Get In Touch
For the first time in nearly a year, Akamai researchers saw a drop in the number of DDoS attacks targeting customers. The details are outlined in the newly-released State of the Internet Report for the third quarter of 2013.Download the full report HERE
Akamai released its Third Quarter 2013 State of the Internet Report yesterday. On the security side, we saw a return of sorts to the status quo.
At the recent ShmooCon conference, industry leader James Arlen discussed the need for better business etiquette among security practitioners.
In the world of information security, complaining about the user is a sport as old as the profession itself. Users falling for phishing attacks. Users failing to install patches. The list of complaints goes on.
In the past several weeks, Akamai was in a unique position to witness a massively orchestrated attack, designed to map Internet facing web servers that are susceptible to certain specific vulnerabilities.
One of the big news items from ShmooCon 2014 was that the ISO 30111 Vulnerability Handling Processes is now published. The document, edited by Microsoft Senior Security Strategist Lead Katie Moussouris, has been a long time coming. Specifically, it outlines how vendors should investigate, triage, and resolve all potential vulnerabilities, whether reported from external finders or via the vendor's internal testing.
I've said it about other conferences: The most important activity -- even more so than attending talks -- is the networking that goes on in the lobby, something that's become popularly known as LobbyCon. It's especially true for those attending ShmooCon here in the nation's capital.
At Akamai, one of our security policies goes something like this: If you want to do instant messaging for personal matters, use whatever you want. If you want to discuss company business on IM, however, you have to use a specialized instant messaging program we've set up specifically for communication between colleagues.
As the second day of ShmooCon 2014 dawns over Washington DC, I'm reflecting on the talks that kicked off the weekend yesterday. Particularly useful was a presentation by security practitioner Rob Fuller called "Attacker Ghost Stories: Mostly Free Defenses That Give Attackers Nightmares."