Page 1 of 2
HTC revealed its plan to turn Sense feature Zoe into a full-on social network a couple months back. Today, the company announced that the photo and video-sharing app is exiting its open beta, and is available for compatible Android devices (4.3 and above). If you’re in need of a refresher, Zoe lets you turn snapshots and video clips into highlight reels (Zoes) with music included. It also allows your pals to “remix” photos and videos with yours for collaborative efforts that can now be 7, 15 or 30 seconds in length. And as you might expect, Zoe works with footage from the company’s newfangled RE action cam to produce the final product, should the need arise. So what about the iOS app? While the Android faithful can nab the software today, HTC says that the version for Apple’s gadgets will arrive “later this year.” For now, the curious can take a closer look at the iOS app in the gallery down below. %Gallery-slideshow231391%0
Akamai Edge 2014 continues today with the second day of Akamai University and API Boot camp. To coincide with this, I’m running three security lessons that are part of an upcoming video series. This is the second of three installments, and was written by Akamai program managers James Salerno and Dan Philpott.
This lesson is about FedRAMP, why it was created and why it’s become an important part of Akamai’s security compliance process.
Akamai complies with many industry standards and regulations such as Sarbanes-Oxley (SOX), the PCI Data Security Standard and ISO. FedRAMP — the acronym for the Federal Risk Assessment Management Program — is one of the most recent pieces of our compliance program.
For the US Federal Government to operate a system, the system must be authorized.
For cloud computing, FedRAMP is the mechanism it uses for provisional authorizations to operate (PATOs).
The FedRAMP program is organized by the General Services Administration, which handles most of the project management for the authorization process.
However, the actual PATOs are issued by what’s called the JAB, or Joint Authorization Board. The JAB is made up of the CIOs from the Department of Homeland Security, Department of Defense, and General Services Administration.
The FedRAMP authorization process requires Akamai — as a Cloud Service Provider — to document a variety of controls we use to secure the Akamai FedRAMP-scoped systems.
We cover controls detailing our network security, network scanning, host hardening, monitoring, physical security and many more aspects of security.
From there, our controls are tested. Unlike some security assessments, which are simply an annual check, FedRAMP requires continuous monitoring.
If we spot a problem, we are required to fix it. It’s through this process that we assure FedRAMP that our system meets the goals of the program. When we submit our assessment to the JAB, it reviews it and asks questions. Akamai provides answers, and at the conclusion the JAB makes its authorization decision.
The U.S. General Services Administration lists the following goals and benefits of FedRAMP on its website:
–Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations
–Increase confidence in security of cloud solutions
–Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for Cloud product approval in or outside of FedRAMP
–Ensure consistent application of existing security practices
–Increase confidence in security assessments
–Increase automation and near real-time data for continuous monitoring
–Increases re-use of existing security assessments across agencies
–Saves significant cost, time and resources – “do once, use many times”
–Improves real-time security visibility
–Provides a uniform approach to risk-based management
–Enhances transparency between government and cloud service providers (CSPs)
–Improves the trustworthiness, reliability, consistency, and quality of the Federal security authorization process
That concludes our lesson for today.1 karma points
Say what you will about user interface, but as we consider the experience of in-app vs. mobile Web video, current consumer attention is on the apps. The app-happy world is where today’s mobile
consumers are engaged and spending most of their time, making it the perfect medium to host video. Recent reports by Flurry suggest that as much of 86% of time spent on mobile devices is spent inside
the application rather than roaming the mobile Meb. Yet, a strategy that includes both in-app and mobile Web video advertising is crucial for achieving scale and engagement.
Contour came back from the dead this spring, but the first action cameras it sold upon its revival were simply old models from 2012 — that’s not much help if you’re a loyal fan looking to upgrade. As of today, though, there’s finally a brand new Contour cam to buy: meet the ROAM3. It’s not a huge break from the ROAM2 at first glance, as it can still record 1080p video at 30fps (720p video at 60fps) with its 270-degree rotating lens. However, it’s much more resilient than its ancestor; it can survive 30 feet underwater without using a waterproof case, which could make it a good match for your next surfing movie. It’s hard to say if the ROAM3 can lure you away from GoPro’s offerings, but its $200 price (which includes an 8GB memory card and two mounts) is low enough that it won’t hurt too much to give Contour another try.
Filed under: Cameras
According to Ooyala’s Q2 Video Index being released today, viewing via mobile devices is destined to make up more than half of all video views by 2016. That’s right around the corner.0
HD Voice technology isn’t particularly new — in fact, some UK operators have supported it since as far back as 2010. Very few devices were HD-capable back then, though, but lots of modern smartphones are now suitably equipped, leading other carriers to get their acts together. Today, Vodafone announced it’s joining the party, letting anyone with a supported handset make HD calls to others on the same network. HD Voice, if you weren’t aware, widens the frequency range of your call, ensuring conversations almost sound like you’re talking to someone face-to-face. Today’s launch means O2 is now the only major UK carrier not offering the feature, and it says it has no official plans to either. Given most smartphone usage is dedicated to messaging and photo apps these days, today’s launch might not excite Vodafone customers all that much. The difference in quality is noticeable though, so prepare to feel like someone’s living inside your head the first time a call connects in HD.
