B-C-METOYX

The Week in Security Storytelling

Blog Post created by B-C-METOYX Employee on Jan 16, 2015

Good morning, folks. Highlights this week include a new episode of the Security Kahuna Podcast (with Dave Lewis, Martin McKeay and I), and some previews of the upcoming Q4 State of the Internet – Security report.

 

You can find this content and much more at http://www.akamai.com/infosec, https://community.akamai.com/welcome and http://www.stateoftheinternet.com/.

 

The Trouble With Bots, Spiders and Scrapers

Third-party content bots and scrapers are becoming more prevalent as developers seek to gather, store, sort and present a wealth of information available from other websites.

https://blogs.akamai.com/2015/01/performance-mitigation-bots-spiders-and-scrapers.html

 

Security Kahuna Podcast, 1-13-15

Microsoft's announcement that it will no longer offer advance patch notification to the masses has rekindled the debate over how best to handle vulnerability disclosure. Bill Brenner, Dave Lewis and Martin McKeay discuss this and other issues.

https://blogs.akamai.com/2015/01/security-kahuna-podcast-1-13-15.html

 

Open Redirect, XSS and SEO Attacks

Ezra Caltum writes: A couple of months ago, my colleague Or Katz published an article about an interesting trend that he uncovered, in which Black Hat SEO marketers where abusing Open Redirect vulnerabilities on popular websites to increase the popularity of advertisement sites. While performing unrelated attack trend analysis, I recently stumbled upon an interesting finding that further demonstrates the use of web application layer vulnerabilities for SEO purposes. https://blogs.akamai.com/2015/01/open-redirect-xss-and-seo-attacks.html

 

TCP Flag DDoS Attack by Lizard Squad Indicates DDoS Tool Development

Selected as the Spotlight Attack for the quarter in the Q4 2014 State of the Internet - Security Report , which will be available later this month, the multiple TCP flag DDoS attack was part of a DDoS attack campaign launched against an Akamai customer in August and again in December. The attack achieved its goal in that it generated high traffic volumes and high packet rates. Of course, Akamai scrubbed the malicious traffic, sending only clean traffic to the customer.

https://blogs.akamai.com/2015/01/tcp-flag-ddos-attack-by-lizard-squad-indicates-ddos-tool-development.html

 

ShmooCon Security Conference This Weekend

ShmooCon has always been one of my favorite security conferences. Unfortunately, I can't be there this year. But for those who are going this weekend, here's what to expect.

https://blogs.akamai.com/2015/01/shmoocon-security-conference-this-weekend.html

 

External content:

 

3 Problems With UK PM Cameron's Crypto Proposal

By Dave Lewis, in Forbes… It seems that David Cameron has a desire to return the UK to an agrarian society. This by virtue of his promise to ensure that their are backdoors in  encryption implementations so that law enforcement could monitor all encrypted traffic in the UK. This week the UK prime minister dropped a gem of a missive. He let it known that should his party regain power for another term that he would see to it that encryption would only be allowed that could surveilled by the government.

http://www.forbes.com/sites/davelewis/2015/01/15/3-problems-with-uk-pm-camerons-crypto-proposal/

 

BAD ANTI-HACKING LAWS: WE CAN EDUCATE THE PUBLIC

By Bill Brenner, in Liquidmatrix… There's much alarm in the security community over new anti-hacking laws President Obama plans to float in his State of the Union address next week. The alarm is justified. But we can educate the public.

http://www.liquidmatrix.org/blog/2015/01/15/bad-anti-hacking-laws-can-educate-public/

Outcomes