Akamai's unique secure memory arena may have provided SSL key protection
Recent studies and reports show a dramatic increase in the prevalence of denial of service attacks in general, and application layer attacks in particular. As a result of this increase, DoS protection and mitigation solutions have evolved both on the technological side as well as in their ability to scale and protect against larger and more distributed attacks (DDoS).
Over the weekend, an independent security researcher contacted Akamai about some defects in the software we use for memory allocation around SSL keys. We discussed Friday how we believed this had provided our SSL keys with protection against Heartbleed and had contributed the code back to the community. The code that we had contributed back was, as we noted, not a full patch, but would be a starting point for
Update 2014-04-13: Our beliefs in our protection were incorrect; update here. Today, we provided more information to our customers around the research we've done into the Heartbleed vulnerability. As our analysis may inform the research efforts of the industry at large, we are providing it here. Summary: Akamai patched the announced Heartbleed vulnerability prior to its public announcement. We, like all users of OpenSSL, could have exposed passwords or session
If you're attending SOURCE Boston, there's a discussion Thursday at 11 a.m. you should attend. It deals with a subject we've been working hard to address at Akamai: burnout in the security industry, and how we can make things better by tapping into the better angels of our nature.Related audio: Humanity in Security
Attention, SOURCE Boston attendees: If you or anyone you know needs a job, come by our booth. Recruiters are on hand, and they have several positions to fill, including:A program manager for InfoSec;A senior manager for Enterprise Security;A security architect for Adversarial Resilience; and A principal application software engineer for the Security Products Group.We're also giving away an iPad at 5 p.m., so come put your business card in the raffle
Akamai CSO Andy Ellis wrote about how we're protecting customers from the much-publicized Heartbleed vulnerability OpenSSL fixed in an update Monday. At SOURCE Boston 2014, there's plenty of personal proof that this bug is a big deal. You could say it ruined the first day of the conference for some.
Update 2014-04-11: Updated information on our later analysis here. We're getting a lot of questions about the OpenSSL Heartbleed fix. What follows are the most commonly asked questions, with our answers. The Heartbleed bug affects a heartbeat functionality within the TLS/DTLS portion of the library. It allows the attacker to -- silently and without raising alarms -- dump portions of the servers memory to the client. This can allow the
A fix is now available for a serious Open SSL flaw known as Heartbleed. The vulnerability, covered in CVE-2014-0160, affects OpenSSL 1.0.1 through 1.0.1f with two exceptions: OpenSSL 1.0.0 branch and 0.9.8.