Source: Vodafone Blog0
Today is the internet’s “Day of Action,” an organized protest aimed at the Comcasts and Time Warners of the world from internet denizens, organizations, and companies. And some of the internet’s biggies are on board: Netflix, Twitter, Dropbox, Reddit, Tumblr and more. Perhaps you noticed a widget on Netflix today (seen above)? That’s part of the protest: not actually slowing down websites (which would no doubt frustrate users), but helping to enlighten users who might not know what net neutrality is.
Wait — are you one of those people? That’s totally possible! Here’s a quick summary: net neutrality is the internet as it exists today. All websites are created equal — there are no websites that load noticeably faster or slower than others due to internet providers signing financial contracts with website owners/service providers. Today’s protest is about keeping things that way.0
You might have noticed a spinning logo banner on the JW Player Labs site today. We are participating in the 2014 Internet Slowdown. The banner will only be shown today, and only once to each site visitor.
We aren’t actually slowing down our site or software. The Slowdown is a coordinated symbolic act to raise awareness of the Net Neutrality debate. On the Internet, all data on the network is treated equallyit is a neutral, level playing field. The pages that are served from your personal blog are given no more or less priority than pages from other sites on the Web, even giants like Google or Facebook. The same is true for Skype calls, Netflix movies, and any other application that uses the Internet to transmit data packets.
Some of the largest Internet service providers (ISPs) are lobbying the U.S. government for permission to break this tradition and divide the Internet into slow and fast traffic lanes. The carriers would charge content providers extra for fast lane prioritization of their data.
This of course means that everyone not paying the fast lane toll gets stuck in the slow lane. If Net Neutrality is allowed to end, we could have an Internet where, say, Google pays ISPs to have their search results or maps delivered to users faster than Bing, or Netflix pays to have faster video delivery than Amazon.
The end of Net Neutrality would be very harmful to small- and medium-sized video publishers who don’t have millions of dollars to pay to ISPs for fast lane access. It would put them at a severe competitive disadvantage against large competitors. Such drastic imbalance in markets is never good for consumers.0
One day (soon, according to GM) it won’t be weird to get in a car, go for a drive and see the driver take their hands off of the wheel while the car continues on self-guided. That day isn’t today though, so while I’ve already had demos of “autonomous driving,” hopping in this Acura TLX for a quick drive through Detroit was still special. So far I’ve only seen similar technology working in controlled environments, but this time the car was navigating its way down the same highways I drive on regularly, and dealing with real drivers just trying to go about their day. As it turns out, after three years in development Honda’s technology can handle merging into highway traffic better than some people I know.
Filed under: Transportation
Content is king, but where would the king be if he couldn’t reach his royal subjects? We’ve all been exposed to the importance of content in today’s world, but as this trend evolves and content becomes more refined, content delivery systems need to keep pace. Creating great content is only the first step; if your content isn’t being delivered effectively, then your message is falling on deaf ears.
Distributing, tracking, and monetizing content are all aspects publishers and advertisers also need to address. From this comes the increasingly important need for turnkey solutions. Jaakko Is-Jarvenpaa, Head of Business Development at Kiosked, shares his thoughts on what delivery systems should focus on:0
We’ve talked a lot about autonomous driving developments like Google’s self-driving car, but today in Detroit GM CEO Mary Barra is announcing her company’s push to put similar technology in cars we can actually buy. Two years from now, Cadillac will launch an all-new car with its “Super Cruise” technology that not only holds your speed, but uses sensors to keep it in the middle of the lane, and can brake if necessary. We’ve ridden in a demo vehicle that could even steer to avoid obstacles, but what’s coming is more limited (likely because of legal and insurance questions that have yet to be answered), and says it will provide comfort to “an attentive driver” — hopefully with enough leeway for us to snap an in-traffic selfie or two. %Gallery-slideshow220733%
Filed under: Transportation0
We’ve seen way, way too many leaks of the next iPhone’s design, but none of them have shown a truly functional device — until today, apparently. With the help of cnBeta, Chinese leaker zzray has posted photos and video that reportedly show off a fully functional 4.7-inch iPhone. On the surface, it’s exactly what you’d expect: it’s the iPhone 5s on a grander scale, with more real estate for icons and other content.
By Charlie Minesinger, Director of Sales, Distil Networks
After learning about the dangers of web bots and how they can hurt your website, your sales and your business as a whole, you’ll likely want to take every precaution possible to prevent an attack and remove bot traffic from your website. There are some steps you can take on your own like implementing CAPTCHAs on forms or blocking IP addresses, but you do not want to ruin the user experience and possibly block IP addresses of major consumer ISPs.
How to Choose a Bot Protection Solution
In order to ensure your site and business has the best protections available, it’s important to choose a solution that does not rely on IP addresses alone; provides real-time detection and mitigation (without adding even 10 milliseconds of latency); offers very high accuracy (at or above 99 percent); and learns and improves, constantly.
