Akamai Diversity
Home > Bill Brenner

Recently by Bill Brenner

2015 Security Predictions: Sort Of

I've never been a fan of security predictions, though I've written about them too many times to count.

I guess that makes me a hypocrite. I could take the high road and tell you my bosses always make me write about it, but why pass the buck? In the world of tech media, we ALL write about predictions.

Call it a case of doing one of those tasks you hate because, like changing diapers or taking out the trash, it has to be done.

Akamai's Prolexic Security Engineering & Response Team (PLXsert) has issued a new advisory about a Xsser mobile remote access Trojan (mRAT) attackers are using to target iOS and Android devices.

The Xsser mRAT is spread through man-in-the-middle and phishing attacks and may involve cellphone tower eavesdropping for location-specific attacks.

Video: Vulnerability Management vs. Pen Testing

Vulnerability assessment and pen testing both deal with finding and fixing security holes. But they are not the same thing. In this whiteboard presentation, Akamai security researcher Patrick Laverty explains the differences between the two, and how both are critical to the vulnerability management process at Akamai.

Video: Incident Management at Akamai

At Akamai, incidents happen daily. Despite strong controls, it's inevitable that problems will arise when so much content is being handled, processed and distributed within Akamai and on behalf of customers. To deal with that reality, the company has a set of procedures to manage incidents as they materialize. Most incidents are resolved by small interventions in the network. In this whiteboard presentation, Bill Brenner gives an overview.

Video: FedRAMP 101

In this whiteboard presentation, Akamai InfoSec Program Manager James Salerno explains what FedRAMP is, why it was created and why it's become an important part of Akamai's security compliance process.

CSIRT Warns of More Account Checker Fraud

The following was written by CSIRT Manager Mike Kun:

While investigating an attack against an Akamai customer, Akamai's CSIRT discovered a server hosting a web-based attack tool -- a variant of the account checker tool first discovered in 2012.

Microsoft's Final Patch Tally for December 2014

Microsoft released its security bulletin for December 2014 this week, fixing security holes in Windows, Exchange, Office and Internet Explorer. The full patch matrix is below.

More Akamai perspective on patching and vulnerability management:

FAQ: Vulnerability in the TLS 1.x protocol

The following advisory was written by CSIRT Manager Mike Kun:

We are aware of a newly-announced vulnerability found by Adam Langley and Brian Smith in some implementations of the TLS 1.x protocol that allows for a man-in-the-middle attack. This can result in insecure compromised transactions over TLS 1.x. For more details, read the original article.

Security Kahuna Podcast: Data Breach Lessons

In the latest episode of the Security Kahuna Podcast, Dave Lewis, Martin McKeay and I discuss the security breach at Sony, lawsuits between the banks and Target, and much more.

Rather than give the latest victims a lashing over mistakes that allowed the breach to happen, we focus on the lessons learned and how companies can better protect themselves going forward.

Microsoft's December 2014 Security Bulletin

Microsoft has released a preview of the security bulletin it plans to release Tuesday, Dec. 9, 2014. If the plan holds, the software giant will release seven bulletins -- three of them for critical vulnerabilities in Windows, Office and Internet Explorer. The full preview is below.

More Akamai perspective on patching and vulnerability management: