The Akamai Blog Subscribe
Assessment of the BREACH vulnerability
The recently disclosed BREACH vulnerability in HTTPS enables an attack against SSL-enabled websites. A BREACH attack leverages the use of HTTP-level compression to gain knowledge about some secret inside the SSL stream, by analyzing whether an attacker-injected "guess" is efficiently compressed by the dynamic compression dictionary that also contains the secret. This is a type of an attack known as an oracle, where an adversary can extract information from an
Microsoft Security Patches Coming Tomorrow
Tomorrow is the second Tuesday of the month, which those of us in security know as Patch Tuesday -- the day Microsoft unloads its security updates. It's an important calendar item for Akamai customers, given how dominant Windows machines are in many companies.Late last week, Microsoft offered a preview of what to expect. What follows is a chart showing the number of bulletins planned, along with the severity and products
DefCON Observations from a First-Timer
In April of this year, InfoSec launched a new team called Customer Compliance. Several senior InfoSec employees joined its ranks, and I was hired into the team. My name is Meg Grady-Troia, and I'm a member of Akamai's Customer Compliance team because I am an anthropologist, an educator, and a writer. My job is finding creative and effective ways to begin sharing Akamai's security posture and platform with our customers,
#FFSec: Security Pros on Twitter Who Will Show You T ...
Those who know me are aware of my fondness for Follow Friday -- a tradition on Twitter where people recognize the folks whose tweets keep them inspired and informed. In my case, the focus is on people in the InfoSec community. I have a list on Twitter that will show you 275 security pros I currently follow. You can see their bios and press the follow button on those you
Quick Wins with Website Protection Services
Securosis analyst Mike Rothman recently wrote a paper on the benefits of website protection services (WPS). I recommend you give it a read, as it's some of the most descriptive research I've seen on the subject. Content in the report was developed independently of any sponsors and is based on material originally posted on the Securosis blog. It concludes that website protection services can add measurable security to your web presence in
Carder Gangs Continue Account Takeover Attempts
Akamai InfoSec continues to monitor repeated attempts to hijack the accounts of those doing business with our customers. In this attack, the bad guys reuse credentials they've stolen from other sites to fraudulently acquire merchandise. Attackers use automated tools commonly referred to as account checkers to quickly determine valid user ID and password combinations across a large number of ecommerce sites. The tools help the attackers identify valid accounts quickly
Four News Reports On Recent DDoS Activity
Since one of Akamai InfoSec's biggest tasks is to blunt the impact of DDoS attacks against customers, I'm always scanning the various tech news outlets to see what's new and who among us is being quoted. Here are four that have caught my attention in recent days -- two of which include insight from Akamai CSIRT Director Michael Smith.DDoS Attackers Change Their Game PlansSmith is quoted in this article about how
Bypassing Content Delivery Security
As is true of every year at Black Hat there are some talks that catch our attention. Talks range from the well thought out research papers to those of the narcissistic vulnerability pimps. This year was no exception. A talk entitled "Denying Service to DDoS Protection Services" by Allison Nixon is a presentation which fell into the well thought out column. This talk caught our attention for the obvious reason
Security Reminders Inspired By Van Halen's Brown M&M ...
It's a popular bit of Rock & Roll lore: The band Van Halen conducted a test to make sure its tour contracts were being read, placing in a line saying there were to be no brown M&Ms backstage. Not surprisingly, they found a couple browns and trashed their dressing room in response. The real story is a lot less dramatic. It wasn't about the band playing games with people. It