Akamai Edge attendees will hear the names of two security vulnerabilities a lot this week: Shellshock and Heartbleed. Both shook the security industry to the core this year, and Akamai security staff spent countless hours working to protect customers against these threats.
A look at two of six security holes summarized last week in six CVE advisories. These were the last two to be published late last week.
CSO Andy Ellis’ update to customers on the Shellshock situation, published Thursday afternoon.
CSO Andy Ellis’ first post regarding the threat.
Akamai Launches New Protection for Shellshock-Bash
An update on what Akamai is doing to protect customers from the Shellshock-Bash vulnerability, by Akamai Director of Product Marketing Daniel Shugrue.
Shellshock-Bash CVE List: Where Akamai Fits In
A look at all of the CVE advisories now in circulation, and how they relate to Akamai’s mitigation strategies, by Akamai CSO Andy Ellis, Akamai Chief Security Architect Brian Sniffen, and Akamai Senior Program Manager Bill Brenner.
Shellshock Bash Explained
In this podcast, Akamai’s Martin McKeay, Michael Smith and Bill Brenner discuss the Shellshock Bash bug and what Akamai is doing to keep customers secure.
Through The Bashdoor
The Shellshock story as told by Akamai’s Security Platform Statistics, by Ezra Caltum, Adi Ludmer and Ory Segal
The Evolution of TLS/SSL – Improving the Foundations of Internet Security: In the wake of the Heartbleed vulnerability, attention has turned to TLS, the fundamental building block of Internet encryption and authentication. In this session we’ll look at the evolving TLS standard and concentrate on new ciphers, authentication mechanisms, and asymmetric key changes – how they propose to impact the security of our data, and considerations for implementation and performance.
In recent months we’ve also released blog posts and a podcast outlining what Akamai has been doing to mitigate the vulnerability. All posts were written by CSO Andy Ellis:
The Brittleness of the SSL/TLS Certificate System
Despite the time and inconvenience caused to the industry by Heartbleed, its impact does provide some impetus for examining the underlying certificate hierarchy.
Podcast: CSO Andy Ellis on Heartbleed
My “lessons learned” interview with Andy.
Heartbleed: A History
A history of Heartbleed.
During the Heartbleed crisis, we gave a series of updates in The Akamai Blog. This was the third such update, which captured all the important points.