CDN Vulnerability Disclosure at Black Hat 2015
Verizon Digital Media Services is aware of a talk on CDN security to be delivered at Black Hat USA 2015 by Security Analysts at Bishop Fox. VDMS Security Operations team will be monitoring information that is disclosed about the issues and is prepared to take additional actions as needed to protect our CDN customers. As needed, we will publish additional information and recommendations on how customers can protect their origin infrastructure.
As a general best practice, we recommend our customers to not rely solely on network-level restrictions to secure their origin infrastructure and websites. Customers’ origin servers should require additional authentication measures, such as Token-Based Authentication, before responding to requests coming from CDN edge servers.
Should you want to learn more about our security offerings, please contact your account manager.
Update 8/6/15: Verizon Digital Media Services confirmed with the security researchers at Bishop Fox yesterday that this vulnerability, which includes Server-Side Request Forgery, does not affect our CDN services. All content available from a customer’s domain is restricted to content explicitly configured, and provided, by that customer. This is an example of how our secure-by-design philosophy helps protect our customers, and their users, from malicious actors.