Archives for 

Botnet

Akamai’s incapability to protect, dups its customer after massive DDOS attack, Google anti-DDOS protection to the rescue of krebsonsecurity

Last week KrebsOnSecurity.com was targeted by massive 620Gbps DDoS (Distributed Denial of Service Attack) and Kerbs had to take his site down for days. The decision of taking the site down was made after Akamai (aka Prolexic) decides that the pro bono service they were offering was costing them and their customers in millions and it was a business decision to drop Krebs down.

The question of ethics and capability of Akamai is questioned both for pro bono or paid customer about the service what Akamai can provide.

For a company like Akamai whose market cap is approx 9B$, tackling such DDoS load should not be an issue. It must be easier than ever. Instead Akamai chickened out and dumped Krebs in the middle of the water with only 2 hour notice.”

How professional is that? Is this what they provide to their customer?

Krebs may not agree on the above statement because he clearly mentioned it’s not the fault of Akalami/prolexic for the pro bon service they were offering. Akamai wanted the blogger to pay 100- 150,000$ for the services to continue to be protected. It’s a shame on Akamai/Prolexic part even though many may not agree on this.

But for the current and future customers of security industry it shows that Akamai / Prolexic cannot handle such huge attacks and they will drop its customers instead of protecting and they have proved it with this incident. Additionally it also shows that Akamai is not what it claims in their marketing claims.

“Akamai claims that it handles more than 30% of the Internet’s traffic every day, delivering more than 30 Terabits per second, and delivering the pipe through which users conduct nearly 3 trillion Internet interactions each day, enabling, it claims, more than $250 billion in annual e-commerce for its online retail customers. “

For anyone reading the news, the above statement holds false and a fake sales pitch with the decision of kicking out Kerbs. If a company cannot handle a website like Kerbs they are far off protecting the larger customers when similar or must larger incident happens.

(Image: starwars.wikia.com)

(Image: starwars.wikia.com)

As stated on Nicks post he has beautifully states:

“ Defenders of Akamai have said that, since Brian was getting pro-bono service from Akamai, that Akamai would not be held to the standard that they would be with, say, a paying customer.

If Akamai is doing it pro-bono, it’s doing it not from the goodness of its heart, but rather as a marketing and sales tool to demonstrate that, thanks to Akamai, Krebs can stay up, because Akamai is so awesome that it can, for example, deliver more than 30 Terabits per second, delivering the pipe through which users conduct nearly 3 trillion Internet interactions each day, enabling more than $250 billion in annual e-commerce for its online retail customers.”

It’s an ad. It’s a billboard. And unfortunately, it still is an ad. A billboard. And right now, that billboard reads to me:

Akamai. Standing Behind Its Customers Until The Attack Hits 620gbps.

Luckily Google came to the rescue supporting the free press.

Other references link

Share Button

Thousands of medical systems are exposed to widespread cyber-attacks – Derbycon

Recent reports presented by Scott Erven and Mark Collao at Derbycon have revealed that thousands of medical systems are exposed to widespread cyber-attacks. The researchers reported that a giant U.S. medical organization with 12,000 staff and 3,000 physicians has over 68,000 systems that are vulnerable. The researchers indicate that this is just the tip of […]
Share Button
Continue reading →

Smartphone browsers can deliver powerful DDoS attack with 4.5billion requests causing Flood Attack

One of the most malicious attacks that can ever be launched on a website is being flooded with multiple requests that it cannot handle, otherwise known as DDoS’es. According to internet security researchers, this nightmare may have recently become a reality after one site was targeted in such a manner with an aim of overwhelming […]
Share Button
Continue reading →

Two new Point of Sale malware targeted on Small and Medium Business in the United States

Two new malwares that affect point of sale (PoS) machines have been detected by the researchers at Trend Micro. The malware have been affecting small and medium sized businesses or SMBs, primarily in the United States. These two malwares have been named Katrina and CenterPoS by their developers. Trend Micro researchers had earlier reported PoS […]
Share Button
Continue reading →

Android devices hijacked by Chinese company for guaranteed Clicks around the world

A mobile app development company has been identified as the perpetrator of distributing malicious applications globally and hacking the Android phones of users on whose devices these apps are installed. The apps grant complete access to the Android devices of the users and the attackers can gain total control over these devices. These malware apps […]
Share Button
Continue reading →

3 Key Take Away’s from RSA Conference 2014 – San Francisco for CISOs and Security Enthusiasts

Author : Arun Hegde , Security Architect @arun25 Here is a quick summary about my experience at RSA Conference 2014 – San Francisco last month  Highlights of RSA 2014 : Some of the highlights at this year at RSA was cloud security, mobile security ( specially for enterprise), more companies providing SIEM solutions  and lot of new […]
Share Button
Continue reading →

Dendroid – Next Generation Crime-ware toolkit targeting Android

Dendroid, the next generation Crimeware toolkit which can  convert apps to malware , is available in underground market for only $300. It also comes with a 24 hour support if you are stuck up on your way.  Symantec mentioned that this is evolution of AndroRAT( first ever malware APK binder). Dendroid is a HTTP RAT that […]
Share Button
Continue reading →

Facebook Advertising “Suggested Posts” delivers Android Malware

Researchers have identified a tricky Android malware spreading via facebook advertising. When Facebook is accessed from an Android device, users may see messages under Facebook adverting under “Suggested Post”. Some of the identified ads read as “WhatsApp tips like: “Want to know how to see your contacts’ chats on WhatsApp?” “Want to hide your WhatsApp […]
Share Button
Continue reading →

Yahoo vulnerability could have allowed Hacker to delete more than 1.5 million records

Ibrahim Raafat ( @RaafatSEC ) , a Egyptian security researcher identified an vulnerability which could have potentially deleted more than 1.5 million records form its database. He further demonstrated ‘Insecure Direct Object Reference Vulnerability’ on his blog which appeared to have been fixed by Yahoo. He performed the demo with his account. The vulnerability escalated the users privilege to delete the […]
Share Button
Continue reading →

EC-Council, Security Certification Group website hacked and defaced

“Although EC-Council has been respected by corporations and governments, many in the in the security community don’t agree the way they certify and considered it as useless certification ”  Analysts predict that Passports of more than 60,000 US military and government IT professionals at risk Hacker went by the name of Eugene Belford, claims to […]
Share Button
Continue reading →