How to mend a bleeding heart?

Over the past two days, the technology community has been focused on a recently discovered vulnerability in OpenSSL called the “Heartbleed Bug”. We were in touch with customers immediately after its discovery, but we also want to help address any additional concerns our customers, partners, and the general public have about this critical vulnerability.

What is the Heartbleed Bug?

According to Codenomicon, “The Heartbleed Bug (CVE-2014-0160) is a serious vulnerability in the popular OpenSSL cryptographic software library.  This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.  SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”

In describing the scale of the bug, Ars Technica wrote, “[the] extremely critical defect resides in the cryptographic software library an estimated two-thirds of Web servers use to identify themselves to end users and prevent the eavesdropping of passwords, banking credentials, and other sensitive data.” 

How can the Heartbleed Bug be exploited?

Codenomicon explains, “The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

Why were some vendors/companies notified in advance about the vulnerability and others were not?

Based on what we know, the Heartbleed vulnerability was discovered in the OpenSSL code last week by three researchers at Codenomicon in Finland along with a researcher at Google.  The plan was to fix the bug and then notify trusted web site operators before letting the public know about it.

Unfortunately, concerns that news of the security vulnerability in OpenSSL had leaked to hackers prompted OpenSSL to disclose the vulnerability to the public before they were able to notify the majority of Internet providers and large companies operating on the Web.  As a result, most organizations were caught off guard by the announcement.

Are Verizon EdgeCasts systems patched?

Yes. All of our servers were patched and tested with a modified version of OpenSSL 1.0.1e with heartbeats disabled. We did this within a very short period of time, and all of our customers were notified as soon as that work was complete. We will also update all of our servers to OpenSSL 1.0.1g with the next release of our Sailfish platform.

Could this bug expose Verizon EdgeCast users to digital eavesdropping?

It’s unlikely. We employ Perfect Forward Secrecy, a technology supported by current versions of most popular browsers. If the browser you are using supports Perfect Forward Secrecy, then your TLS sessions are not vulnerable to eavesdropping. Even if someone were to steal a copy of one of our private SSL keys, it could not be used to decrypt past or future recorded TLS sessions.

While it is possible that exploitation of the bug to compromise private keys could expose us to man-in-the-middle attacks, those are much harder to carry out than mere eavesdropping.

Read More

Optimizing content for a superior mobile experience

By Dan Franklin, Segment Manager, Commerce, Verizon EdgeCast 

90% of consumers move between multiple devices sequentially to accomplish their goals, according to the Google New Multiscreen World 2013 report.

For websites that means: optimizing content for all mobile platforms and screen dimensions is not an option; it is a crucial requirement for creating immersive web experiences for users.

However, with a variety of mobile devices being released each year, it becomes almost impossible to accommodate for all new and already existing screen sizes and operating systems. 

That’s why Verizon EdgeCast now offers Mobile Device Detection as part of its Rules Engine (within the Optimize suite). Designed to allow for highly granular control over how, when and even if your content is served, the Rules Engine is based on the concept of simple “if-then” style conditional logic.  

This gives our customers easy access to important datasets at the edge and allows for the inspection and adaptation of any component of an incoming HTTP Request and the HTTP Response.

How the Rules Engine and Mobile Device Detection Work

A rule is based on the concept of simple “if-then” style conditional logic and is composed of a match (condition) and a feature (or features) to be applied if the match condition is met. Rules allow for the adaptation of any component of an incoming HTTP Request and the HTTP Response including URLs, filenames, query string values, cookies, TTLs, response codes and more. Mobile Device Detection is a set of matches and features available within the Rules Engine.

Features of Mobile Device Detection

Read More

Limitless Creativity

How do you break the limits imposed by traditional media and create award-winning interactive work for clients such as Netflix and Twentieth Century Fox? By making interactions between brands and consumers more relevant, inclusive, and less self-serving.

For Verizon EdgeCast client Ignition Creative, pioneering new forms of storytelling with technology is at the core of this pursuit.

Strategic partner for award winning work

“We need to anticipate our clients’ digital needs and develop products that allow them to stay ahead,” says Aaron Buchanan, VP of Technology, Ignition Interactive. “We see ourselves as a strategic partner to studios or content owners and craft the messaging for an entire campaign, stunt marketing, or video.”

A recent and award-winning example of this philosophy is Ignition’s work for Ridley Scott’s Prometheus. “One year ahead of a movie release we expand on the storyworld and created content that the films core audience devoured,” describes Buchanan the approach to creating awareness and excitement. 

For Prometheus, Ignition created a months-long campaign that expertly combined a mix of social, traditional, and transmedia storytelling to bring the fictional entity of Weyland Industries - the mysterious corporation behind Project Prometheus - to life.

Sustaining traffic spikes of viral campaigns

Over the course of the Prometheus campaign, fans were treated to an array of interactive experiences, original photo & video content, and detailed background information about the world of Prometheus. The campaign has been held up as a benchmark example for digital marketing by Forbes, Mashable, Ad Age and Fast Company, and helped the movie to gross over $400 million worldwide.  


Weyland Industries microsite

For Buchanan, the success of such viral campaigns not only depends on great storytelling, but also on deploying scalable technology solutions. “We need to be able to endure this virality from an infrastructure standpoint,” he explains. “For example, we built a website for Netflix’s Arrested Development. The show received over 4 billion pre-launch tweet impressions and was picked up by major media outlets. Having partners like EdgeCast allowed us to deliver at scale with confidence, regardless of how many sites picked up our story and drove traffic spikes.”

In addition to viral waves of traffic, new forms of storytelling also require new forms of online advertising, which can drive similar traffic patterns of rich content.

Telling a story with online advertising

Read More

Are you ready for the next generation of online shoppers? (because Twitter is)

By Hanni Chehak, Marketing Manager, EdgeCast

In last’s week’s news, there was lots of buzz around EdgeCast customer and social media icon Twitter. According to several sources, Twitter is seeking commerce solutions to integrate into the latest iteration of their platform, and is hiring accordingly.

The perceived hope is to capture a sizeable portion of the online commerce market by capitalizing on their younger, more adept mobile user base. According to the 2013 Millennials Study by Verizon Digital Media Services, Twitter is the second most popular social network among millennials; they also use it almost twice as much as non-millennials (48% vs. 29%). The same study showed that millennials shop more often online than non-millennials (72% vs. 62% shopped online within the last three weeks).

A pioneer in mobile 

More than any other social media platform, Twitter validates the pure potential and opportunity that lies within mCommerce. Twitter pioneered the mobile space when they launched their platform in 2006 with an intentional mobile centric business strategy, calling mobile the “primary driver of our business”.

Eight years later and post-IPO, 75% of their user base connects from a mobile device and 65% of their ad revenue comes from mobile devices.

David Mercer of the Digital Consumer Practice stated in a TechCrunch article in 2013: “The immediacy of Twitter communications requires devices which are close to hand at every waking moment […] by definition this suggests mobile phones and tablets should be preferred devices for Tweeting.”

Imperative to Twitter’s widespread success has been their commitment to performance optimization and delivering content to users anywhere, anytime. To any aspirational business this means a thoughtful strategy around mobile performance and optimization can no longer be an after thought, instead, it must be understood as a priority and a key to success.

Below are three best practices that our clients and partners recommend to prepare your mobile site for the mobile generation of shoppers:

1. Focus on optimizing your mobile assets

Know your content, and understand why not all content can, or should be delivered the same way.

Read More

The Positive Performance Impact of a Dual CDN Strategy

If your technology is ‘Changing the Rules of Business’ (according to Wired), then you are certainly serious about maximizing web performance.

For Optimizely, page load time has never been more important. Its rule changing technology relies on snippets that are loaded along with the pages being tested. Dogan Ugurlu, software engineer at Optimizely, explains on the company’s blog:

Any third party code snippet you add to a web page will impact its overall load time. This is because, in most cases, the third party code needs to finish loading before the rest of the page can begin to load. If the vendor providing the code is doing a good job, that impact should be so small that your visitors don’t notice it at all.