So, when evaluating bot protection solutions, you’ll want to look for these items:
You can find efficient, comprehensive solutions for blocking bots and protecting your website with Distil Networks. Distil’s protection service eliminates content theft, stops fraud bots, and alerts you to any and all potential bot attacks; in fact, Distil identifies 99.9 percent of bot page requests in real time. To learn more about Distil Networks, visit www.DistilNetworks.com or contact the Distil team today.0
This series of posts is geared to provide insight into our strategy, and will touch on one of the six basic approaches to remaking market boundaries.
Look Across Time Video is Rapidly Becoming Mainstream, Everywhere
All industries are subject to trends that affect their businesses over time. Looking at these trends with the right perspective can lead to blue ocean opportunities. The biggest trend is the shift of the last 10 years has been collapse of the industrial media complex‘ and the democratization of media creation and distribution. This has meant a shift in power to the owners of good content and away from the limited distribution paths of the past. And today anyone can be a content creator. The owners of newspapers, magazines, radio and television are no longer the gatekeepers of information and everyone, and every company, has the ability to connect directly with the audiences that matter to them.
What is more, the means of communication is changing, the silos of text, sound and pictures are collapsing and we’re seeing the rise of transmedia with video being very much at the forefront and acting as a catalyst to engagement and further action. These technological advancements in the creation and distribution of content have shifted the job for communicating from the hands of few to the function of many. It is no longer possible to have a marketing department pay for TV, radio and print and call it a day. That system worked up to a point, the point of no longer being ignorant of the facts. As John Wanamaker is famous for saying:
Half the money I spend on advertising is wasted; the trouble is I don’t know which half
As companies struggle to become more like media companies they evolve from basic web publishing of text and images to the embrace of video. It is important to remember that YouTube is not yet ten years old and we are still struggling with a myriad of issues to make video play nicely across all devices, and that those are just the basics. We are entering a time when media customers are beyond experimentation, in fact there is now a keen awareness that their businesses are dependent on their ability to growth digitally and make money by connecting people directly to content, or to goods via the information in the content.1 karma points
As an Amazon Elastic Compute Cloud (EC2) user, you probably know just how simple and easy it is to launch EC2 instances
on an as-needed basis. Perhaps you got your start by manually launching an instance or two,
and later moved to a model where you launch instances through a AWS CloudFormation template,
Auto Scaling, or in Spot form.
Today we are launching an important new feature for the AWS Management Console. You can now find the instance or instances
that you are looking for by filtering on tags and attributes, with some advanced options including
inverse search, partial search, and regular expressions.
Regardless of the manner in which you launch them, you probably want to track the role (development,
test, production, and so forth) internal owner, and other attributes of each instance. This
becomes especially important as your fleet grows to hundreds or thousands of instances. We have
long supported tagging of EC2 instances (and other resources) for many years. As you
probably know already, you can add up to ten tags (name/value pairs) to many types of AWS resources.
While I can sort by the tags to group like-tagged instances together, there’s clearly room to do
even better! With today’s launch, you can use the tags that you assign, along with the
instance attributes, to locate the instance or instances that you are looking for.
Query With Tags & Attributes
As I was writing this post, I launched ten EC2 instances,
added Mode and Owner tags to each
one (supplementing the default Name, and then
configured the console to show the tags and their values:
The new filter box offers many options. I’ll do my best to show them all to you!
In the examples that follow, I will filter my instances using the tags that
I assigned to the instances. I’ll start with simple examples and work up to some more complex ones.
I can filter by keyword. Let’s say that I am looking for an instance and can only recall part of the
instance id (this turns out to be a very popular way to search). I enter the partial id (“2a27”) in to the filter box and press Enter to find it:
Let’s say that I want to find all of the instances where I am listed as Owner. I click in the Filter box
for some guidance:
I select the Owner tag and select from among the values presented to me:
Here are the results:
I can add a second filter if I want to see only the instances where I am the owner and the Mode
I can also filter by any of the attributes of the instance. For example, I can easily find all of the
instances that are in the Stopped state:
And I can, of course, combine this with a filter on a tag. I can find all of my stopped instances:
I can use an inverse search to find everyone else’s stopped instances (I simply prefix the value with an exclamation mark):
I can also use regular expressions to find instances owned by Kelly or Andy:
And I can do partial matches to compensate for inconsistent naming:
I can even filter by launch date to find instances that are newer or older than a particular
Finally, the filter information is represented in the console URL so that you can bookmark your
filters or share them with your colleagues:
This feature is available now and you can start using it today. It works for EC2 instances now; we
expect to make it available for other types of EC2 resources before too long.
Let’s make one thing absolutely clear at the outset: the time to think about the best options for cyber-threat mitigation is NOT when your network is being attacked. In the best-case scenario you will already have a mitigation strategy in place for defending against both network-layer and application-layer attacks. The most important thing to know when you are building a multi-layered approach to securing web applications is that security solutions aren’t one-size-fits-all. You have several options to mix and match. Akamai’s free eBook, “Threats and Mitigations: A Guide to Multi-Layered Web Security”, gives you options for making the choices that best fit both your business and IT infrastructure requirements.
These days it’s not enough to have a web-application firewall (WAF). The key to using hardware devices in a mitigation strategy is understanding what these devices can and cannot do. Defending against today’s increasingly sophisticated application-layer attacks can be resource-intensive. WAFs require large amounts of computing resources and processing, which can degrade performance. The fact is that most devices represent a single point of failure. Moreover, by definition on-premises hardware attempts to stop an attack only after it’s entered the data center – when it’s simply too late.
Enter the new era of cloud-based mitigation services that reside outside of your data center and stop malicious traffic before it can penetrate your company’s infrastructure. You have choices to make here, too. You can go with always-on mitigation that acts like a shock absorber that protects your network by taking the first big hit of a cyber-attack. Or you can choose an on-demand solution that you can engage once an attack is suspected to intercept your incoming traffic using mitigation services where legitimate traffic is forwarded on and malicious attack traffic is scrubbed.
Yet another option is Website Protection Service providers who utilize CDNs to provide network- and application-layer security for Web sites and applications. As a cloud-based proxy, these networks sit in front of your IT infrastructure and deliver traffic from your end users to your Web sites and applications. The cloud platform examines network traffic for known threats and passes only legitimate traffic to the Web application. Chapter 3 in “Threats and Mitigations: A Guide to Multi-Layered Web Security” discusses the advantages and caveats of using each of these solutions, or blending them in a multi-layer mitigation strategy.
Don’t wait until your business is targeted by a cyber-attack. Download our free eBook, “Threats and Mitigations: A Guide to Multi-Layered Web Security,” which covers everything you need to know about the types of cyber threats, how to secure websites, how to protect applications against data theft, how to choose a web security solution, and how to make your network less vulnerable to attack.0
According to research from our friends at ExactTarget, driving increased conversion rates is the single highest priority for digital marketers today. How did conversion displace some of the big marketing challenges like branding, big data, social and mobile? Two reasons:
First, as more and more of the buyer journey takes place through digital channels, the responsibility for conversion has shifted to marketing.
Second, marketers today have to be keenly aware of every stage of the buyer journey and every incremental conversion point along the way. Although there is much debate in marketing circles about the death of the funnel, there is no doubt that each opportunity you engage with your audience is a moment of truth that involves conversion. In other words, the definition of conversion has significantly expanded to encompass all the small decisions a buyer might make when evaluating a product or service. Should I download this paper, attend this webinar, watch this video?
Earlier this month, we released a great new infographic focused on conversion (check it out here). One of my favorite sections of the infographic is where we look at different types of conversion and overlay some compelling stats about the power of video.
The great story here is that for each stage of a buyer journey, and for each interaction type, the data shows that marketer’s can improve their results by adding video too the mix. Not just small, incremental results but the kind of results that trigger cartwheels in the office and high-fives across the cube walls. More views, more email opens, more landing page clicks, and more leads.
As most marketers who have become part-time funnel mathemeticians can tell, conversion changes in one part of the funnel can have a massive impact on the overall buyer journey.
Consider this simple example: a B2B marketer spends $100k on a paid search campaign that resulted in 50,000 clicks and 1000 leads. Based on the most recent research, that same campaign with video on the landing page would have driven 1,800 leads for the same investment.
For marketers, the story is clear. Conversion matters not only because it represents moving prospects closer to a buying decision, but because it represents the quality of offers and content you deliver.0
Interviewing Akamai InfoSec’s summer interns recently, I was reminded of a six-step guide I wrote a few years ago for CSOonline on how young people can get their break in the industry. I think the suggestions are as valid today as they were then.
Written April 24, 2010…
If you’re young, breaking into the security industry can be difficult.
Companies have either suffered a data security breach or live in fear of one. So when they’re hiring new IT security personnel, they want years of experience. If you’re fresh out of college, that’s a problem.
Another problem is that security practitioners are control freaks by nature. They have to be, if you stop and think about it. They have a huge responsibility, and delegating some of the work to younger pups is a lot to expect.
But here’s the problem: The future of information security is in the hands of the youth. That may seem a cliched statement; so obvious it sounds stupid. But it’s a fact.
This column isn’t an invitation for young upstarts to cry and lament about the disadvantages they have. Instead, it’s about a few things you can do to break through and make it in the industry. Think of it as suggestions for becoming a security rock star, which you almost have to be to make a difference these days.
This morning I’m at Security B-Sides Boston, listening to a talk from someone who is fighting this battle right now. Joseph Sokoly, a security analyst at NetBoundary, recently gave a talk at the Austin, Texas B-Sides event about the troubles of being young in the security industry. This time, he’s in Boston giving an update on where his career trajectory has taken him in the weeks since then.
He has found that breaking into the security community is not nearly as hard as it first seemed. In fact, his career got a big boost simply because he had the guts to stand up in front of people and give his talk. “Giving the talk in Austin helped me tremendously,” Sokoly said. “It has opened doors. My being here is a result of that. First, the positive reaction from the community encouraged me not just to listen but to speak again.”
