Get In Touch
Over the weekend, an independent security researcher contacted Akamai about some defects in the software we use for memory allocation around SSL keys. We discussed Friday how we believed this had provided our SSL keys with protection against Heartbleed and had contributed the code back to the community. The code that we had contributed back was, as we noted, not a full patch, but would be a starting point for
Update 2014-04-13: Our beliefs in our protection were incorrect; update here. Today, we provided more information to our customers around the research we've done into the Heartbleed vulnerability. As our analysis may inform the research efforts of the industry at large, we are providing it here. Summary: Akamai patched the announced Heartbleed vulnerability prior to its public announcement. We, like all users of OpenSSL, could have exposed passwords or session
If you're attending SOURCE Boston, there's a discussion Thursday at 11 a.m. you should attend. It deals with a subject we've been working hard to address at Akamai: burnout in the security industry, and how we can make things better by tapping into the better angels of our nature.Related audio: Humanity in Security
Attention, SOURCE Boston attendees: If you or anyone you know needs a job, come by our booth. Recruiters are on hand, and they have several positions to fill, including:A program manager for InfoSec;A senior manager for Enterprise Security;A security architect for Adversarial Resilience; and A principal application software engineer for the Security Products Group.We're also giving away an iPad at 5 p.m., so come put your business card in the raffle
Akamai CSO Andy Ellis wrote about how we're protecting customers from the much-publicized Heartbleed vulnerability OpenSSL fixed in an update Monday. At SOURCE Boston 2014, there's plenty of personal proof that this bug is a big deal. You could say it ruined the first day of the conference for some.
Update 2014-04-11: Updated information on our later analysis here. We're getting a lot of questions about the OpenSSL Heartbleed fix. What follows are the most commonly asked questions, with our answers. The Heartbleed bug affects a heartbeat functionality within the TLS/DTLS portion of the library. It allows the attacker to -- silently and without raising alarms -- dump portions of the servers memory to the client. This can allow the
A fix is now available for a serious Open SSL flaw known as Heartbleed. The vulnerability, covered in CVE-2014-0160, affects OpenSSL 1.0.1 through 1.0.1f with two exceptions: OpenSSL 1.0.0 branch and 0.9.8.
SOURCE Conference 2014 runs tomorrow through Thursday at the Marriott on Tremont Street, Boston. Akamai is a platinum sponsor of the event and we hope to see you there. To help attendees acclimate, we're sharing the following talk descriptions, which are also available on the conference website.
For years, I've despised the so-called booth-babe phenomenon, in which vendors hire women to stand at their booths in skimpy attire at conferences. I've focused on what I see at security events, but the problem is universal.If you want to know how I feel about it, read this Salted Hash write-up from a couple years ago. For the rest of this post, I direct your attention to this message from two