Akamai Diversity

The Akamai Blog

Bill Brenner

Bill Brenner

December 1, 2014 2:33 PM

Fresh Wave of DNS Record Hijacking Attacks Reported

Akamai has observed a fresh wave of DNS poisoning attacks, where web sites are hijacked and placed under the control of malicious actors. It's a tactic Akamai has seen before, and there are ways for companies to defend themselves.Anatomy of attacks The Domain Name System (DNS) converts the text of a domain name (ie. akamai.com) to the server's IP address. Using DNS hijacking, a malicious user is able to update

Bill Brenner

Bill Brenner

November 25, 2014 7:38 AM

8 Security Measures for IT Shops This Holiday Season

We've offered a lot of security advice for those shopping online this holiday season. But what about the IT practitioners responsible for securing sites those customers are using?This post is for them.Here are some words of wisdom I've picked up from security pros over the years. Some of the advice may seem obvious. But as I said yesterday, repetitive advice tends to be necessary in this hyper-connected, fast-paced world of

Bill Brenner

Bill Brenner

November 24, 2014 7:12 AM

Online Shopping Scams and How to Avoid Them

We recently shared five tips from Akamai Security Advocate Dave Lewis on how to avoid traps attackers set for online holiday shoppers. Today, we share articles from various publications to help you identify and avoid the most typical scams.Tomorrow, I'll have a new post on things IT practitioners can do for their retail employers to harden systems against attack. The advice is important, because for every 100 failed online scams

Bill Brenner

Bill Brenner

November 20, 2014 6:00 AM

Yummba Webinject Tools Used for Banking Fraud

Attackers are using Yummba webinject tools to target banks and other enterprises, Akamai's Prolexic Security Engineering & Response Team (PLXsert) warned in an advisory this morning. Download the advisory from our State of the Internet site Zeus crimeware has a history of being used to build botnets, steal banking credentials and launch DDoS attacks -- targeting platform-as-a-service (PaaS) and software-as-a-service (SaaS) infrastructures. The added capabilities of Yummba custom webinjects make

Bill Brenner

Bill Brenner

November 19, 2014 8:27 AM

Demo Illustrates the Powerful Simplicity of "Let's E ...

Yesterday, I told you about "Let's Encrypt" -- the new, free Certificate Authority (CA) launched by the Internet Security Research Group (ISRG) with help from Akamai and other companies. To recap, this is another big step in the industry-wide transition from cleartext HTTP to secured HTTPS over TLS. It will allow organizations to obtain basic server certificates for their domains through a simple one-click process.For a look at how simple

Bill Brenner

Bill Brenner

November 18, 2014 10:05 AM

"Let's Encrypt" = Secure HTTPS Over TLS

The industry-wide transition from cleartext HTTP to secured HTTPS over TLS moves another step forward this week, with the Internet Security Research Group (ISRG) announcing the launch of a new Certificate Authority (CA) service called "Let's Encrypt." Akamai, Mozilla, Cisco, the Electronic Frontier Foundation, IdenTrust and researchers at the University of Michigan are working through ISRG to deliver the infrastructure in mid-2015.

Bill Brenner

Bill Brenner

November 17, 2014 6:41 AM

Voting Season for (ISC)2 Members

Many readers of this blog are CISSPs and members of (ISC)2 -- the organization that administers and maintains the certification. This is the time of year when they have a chance to vote for the Board of Directors and have a say in how (ISC)2 conducts itself.Akamai Security Advocate Dave Lewis is finishing his second year as a member of the current board. He's not up for re-election until next

Bill Brenner

Bill Brenner

November 13, 2014 7:31 AM

Trends in Security for the Commerce and Travel Indus ...

Late last year, Akamai CSIRT Director Michael Smith gave a presentation about security trends affecting eCommerce and the travel industry. Around the same time, I conducted a two-part podcast interview with him on those and other security challenges. I finally got around to watching the video of his presentation, and think the big picture he presented is as true today as it was then. Have a look, and then a

Bill Brenner

Bill Brenner

November 12, 2014 6:37 AM

Microsoft Security Update for November 2014

Microsoft released its November 2014 Security Update Tuesday. Windows, Office, Server Software and the .NET Framework are among the items affected.More Akamai perspective on patching and vulnerability management: Akamai University: Vulnerability Management vs. Pen TestingTen Years After the Blaster WormBug Bounty Programs: A Turning Point for Microsoft