Prior to signing up with EdgeCast, Optimizely relied on a single CDN to deliver its snippets. In order to maximize its performance, the company’s web performance team decided to try adding another — and wrote an in-depth white paper about the results (The Most Misleading Measure of Response Time: How Optimizely Dramatically Improved Response Times with CDN Balancing).

The following data was previously published in that white paper and shows the positive impact of adding EdgeCast to Optimizely’s CDN mix:


Overall, CDN balancing resulted in a dramatic improvement in response times for visitors at every point along the distribution curve. Here are a few key percentile statistics to illustrate just how significant the results were:

Read More

Synthetic and Real World Web Performance Monitoring

By Nathan Moore, EdgeCast/Verizon Web Performance Team

EdgeCast competes heavily on performance. We work very hard to make the Internet faster, more reliable, and more robust.  One of the ways we do this is through our partnerships with third party monitors.  

We measure our real-world performance constantly across the globe to ensure that we identify and react to any problems quickly and efficiently.  The goal: eliminate any potential difficulty that can get between end users and their content. 

Our friend and ally: third party monitors

Our third party monitors help us to improve ourselves while providing the assurance and validation that our service legitimately performs to both our and our customers’ expectations.

The below presentation was given recently at a small web performance conference, showing both the general operating theory behind our use of third party monitors and three specific use case examples demonstrating the value that they bring. 

The use of synthetic and real world monitoring

We use both synthetic and real world monitoring to ensure delivery quality and performance.  This presentation shows three recent EdgeCast examples of how we deploy these testing techniques to optimize our vast, global network.

1. Transact: Launching a whole new global network

Launching a new product is always difficult. Doubly so when the word “worldwide” is attached to it.  The challenge before us was to take our

Read More

5 Tips For Running A Successful Live Stream

By the EdgeCast Application Support Team

In live streaming, all that matters is the viewing experience for end users. To make sure your next live event reaches its remote audience smoothly across devices, we collected the top 5 helpful tips for setting up a live stream.

1.    Identify your audience

Start by asking yourself: who is going to watch the stream? On which device are they likely going to follow the event? Will you have a higher share of desktop or mobile devices tuning in?

Anticipating the predominant user device will help you select the right stream format, whether it is HLS/HDS or Flash streaming.

2.    Assume bandwidth limitations

To have a jitter free experience, your users need enough bandwidth available. Identifying the type and strength of their internet connection, paired with your insights about your audience from tip 1, will determine how to encode the live stream even for inferior connection speeds.

3.    Select encoder and bitrate

The streaming platform of your choice should offer multi bitrate encoding (recommended formats are: HLS, HDS or Flash). Depending on the platform, decide on the bitrate you will be utilizing on the encoder to cover the last mile capabilities of your audience. 

Below is an example of a multi-bitrate profile utilizing Flash Media Live Encoder 3.2 (Adobe’s free encoder program) as the encoder software and using EdgeCast Flash services as the platform being used. The example xml profile being used requires at least 1500 Kbps upstream capability from the encoder and allows last mile clients to view the multi-bitrate streams with a download capability of 150, 300 and 650 Kbps. 

With this scenario in mind, we would recommend using a dedicated 3000 Kbps of upload capability from the encoder’s network to the ingest location to ensure enough bandwidth is available.

Read More

SoftLayer and EdgeCast: Just One Checkbox and the World is Yours

by Francis Potter, Director of Product for Portals and APIs, EdgeCast Networks

Ever since Amazon launched its S3 service in 2006, companies around the world have flocked to cloud storage solutions for their high availability, simplicity, and flexibility. Sometimes, storage of files and objects, accessed through an API, fits into a plan for an application or system. But other times, a company might want to share its stored content globally. If the audiences are big or performance is important, then distribution through a CDN becomes critical.