His Austin talk has also inspired security heavyweights like Chris Hoff and James Arlen to look at establishing a mentor program to coincide with this summer’s B-Sides Las Vegas event.
“Being proactive works. Put yourself out there and things will open up, but speaking doesn’t have to be it. Use Twitter. Start blogging,” Sokoly said. He’s absolutely right.
His suggestion young security practitioners speak up and force others to take notice isn’t a new concept. But it’s advice that too few people take.
Instead, prospective employees try to let their raw technical ability do the talking. They get so bogged down on the technical that they ignore the cultural. It’s unfair to be frozen out, especially if you’re skills are well above someone who gets the job simply because they’ve been kicking around as employed security practitioners for five or more years. In other words, because they’ve simply managed to survive.
But life is always going to be unfair, so it’s better to focus on ways to get ahead. In that spirit, here are some suggestions, which I’ve admittedly borrowed from Sokoly. Call this imitation that’s meant to be a form of flattery, because what he said makes sense.
1. Learn how to write: Like it or not, writing is part of your job in the information age. You can’t make a difference simply by knowing how to configure a NAC system or do penetration testing. You have to be able to tell colleagues, bosses and business partners what you are doing, in their language. You’ll have to do this in board presentations and in reports. And if you really want to make a difference, you can share your experience by blogging. That gets you noticed, and in many cases will get you hired.
2. Learn How to Talk: The days of a security administrator holing up in a dark room shut off from the outside world is over. You have to be able to articulate what you’re trying to do in the spoken world. This isn’t just about learning how to be a good public speaker, though that is of high value. Learning to talk means learning to speak the language of those who decide how much budget you get for security or who gets hired.
3. Learn how to dress: This might sound weird, because most practitioners will dress according to the requirements of their employer. That could mean suit and tie, business casual, or something in between. But then there are times to dress to match the crowd you are in, particularly at security conferences. Business attire won’t help you network in a crowd of hackers at ShmooCon or DEFCON. Dressing like a punk rocker won’t cut it at a more C-level event.
4. Master social networking: You can be shy as can be and still be heard thanks to the world of social networking. Set yourself up on Twitter, Facebook and LinkedIn and share what you know. If you know what you’re talking about, people will follow you, including prospective employers.
5. Learn to work with suits AND mohawks: One of the problems in security today is that the profession is split into two groups who don’t communicate well: The executive-level suit and tie CSOs working for billion-dollar corporations or high-level government agencies, and the torn jeans-wearing, ear-pierced researchers. You can see the cultural chasm clearly when you go to a conference like ShmooCon and then something like CSO Perspectives. If you work on being able to communicate and work in both crowds, your stock will rise considerably.
6. Get to conferences: This one is easier said than done, because conferences cost money that you may not have. There are ways around that. Some companies will send interns to security events to get some real-world experience. If you blog, some conferences will give you a free press pass so long as you write about the conference in your blog. Then there are events like B-Sides, which is free and ongoing around the country. These events are full of knowledge. But just as importantly, these are places to meet people. The more people you meet, the more you know, and the more you know, the better your career prospects.
None of this is scientific advice, backed up with statistics and other data. It’s my personal observation as a security journalist. I hope it helps.0
Amazon Zocalo has been available in a Limited Preview since early July
(see my blog post,
Amazon Zocalo –
Document Storage and Sharing for the Enterprise to learn more). During the
Limited Preview, many AWS users expressed interest in evaluating Zocalo and were
admitted in to the Preview on a space-available basis.
Today we are making Amazon Zocalo generally available to all
AWS customers. You can sign up today and start using
Zocalo now. There’s a 30-day free trial (200 GB of storage per user for up to 50 users); after
that you pay $5 per user per month
(see the Zocalo Pricing page for more information).
As part of this move to general availability, we are also announcing
that AWS CloudTrail now records calls made to the Zocalo API. This
API is currently internal, but we plan to expose it in the
future. If you are interested in building applications that work
with the Zocalo API, please express your interest by emailing us
at email@example.com. We
are very interested in learning more about the kinds of applications
that you are thinking about building.
I have become a regular user of Zocalo, and also a big fan! I generally have between
5 and 10 blog post drafts under way at any given time. I write the first draft, upload
it to Zocalo, and share it with the Product Manager for initial review. We iterate on the
early drafts to smooth out any kinks, and then share it with a wider audience for
final review. When multiple reviewers provide feedback on the same document, Zocalo’s
Feedback tab lets me scan, summarize, and respond to the feedback quickly and
The data center perimeter is dead – web assets cannot be protected by a fortress wall – but a historical view of web protection lives on in the way many IT departments continue to defend their infrastructures. Websites and web applications increasingly live outside the data center. Cloud-based applications and websites are at constant risk from web threats that are becoming more damaging and sophisticated by the day.
