Security

Widespread Dyn DNS outage affecting Fastly customers

Fastly Security Research Team, The Fastly Security Technical Account Management Team

On October 21st, 2016, Dyn, a major managed DNS provider, experienced a Distributed Denial of Service attack, which led to outages affecting several major websites, including Fastly infrastructure (such as the Fastly Control Panel and API) and Fastly customers. Fastly worked with our additional managed DNS providers to ensure availability during the incident. This mitigated impact on Fastly customers.

GlobalSign TLS certificate revocation errors

Fastly Security Research Team, The Fastly Security Technical Account Management Team

On October 13, 2016 around 11:10am GMT, users visiting websites using GlobalSign TLS certificates, including some hosted by Fastly, started experiencing TLS certificate validation errors. This issue was caused by incorrect certificate revocation information published by our certificate vendor, GlobalSign. This security advisory describes the root cause of this issue, and describes the actions Fastly has taken to limit customer impact.

Lean Threat Intelligence, Part 4: Batch alerting

Zack Allen

In Part 3, we showcased a technology that allows you to route messages to and from topics via Kafka. Now that data is flowing, how can you start monitoring and reacting to security events? In this post, we’ll show you a batch alerting strategy that you can use with Graylog and Kafka.

Best practices for protecting your domain

Maarten Van Horenbeeck

We continuously work on making the edge more secure, and develop features you can leverage to protect your applications. However, in order for you to benefit from these investments, there are steps you should take at the crucial stage where traffic is handed off to the CDN. In this post, Director of Security Engineering Maarten Van Horenbeeck discusses how (and why) you can protect traffic on its way to the CDN.

Sponsoring the Tor project with content delivery services

Maarten Van Horenbeeck

Fastly has historically supported many open source projects. We’re happy to announce that Fastly now provides sponsored Content Delivery for the Tor Project. TorBrowser updates are served over the Fastly network, taking load off of the Tor Project's backend servers and speeding up downloads for end users.

Our security team’s vision for defending the modern web

Jose Nazario, PhD

Director of Security Research Jose Nazario describes our team’s vision for employing our CDN’s unique position to defend the modern web. Using the recent HTTPoxy vulnerability as an example, he outlines the benefits and challenges of this vision.

Battling log absurdity with Kafka

Zack Allen

In “Lean Threat Intelligence Part 2: The foundation,” we explained how we built our log management system, Graylog, using Chef. Next, we’ll cover how we created a message pipeline that allows us to route messages to different endpoints for analysis or enrichment.

Announcing Limited Availability for HTTP/2

Jason Evans

As promised in March of this year, we are excited to announce that our HTTP/2 Limited Availability (LA) program is here. Here’s how you get started.

TLS 1.2-only delivery is now available

Sean Leach

Earlier this year we updated you on our revised deprecation plan for TLS 1.0 and 1.1. We’re happy to announce that you can now request migration to TLS 1.2-only hosts if you’ve purchased a paid TLS option.

Recapping our second Fastly Security Speaker Series

Window Snyder

On May 25, we had over 50 security researchers and engineers from the Bay Area and beyond in our San Francisco office for our recurring Fastly Security Speaker Series. This event focused on hardware security, including how to detect firmware attacks, and how to execute hardware side-channel attacks.

Fastly Security Speaker Series: Second Edition

Maarten Van Horenbeeck

In February, our Chief Security Officer Window Snyder announced the Fastly Security Speaker Series, which we created to share cutting edge security topics with the wider community. We hosted over 50 security researchers and engineers in an event focused on machine learning and reverse engineering.

Today, we’re happy to announce the second event in our Fastly Security Speaker Series, which will take place on May 25th from 6:00 to 8:45 pm. Join us at Fastly’s San Francisco headquarters for food, drinks, and ample opportunity for good discussion with your peers in the security research community. You can register to attend here.

Lean Threat Intelligence Part 2: The foundation

Rusty Bower, Zack Allen

In part 1, I discussed the general workflow the Threat Intelligence team at Fastly uses to plan for projects. After performing research and seeing what others have done in this space, we can now move forward with technology selection.

College competitions build strong security teams | Fastly

Maarten Van Horenbeeck

Building a great team is one of the most difficult challenges security managers encounter. Luckily, there are a few initiatives that make things easier on us, including the Information Security Talent Search (ISTS) at the Rochester Institute of Technology.

Recap of the Fastly Security Speaker Series

Window Snyder

On February 25, we hosted 50+ security researchers and engineers from the Bay Area and beyond in our San Francisco office for the first event in the Fastly Security Speaker Series. This event brought together security engineers and researchers to examine new perspectives around important security topics.

Lean Threat Intelligence, Part 1: The plan

Zack Allen

Fastly Security Researcher Zack Allen discusses how you can draw from open source resources to build a lean and powerful Threat Intelligence plan for your organization.

Securing Edge-To-Origin TLS

Fastly Security Research Team, The Fastly Security Technical Account Management Team

Fastly has fixed a problem in our default Transport Layer Security (TLS) configuration that prevented proper certificate validation when connecting to customer origin servers. Services created after September 6th, 2015 were not affected. This advisory describes the issue to inform our customers of the potential exposure, the fix we’ve made, and additional improvements we’re making. This vulnerability has been assigned Fastly Security severity rating of HIGH.

Introducing Fastly Security Advisories

Window Snyder

Today we’re announcing Fastly Security Advisories. Fastly will publish these to address security concerns that either trigger customer interest or require customer action to address.

Introducing the Fastly Security Speaker Series

Window Snyder

Today we’re announcing the Fastly Security Speaker Series, an informal event for bringing together researchers and engineers to share research, tools, and ideas. Fastly will bring some of the most innovative and thoughtful security researchers to Fastly headquarters in San Francisco to share their work. Our first event is February 25th, and our first two speakers are Alex Pinto and Rolf Rolles.

CVE-2015-7547 Buffer Overflow in glibc

Fastly Security Research Team, The Fastly Security Technical Account Management Team

On Tuesday, February 16th, researchers published details about a new vulnerability in the glibc library, a standard C library. The vulnerability existed in the code used to translate hostnames into IP addresses. Processes that use it are very common across network service providers, such as CDNs. Fastly immediately implemented a security update on affected systems. No customer action is required. Fastly’s service was not impacted.

Update to our TLS 1.0 and 1.1 deprecation plan

Sean Leach

Last October, we announced our deprecation plan for TLS 1.0 and 1.1. The PCI Security Standards has since updated their guidance, and we are revising our deprecation schedule accordingly.