The Akamai BlogSubscribe
WordPress Plugins Exploitation Through the Big Data ...
Overview According to Wikipedia, WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL, which runs on a web hosting service. Features include a plug-in architecture and a template system. WordPress is used by more than 18.9% of the top 10 million websites as of August 2013. WordPress is the most popular blogging system in use on the Web, at
Attackers Use Skipfish to Target Financial Sites
Akamai's CSIRT team has discovered a series of attacks against the financial services industry. In this instance, the bad guys are exploiting the Skipfish Web application vulnerability scanner to probe company defenses. Skipfish is available for free download at Google's code website. Security practitioners use it to scan their own sites for vulnerabilities. The tool was built and is maintained by independent developers and not Google, though Google's information security
Why I'm Attending ShmooCon 2014
Here at Akamai, we're busy preparing for RSA Conference 2014. It's the biggest security conference of the year, and we send a platoon of employees every time. Given our role in securing the Internet, it's a no-brainer.But there are many other conferences we attend each year, because:We have a lot of information to share about attacks against Akamai customers and how the security team continues to successfully defend against them.We
Analyzing a Malicious Botnet Attack Campaign Through ...
Two of the most prominent evolutions in the web application attacks landscape are scale and volume. Nowadays, attackers use tremendous amounts of computing resources such as those provided by cloud computing and botnets, in order to mount distributed large-scale attack campaigns over the Internet while keeping their identity hidden. From a security defense point of view, such attacks are a nightmare - they are much harder to detect and
Security Predictions? Here Are Some Facts About 2014
I've said it before and will repeat it here: I absolutely loathe security predictions. I have nothing against those who make them. It's just that most predictions are always so much duh. The rest are marketing creations that have no attachment to reality. Examples of the self evident:Mobile malware is gonna be a big deal.Social networking will continue to be riddled with security holes and phishing attacks.Microsoft will release a lot
Akamai Security Podcast: All The Episodes, Expanded
A round-up of the first nine episodes of the Akamai Security Podcast:Episode 1: CEO Tom Leighton discusses the legacy of Co-Founder Danny Lewin, Akamai's role on 9-11-01, and his vision of Akamai as a major player in the security industry.Episode 2: I talk to Meg Grady-Troia about her role in Akamai InfoSec, particularly the security training she does for new hires. Episode 3: I talk to Larry Cashdollar, a senior security response engineer on our CSIRT team. Larry
Akamai Security Compliance: The Story So Far
Continuing our weekly series of security anthologies, we focus today on Akamai compliance procedures. We're currently in the midst of an ongoing series on how Akamai approaches it, but the following content presents the story thus far. Four Things to Ask Before Seeking FedRAMP Certification For a look at how we reached FedRAMP certification, I spoke with Akamai InfoSec's Kathryn Kun, the program manager who played a critical role in
Security at Planetary Scale: An Anthology
We continue this week's series of anthologies with a collection of posts about security at planetary scale.Environmental Controls at Planetary ScaleEach data center in a planetary scale environment is now as critical to availability as a power strip is to a single data center location. Mustering an argument to monitor every power strip would be challenging; a better approach is to have a drawer full of power strips, and replace
Attack Techniques and Defenses: An Anthology
Akamai's security team defends customers from a variety of threats 24 hours a day, seven days a week. You name it: DDoS attacks, DNS-related attacks, vulnerability exploitation -- we've seen it all. What follows is a collection of posts focusing on attack techniques and the defenses we have deployed and/or suggested. Indonesian Attack Traffic Tops List; Port 445 No Longer Main TargetIndonesia replaces China as the top producer of attack