Akamai advises organizations to avoid becoming the next cyber-attack victim in the headlines by making a critical evaluation of cybersecurity practices – and then take steps to extend multi-layered security controls to the cloud. Of course, before you can even start to build a multi-layered web defense, you must understand your enemy and its weapons.
Generally, attacks fall into two categories: Distributed denial of service (DDoS), which is also called denial of service (DoS), and hacks against web applications that steal data, such as SQL injection and other command injection attacks.
Akamai predicts that by 2020, the average distributed denial of service (DDoS) attack will generate 1.5 Tbps of network traffic, but even today’s large and sophisticated denial of service attacks can easily overwhelm available IT resources. The more you understand the nuances of different types of DDoS attacks and web threats, the better you can determine how they will affect your network.
A mind-boggling array of DoS and DDoS attacks occur at the network layer. These can be grouped into two broad categories: simple flooding and amplification attacks. Several readily available tools are available to attackers to automate the process of creating both types of attacks, allowing malicious actors with no technical background to quickly and easily threaten their choice of website.
Attacks at the application layer are also common and often very sophisticated. They consist of high bandwidth attacks and low-bandwidth denial of service attacks, Domain Name System (DNS) attacks, and attacks that steal data. Attempts to steal data are most likely to take the form of command injection attacks where a hacker injects commands into a vulnerable application. The attacker can then execute these commands to view data, wipe out data, or take over the machine.
Akamai advises practicing good web-application hygiene by using a secure software development lifecycle that includes secure configuration, updates, patches, and secure validation. In addition, a web application firewall (WAF) with anti-DoS capabilities provides a strong line of defense against application-layer attacks such as SQL injection commonly used to cover data theft. The eBook goes into greater detail on how to ensure good web-application hygiene and what to look for in a WAF.
With knowledge you can identify and close network vulnerabilities before your company is harmed. And the reality is that it is when, not if, your network will be threatened by cyber-attackers.
To that end, Akamai has released a free eBook, Threats and Mitigations: A Guide to Multi-Layered Web Security that covers important information that you need to know about the types of cyber threats, how to secure your sites, how to protect web applications from data theft, the different types of cybersecurity solutions, and how to make your network less vulnerable to attack.
There is no one solution to cybersecurity. Before you sign on the dotted line, know the key differences between on-premise hardware and cloud-based services; learn about the strengths of Security Operations Centers (SOCs) and Content Delivery Networks (CDNs) and of always-on services versus on-demand services. The eBook includes a guide to asking the right questions when seeking a web security services provider.
The fortress can no longer be defended by traditional methods, but it can be defended. The cyber battlefield keeps changing with powerful attacks that can down the websites and web applications of global brands, but you don’t have to become a victim. Learn how to defend your web and cloud resources – and win. The free Akamai eBook “Threats and Mitigations: A Guide to Multi-Layered Web Security” explains how. Download it today and learn how to build the strongest defense to protect all of your network assets and web applications.1 karma points
Dearly beloved video believers,
We are gathered here today in the presence of Blog so you may download the just-released Vimeo iOS update. Now you may join your iPhone in holy technology and be fruitful and multiply your video productivity as such:
Easily upload from your Camera Roll
Upload videos already on your iPhone or iPad directly to Vimeo in just a few speedy taps, without leaving the Vimeo app.
Privately share with people you know
Send videos to the people of your choice via text, email, AirDrop, Facebook, Twitter, ESP, and more! (J/K about that last one.)
Find and follow friends already on Vimeo
You like your friends (hopefully). Now use the Vimeo app to search for those people on Vimeo, then follow them to see what they’re uploading and sharing.
Invite your pals to join you on the world’s best video platform
Do you take this update to be your unlawfully wedded Vimeo app? I do(wnload it now). Or, see it in action:0
Recently, some businesses experienced outages as a result of older routers hitting the default 512k routing table limit. Here at Internap, we have long been aware of the TCAM problem and have taken steps to prepare for it, but many companies are now getting caught off guard. As the global routing table continues to grow, there will likely be an increase in routing instability over the next few months/years, and smaller enterprises could learn some very painful lessons.
If a company is humming along with a BGP routing table of 500,000 routes from its Internet provider, then all of a sudden a Tier1 provider adds 15,000 routes to the table, they are now pushed over the 512,000 route limit and everything goes sideways. I expect to see a lot of that happening as we hit the 512,000 threshold; today we are at about 500,000 routes in the global table, which grows by about 1,000 a week on average. (The larger Tier1 providers such as Verizon, AT&T, Level3, etc. largely know about and have planned for this issue. I would be surprised if they experience any impact.)
The Cisco 6500 and 7600 router platforms are some of the most common pieces of network hardware out there literally one of the most widely-deployed pieces of hardware on the Internet. (At Internap, we are actively replacing them with more-scalable platforms, expected to finish up in the next few quarters.) Older hardware platforms also have this same limited-memory problem, but for the most part, those platforms have been EOL’ed years ago by hardware vendors such as Cisco, Juniper and Brocade, so anyone still using them for full BGP tables is living dangerously against their vendor’s recommendation. However, the 6500/7600 are not EOL’ed and continue to be a core part of Cisco’s revenue stream, so this is a very real problem for a lot of companies.
