
The Akamai Blog Subscribe
The Unforeseen Risk of Shared Services DDoS
A DDoS attack targeted at one web site is bad enough. But what happens when that single attack poses the distinct possibility of doing even more damage than originally intended. The kind of collateral damage I'm talking about is very real when you take into account IT architectures reliant on shared services. Shared services include anything that serves more than one application or set of users, for example:- Network infrastructure- Network bandwidth- Market
Blunting Attacks During Olympic-sized Events
InfoSec receives many questions from Akamai customers on a daily basis. Yesterday, someone asked if we had a case study on attack vectors against the 2012 London Olympics. The customer has a big event coming up, and wanted a picture of what they're up against -- and how they can defend against it all to keep their sites running smoothly. As it turns out, CSIRT Director Michael Smith wrote something on that
Blogs From Akamai's InfoSec Team (Updated)
Akamai's InfoSec team does a lot of blogging, both on the company site and in personal, security-oriented blogs where they offer opinions that are theirs and not always their employer's. What follows is a directory of who is blogging and where. I'll update the list as more examples come to my attention, but for now I hope you'll check out these sites. In a future post, I'll point you to
'InfoSec's Jerk Problem,' By Christian Ternus
I wanted to take a moment to flag a post from another blog that's well worth your time, especially if you want to get a better understanding of the security industry culture. It's from Akamai InfoSec's own Christian Ternus. The subject is something any industry can relate to -- the so-called "jerk problem."An excerpt:Put bluntly: to others, we're jerks.If you don't think this is a problem, you can stop reading here.The
Bug Bounty Programs A Turning Point For Microsoft
Here in Akamai's InfoSec department, we constantly remind employees and customers to keep up on all the latest security patchesin their environment. Since Windows is everywhere in the business world, it's particularly important to keep an eye on Microsoft's patching efforts. This week, the software giant made a big move in the name of vulnerability management, unleashing bug bounty programs that will likely lead to many more security patches in
DNS reflection defense
Recently, DDoS attacks have spiked up well past 100 Gbps several times. A common move used by adversaries is the DNS reflection attack, a category of Distributed, Reflected Denial of Service (DRDos) attack. To understand how to defend against it, it helps to understand how it works. How DNS works At the heart of the Domain Name System are two categories of name server: the authoritative name server, which is
Click Frenzy 2 goes off without a hitch with Akamai
0 0 1 499 2845 Akamai Technologies Inc. 23 6 3338 14.0 Normal 0 false false false EN-AU JA X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:Cambria; mso-ascii-font-family:Cambria; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Cambria; mso-hansi-theme-font:minor-latin;} Last year's Click Frenzy online sale in Australia, modeled after the hugely successful Black Friday sale in the US, attracted a huge amount of
Who Is George Penguin?
One of the more challenging tasks as the new guy in Akamai's InfoSec department is getting to know George Penguin. He's our mascot and ambassador of good will. His likeness is everywhere in the office, most notably in the form of soft, stuffed toys that dominate the workspace like an invasion of the tribbles from "Star Trek." I met George long before starting this job, and I admit that I've
Lessons From Akamai InfoSec Training
Though I've written about InfoSec for the past decade, I've still had my moments of shame. There was the time last year when I fell for one of the oldest social engineering tricks in the book, clicking the link on a direct Twitter message where someone I worked with asked if I'd seen the nasty post someone wrote about me. The co-worker's Twitter account had been hijacked and similar messages