DDoS Blog

DDoS Blog

Old Vulnerabilities still available to be exploited ROBOT

Old Vulnerabilities still available to be exploited R.O.B.O.T: Return Of Bleichenbacher's Oracle Threat A joint study by researchers from Ruhr-Universitat Bochum/Hackmanit GmbH and Tripwire VERT has revealed a re-tread of an old vulnerability from 1998 that allows an attacker to leverage RSA decryp[...]

Throwing Caution to the Cloud

Throwing Caution to the Cloud? The Hidden Costs of Moving IT operations onto the Cloud As the CTO of a Cloud DDoS Protection Service, it would seem that I would be shooting myself in the foot by raising alarms about hidden costs in moving onto the cloud. After all, shouldn’t everything IT (inc[...]

Securing your APIs

Covering your APIs Web APIs are not exactly a new technology. You can find an API for almost any service offered online. The reason for the popularity is not surprising, APIs easily and efficiently facilitate integration between applications. This inter-application communication allows partnersh[...]

Nginx with Stream Module Dynamic Upstream CNAME

In the age on scalable web applications , many organizations turn to cloud-based server hosting to dynamically add additional servers during peak usage, or attain redundancy by having multiple geographic web \-server locations. One of the methods used for this is DNS CNAME resolution. Using this op[...]

Apache Struts Vulnerabilities and The Equifax Hack, What Happened?

In the wake of the Equifax breach, a lot of people are wondering how the theft of personal information occurred and how it could have been prevented. Equifax initially reported that a vulnerability in Apache Struts was used to infiltrate their public-facing web server. Apache Struts has faced its f[...]

What is Machine Learning?

Machine Learning can appear in many different forms and guises, but a general definition of Machine Learning usually incorporates something about computers learning without explicit programming and being able to automatically adapt. And while Machine Learning has been around for decades as a concept[...]

Don’t ban the bots

I do a lot of DDoS related research online, which results in a lot of DDoS protection related spam/offers. A trend I have seen gaining popularity lately is “ban the bots”. These emails contain a lot of emotionally charged language trying to persuade the reader that bots are destroying the inter[...]

WannaCry FAQ

We have a had a number of enquiries lately about the Ransom Ware Vulnerability. What is it ? WannaCry also know as WanaCrypt 2.0 is a form of malware commonly known as "Ransom Ware". Where did it come from ? It was originally developed by the NSA in the US called "Eternal Blue" and was a way for[...]

DDoS prevention as part of a robust I.T. Strategy

A decade ago the idea of loss prevention (LP) had been limited to the idea of theft of merchandise. With the advent of online retailing, retailers have discovered that loss must be viewed more broadly to "intended sales income that was not and cannot be realized" [Beck and Peacock, 28]. While Beck a[...]

The Difference Between Positive VS Negative WAF ?

The resurgence in Positive security of late has been a refreshing change to the security landscape dominated by anti-virus scanners, IDS/IPS, and antispam engines. The resurgence is most noticeable in the field of Web Application Security where Web Application Firewalls have been adopting a Positive[...]

DDoS Article Categories