Internap lands all of our upstream NSPs on newer-generation Cisco ASR1000 and Cisco ASR9000 platforms, which are built to scale to the much larger routing tables of the future, so we are not too worried. One of the reasons that we purchased these next-gen routers to land our upstream NSPs is our Managed Internet Route OptimizerTM (MIRO) technology. MIRO requires a full routing table from each NSP on the router, which uses up TCAM very quickly. Most enterprise/SMB companies out there are not landing multiple providers on a single router like we are doing; most of our markets have 10-12 providers spread across 3-4 cores, so we were forced to confront TCAM limitations some time ago.
On the 6500/7600 platforms, the previous generation supervisor module (the SUP2, which was EOL’ed a few years ago) can only hold 512k routes total, so as that tipping point is reached, lots of companies are going to need emergency hardware upgrades, or they will have to take less than a full BGP table from their provider. Taking less than a full table from the upstream provider is impactful to how granular a company can control their routing, and how much insight they have into what’s going on with the full Internet table, which is definitely a step backwards. Most companies will choose to upgrade the hardware instead, in my opinion.
The current generation 6500/7600 supervisor modules (the SUP720? module on the 6500 and the RSP720? module on the 7600) that are widely deployed on millions of production chassis can hold 1,024,000 routes total. The default settings for memory allocation on those modules are 512k IPv4 routes and 256k IPv6 routes (since an IPv6 route takes up twice as much memory as an IPv4 route). While the supervisor modules can hold more than 512k IPv4 routes, a lot of companies are going to learn The Hard Way that they have not manually re-allocated the memory to accommodate the ever-growing routing table. You have to make a config change and reload the router entirely, which is painful to rollout across a global footprint, and you might not even know you need to do it.
At Internap, we have retuned our remaining 6500s for 800k IPv4 and 100k IPv6 routes, which should last us over the next 2-3 years while we phase out our Cisco 6500s and 7600s. We did this specifically to address routing table growth. Currently, we are auditing all of our MCPEs (Managed Customer Premise Equipment) since those are much smaller hardware platforms with less memory available, to make sure there are no issues.
Over the next few years, millions of chassis will hit their physical limits. But you can’t just upgrade the supervisor module to the latest and greatest to get a few more years of runway the entire chassis has to be replaced. The next-gen supervisor module for Cisco’s 6500/7600 platform that started shipping last year (the SUP2T) has the exact same limit of 1,024,000 routing table entries, which means if you are using the 6500/7600 platform, you have to replace the whole chassis with a next-gen model like the Cisco ASR9000, Juniper MX, Brocade MLX, etc.
The only other option is to take a partial/default-only BGP route. This graph of BGP table growth should be very scary for someone running hardware with a 1M route limitation.
Compounding this problem, the American Registry for Internet Numbers (ARIN) (the regional authority for North America that hands out IP addresses) continues to run out of IPv4 space.
Right now, the BGP boundary for a route in the global routing table is /24, meaning that the global routing table only has routes /24 or larger in it, specifically to keep the size of the routing table down to accommodate hardware limitations. The purpose of this limit has been to control de-aggregation of the routing table, because the vast majority of hardware deployed today can’t really support the routing table blowing up any larger than it already is. However, ARIN trying to squeeze as much lifespan out of its remaining IPv4 allocations as possible has started giving out smaller and smaller blocks and asking providers to route smaller allocations. Just last week, ARIN conducted a test where they tried to route /27s in the global routing table to see which providers might or might not be able to route blocks smaller than the /24 boundary. That is further indication that ARIN and the network operator community want to continue to de-aggregate the remaining address pool and prevent IPv4 exhaustion for as long as they can, but this will be incredibly problematic for everyone because it balloons the routing table and brings hardware limitations to the forefront.
By squeezing as much life out of the remaining IPv4 pool, network operators can delay the migration to IPv6. Routing IPv6 packets is well-supported within most hardware these days, but we find customers struggling with all of the ancillary things that have to happen retraining their NOC, rebuilding their management, monitoring, and troubleshooting tools to speak both IPv4 and IPv6, developing IPv6 operational experience and so forth. Routing IPv6 packets is the easy part; all the other stuff that goes along with supporting IPv6 can scare off less-experienced customers. At that point, just let the routing table get a little bigger seems like an easy fix to avoid making wholesale migrations to IPv6 which might require new hardware, new tools and some operational struggles. Network operators will always put off large-scale technology leaps in favor of having more time to fight today’s fires, but that will not last forever.
So, back to ARIN. Breaking a /24 in half gets you two /25s, or four /26s, or eight /27s imagine if a plurality of companies out there took all their /24s and started de-aggregating down to the /27 level, causing an 8x increase in their portions of the routing table. This will be a nightmare for most everyone, and a financial windfall for hardware manufacturers.
