Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

387
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#Akamai

2 posts2 participants0 posts today
Continued thread
Public
Neil Craig

Of course, there are other ways to configure sensitive values but I don't think it's necessarily obvious or front of mind when updating config and I honestly can't see (as someone who configures multiple services on Akamai regularly) why this feature is needed.
Unsure if it can be disabled or auth'd but I don't see any way to do that.
There are some docs which cover it a little bit: techdocs.akamai.com/download-d.
Just though it might not be common knowledge.
2/2
#Akamai #InfoSec #ReadTeam #BlueTeam

Public
Neil Craig

Akamai has what I personally think is a seriously risky mechanism for debugging HTTP requests/responses. You can send an HTTP request header of `pragma: akamai-x-get-extracted-values` for a URL served via Akamai & it'll return `x-akamai-session-info` response headers which include user-defined config variables - that's where the main risk is IMO. People may well not realise this feature exists & use the vars for sensitive info e.g. backend auth keys.
1/2
#Akamai #InfoSec #ReadTeam #BlueTeam

Public
tricia, queen of house cyberly :verified_paw: :donor:

oh man i'm stoked to share this one.

so at akamai we have these huge research reports called the State of the Internet (SOTIs) that we put out. they're typically pretty high level, showing what we've seen in a particular topic since such a huge portion of the internet runs on our stuff lol BUT this time, they let us try something new. :flow_happy:

This time, we pulled together some pretty deep, low-level technical research on risk scoring, a few botnets, vpn abuse, XSS, and k8s and collated it into an anthology designed for the defenders themselves. this was honestly a passion project of sorts (y'all know my nerdy ass loves this shit) and it turned out pretty great i think. i'll probs share it a few different times, it's a dense report lol

the vpn stuff in particular is interesting - they found a permados vuln in fortiOS 👀

akamai.com/lp/soti/cybersecuri

#security#cybersecurity#research
Public
Erik Nygren :verified:

Great post from #Akamai's VP of Diversity, Inclusion, and Engagement reiterating Akamai's commitment to both our FlexBase flexible workspace program and our Diversity, Inclusion, and Engagement efforts. It is things like this which help Akamai have such a great culture and are reasons why I've stuck around for 25 years.

I signed up for an attended one of our DI&E trainings last week (seemed appropriate) and while I've heard most of the content before, one of the things that it made clear is how critical it is for a global company like ours to have a robust program that helps us have awesome people from all over the globe collaborating to solve tough problems, and to feel engaged and included in ways that foster collaboration and increased productivity.

linkedin.com/feed/update/urn:l

www.linkedin.comKhalil Smith on LinkedIn: #akamai #flexbase #cultureTwo of the most frequent questions I get nowadays are whether Akamai Technologies is committed to FlexBase, our global flexible workplace program, and whether…
Public *
Kevin Karhan :verified:

#TLDW:

#Piracy is a #Service Problem.

  • Gabe Newell

youtube.com/watch?v=SWmufgTp6E

Piracy will exist as long as #corporate #greed will exist.

If it was my decision #Copyright and #patents would be contingent on the #media / #technology being produced and offered for sale.

  • In fact I think every #claim for #losses should be tossed by any #judge whenever there was no #legal way to obtain a new copy of some content.

Espechally since we live in the #AgeOfAbundance and nowadays the cost for distributing even a #AAA #Game or #Movie is merely the cost of #Storage and #Bandwith, so at worst a whole Euro if we're talking #PayAsYouGo - #Akamai with no minimums to get stuff distributed.

  • We'd be in the single digit cents if we use #P2P technology like #BitTorrent and #IPFS to keep stuff available.
#Copywrong#Copyrightmafia#Enshittification
Public
Erik Nygren :verified:

#Akamai is hiring for a Senior Product Architect in the US for our designing the next generation of our Compute Networking (eg, #Linode and more) solutions such as VPC, L4 Load Balancing, Cloud Firewall, etc. This is a great opportunity to design #IPv6 centric systems (but still needing to support Legacy IPv4).

I've been at Akamai for 25+ years and love working here, with both flexible work options, great colleagues, and an inclusive environment.

Posting: akamaicareers.inflightcloud.co

akamaicareers.inflightcloud.comAkamai
#FediHire
Replied in thread
Public
Kevin Karhan :verified:

@chiefgyk3d granted, IPFS has it's own URL and there are just few IPFS relays like ipfs.io

  • OFC using IPFS to host and distribute malware is nothing new. Unlike abusing Filehosters like MEGA, oshi.at, et. al. there isn't like a central AbuseReport thingy where you can just say "malware", link a VirusTotal report to it and call it a day.

And to answer @damon's question:

  • Akamai is a classic CDN and whilst very expensive, it's reliable and still cheaper than using Ethereum or any other Blockchain to store data on, but since he's a CryptoBro, he just vomited into my mentions and then dipped like a coward...

social.wedistribute.org/object

IPFSAn open system to manage data without a central server | IPFSIPFS is a modular suite of protocols for addressing, routing, and transferring data, designed from the ground up with the principles of content addressing and peer-to-peer networking.
#IPFS#malware#FileHosting
Public
rsalz

#Akamai announces its PQ-TLS plans:akamai.com/blog/security/takin

What it doesn't say: Kyber/25519 Akamai to origin before end of year. Enabled for all, start upgrading your origins now :)

Soon, ML-KEM/25519 and ML-KEM/P256 in addition to Kyber/25519 client to Akamai. That might require an opt-in configuration.

Shortly thereafter, all internal Akamai connections will do ML-KEM/P256 to get both PQ safety and FIPS.

ExploreLive feeds
About