Seamless integration using EdgeCast’s RESTful APIs

It might sound complicated to configure a CDN to interface with a cloud storage solution. But EdgeCast’s partner SoftLayer has solved the problem with our easy-to-use RESTful APIs.

SoftLayer’s object storage product hits its 2nd birthday next month. Marc Jones, SoftLayer Vice President of Product Innovation, says that CDN integration was a requirement from the very beginning. “We already had a relationship with EdgeCast and liked everything about the core CDN platform. We also needed automation around account creation and management, and EdgeCast already had that as well. We wanted integration with object storage to be as seamless as possible — without customers having to learn the ins and outs of both.”

One checkbox. That’s all it takes.

The SoftLayer team started with the popular OpenStack Swift platform, and augmented its API to make the CDN integration feel natural to the end user. “Everything in OpenStack is based in Python,” says Marc. “We wrote our own middleware that handled the CDN interactions, and made it possible for customers to CDN-enable any container in their storage with just one checkbox in our UI.”


Just one click away: CDN self-enablement in SoftLayer’s UI

Moving content closer to the end user

Read More

HLS Streaming – How to Measure HTTP Live Stream Performance

By Andre Cheung, Director of Global Alliances, EdgeCast (a previous version of this post was published on Andre’s blog).

A recent Devoncroft’s 2013 Big Broadcast Survey (BBS) shows multi-platform content delivery is the most important trend considered by the broadcasting industry. It is not surprising news considering the time we spend viewing videos on non-TV devices, especially smartphones and tablets.

HTTP Live Streaming

Video streaming on iOS devices is supported by HLS (HTTP Live Streaming). HLS democratizes video streaming: everyone can now easily stream bitrate adaptive videos to iOS devices by using a low cost HTTP codec.

The challenges of streaming to Andriod 

In comparison, it is much more challenging to stream videos to other mobile platforms. Here is a good reference article from EdgeCast client LongTail: The Pain of Live Streaming on Android

Now that we can easily stream videos to iOS devices, how do we measure the video performance? How do we validate that HLS videos delivered from a CDN are much better than those delivered from the customer origin? Which bitrate adaptive video stream on my demo page – HLS Performance Measurement – provides a better experience?

HLS Performance Measurement 

Rather than subjective measurement by eye, PocketProbe Free from Bridge Technologies provides an objective test of the HLS video experience:


I did some PocketProbe tests around 12:30pm on June 26, 2013 (Hong Kong time). Left is the test result of the stream directly from the customer origin (CO); on the right is the result from the CDN:

Read More

6 tips for a seamless and fast mobile shopping experience

By Dan Franklin, Segment Manager Commerce, EdgeCast

As of early December, Christmas sales were looking modest. Right after Black Friday, ShopperTrek reported that even though the immediate post-Thanksgiving sales were up 2.3 percent from last year, it’s still predicted that foot traffic for the whole season will be down. Where has that traffic gone? Online.

Adobe says more than $1 billion was spent online on Thanksgiving Day alone, and eBay sales are estimated to be 30-35 percent higher than last year.  According to Walker Sands, only 1 percent of US consumers with Internet access don’t shop online.

Mobile shopping is the new mainstream 

And, more and more, that ecommerce is moving from computers to mobile devices. Mobile has become a more comfortable and regular place for people to shop. According to Millward Brown Digital, mobile shoppers are actually visiting more websites, on average, than people using PCs. Mobile commerce isn’t some niche anymore; it’s mainstream and certainly the future of ecommerce.  

Last Christmas, Wal-Mart reported that 40 percent of all visits to its online store that month came from mobile devices. Estimates for this shopping season top 50 percent. We’re way past the early-adopter phase. So the question is how to make that mobile shopping experience excellent.

For a mobile commerce experience to be as satisfying as one that takes place on a full-size computer, sellers need to make sure the mobile shopping experience is both seamless and fast.

Create a seamless experience 

Here are three tips to make sure your mobile users will have a seamless shopping experience:

1. Build a Responsive site.

Read More