One of the most basic lessons from The Art of War is not to fight a war on two fronts simultaneously, but that is exactly what’s happening. On one hand, companies don’t want the headache of fully migrating to IPv6, so they’re encouraging ARIN to de-aggregate the routing table and squeeze as much IPv4 out of the remaining allocations as possible, which is inflating the routing table. On the other hand, massive wholescale hardware upgrades will be upon us in the near future, and companies must be ready to fight that battle when the time comes.
The post Growing pains of the Internet global routing table appeared first on Internap.0
Earth Girls Are Easy (1988) stars Geena Davis and Jeff Goldblum (who were also husband and wife at the time!), as a sweet Valley Girl manicurist and a hunky space alien who fall in love after his UFO crashes into her pool. Valerie (Geena) works at a beauty salon called Curl Up and Dye, which I always thought was the coolest name for a place to get one’s hair did. A quick Google search revealed that many other people must have thought the same, because salons from Las Vegas to Bakersfield to Texas operate under the same clever pun! When Valerie senses her fiancé losing interest, she enlists the help of her salon boss, Candy Pink (the iconic Julie Brown who also penned the film), which results in one of the funnest makeover montage scenes to exist. Though I MUST disagree with Candy’s insistence that blondes have more fun
Makeovers were a recurring theme in the movie. The furry alien dudes needed to blend in with their newfound Earth surroundings so they went from this:
(Many of us whose first crush was Jeff Goldblum maaaay have been because of this movie, just sayin’.)
From the set design to the costumes, Earth Girls is a visual feast for those of us who embrace color in colossal amounts, both in our personal wardrobes and interior decor. Costume Designer Linda Bass and Production Designer Dennis Gassner made sure that both of their respective worlds were the perfect combo of pastels and geometric shapes. 80s does 50s was a theme that was seen a lot during that time and it makes plenty of appearances in the film, from Valerie’s retro cotton candy-colored kitchen to her nosy neighbor’s sky-high beehive hairdo, to Candy’s black and white-striped miniskirt and crop top which she wears while belting out Cause I’m a Blonde with her gaggle of beach bunnies and bros.
Although the film was released over two decades ago, many of the characters’ outfits could probably be seen on fashion-loving Tumblrs today. Go on any trendy clothing site like Nasty Gal or Dolls Kill and you will more than likely will find a few outfits that could easily have been worn by Julie Brown’s Candy. The kitschy heart-shaped purse that Valerie carries? The credit card earrings on a female club extra? Both of those accessories could have 100 likes on Instagram today, at least!
Nail design has amassed unbelievable levels of popularity over the years so it’s fun to see closeups of 80s-style nail art in the salon scenes. Valerie would definitely have been referred to as a nail artist instead of a manicurist if EGAE came out today. The film also features a cameo from LA billboard queen, Angelyne, whose frequent sightings of her driving around in her still-there (but most likely a successor) pink camaro around town are almost considered a token of good luck to LA residents. Such dedication to a signature color should be applauded!
Earth Girls are Easy is no doubt the perfect movie for those who are obsessed with camp, color, and crazy costumes and sets. You can also see the early comedic stylings of Jim Carrey and Damon Wayans who played Goldbum’s extraterrestrial buddies! Even the film’s premiere had their cast in amazing outfits:
– Marie Lodi, Style Advice Columnist and Staff Writer for Rookie.
Wondering what is the best way to monetize web videos? The answer to that question is ever adapting. Let’s look at the pros and cons of the most popular methods today: video advertising, sponsorship and Pay Per View video. Video Advertising When people think about monetizing video on the web, this is the first method [ ]0
Interested in Knowing More?
I’ll be hosting a Virtualizing Video webinar on Thursday August 21st at 12 p.m. EDT in conjunction with TV Technology. Details on the free webinar are available here.
– Ian Trow, Senior Director, Emerging Technology and Strategy0
Music video by The Gaslight Anthem performing Stay Vicious. … Get Hurt, began streaming today on First Play via iTunes radio, in anticipation for its …
Jan Dawson at Jackdaw Research has a great post about Samsung up today, arguing that the company’s future rests on turning around the struggling mobile division. It’s an interesting argument, but this insane chart in the middle is the real story: there isn’t a single consumer electronics company or major division that’s posted above a 10 percent operating margin for the past two years. Everyone’s fighting for scraps in a crowded market that’s getting even tighter as more and more individual devices get rolled up into mobile phones.
Meanwhile, Apple’s operating margin has averaged around 30 percent for the past two years, falling to a low of 27 percent in Q2 2013 and most recently coming in at 28.84 percent.0
In a discussion with reporters today, Verizon Wireless CEO Dan Mead hedged Comcast’s claims that LTE is a viable competitor to traditional landline cable modems. Anyone who uses both knows that it’s a ridiculous argument LTE service is usually slower, less consistent, and comes with deeply restrictive data caps but Comcast has been leaning on it as a supposed example of why competition is healthy in the broadband internet market. The end goal for the cable giant is to convince regulators that there’s enough competition in high-speed internet service that its pending acquisition of Time Warner Cable won’t create a monopoly or have a serious impact on consumer choice.0