The Akamai Blog Subscribe
2015 Security Predictions: Sort Of
I've never been a fan of security predictions, though I've written about them too many times to count. I guess that makes me a hypocrite. I could take the high road and tell you my bosses always make me write about it, but why pass the buck? In the world of tech media, we ALL write about predictions. Call it a case of doing one of those tasks you hate
Xsser mRAT Targets iOS and Android for Man-in-Middle ...
Akamai's Prolexic Security Engineering & Response Team (PLXsert) has issued a new advisory about a Xsser mobile remote access Trojan (mRAT) attackers are using to target iOS and Android devices. The Xsser mRAT is spread through man-in-the-middle and phishing attacks and may involve cellphone tower eavesdropping for location-specific attacks.
Video: Vulnerability Management vs. Pen Testing
Vulnerability assessment and pen testing both deal with finding and fixing security holes. But they are not the same thing. In this whiteboard presentation, Akamai security researcher Patrick Laverty explains the differences between the two, and how both are critical to the vulnerability management process at Akamai.
Video: Incident Management at Akamai
At Akamai, incidents happen daily. Despite strong controls, it's inevitable that problems will arise when so much content is being handled, processed and distributed within Akamai and on behalf of customers. To deal with that reality, the company has a set of procedures to manage incidents as they materialize. Most incidents are resolved by small interventions in the network. In this whiteboard presentation, Bill Brenner gives an overview.
Video: FedRAMP 101
In this whiteboard presentation, Akamai InfoSec Program Manager James Salerno explains what FedRAMP is, why it was created and why it's become an important part of Akamai's security compliance process.
CSIRT Warns of More Account Checker Fraud
The following was written by CSIRT Manager Mike Kun:While investigating an attack against an Akamai customer, Akamai's CSIRT discovered a server hosting a web-based attack tool -- a variant of the account checker tool first discovered in 2012.
Microsoft's Final Patch Tally for December 2014
Microsoft released its security bulletin for December 2014 this week, fixing security holes in Windows, Exchange, Office and Internet Explorer. The full patch matrix is below.More Akamai perspective on patching and vulnerability management:Akamai University: Vulnerability Management vs. Pen TestingTen Years After the Blaster WormBug Bounty Programs: A Turning Point for Microsoft
FAQ: Vulnerability in the TLS 1.x protocol
The following advisory was written by CSIRT Manager Mike Kun:We are aware of a newly-announced vulnerability found by Adam Langley and Brian Smith in some implementations of the TLS 1.x protocol that allows for a man-in-the-middle attack. This can result in insecure compromised transactions over TLS 1.x. For more details, read the original article.
Security Kahuna Podcast: Data Breach Lessons
In the latest episode of the Security Kahuna Podcast, Dave Lewis, Martin McKeay and I discuss the security breach at Sony, lawsuits between the banks and Target, and much more. Rather than give the latest victims a lashing over mistakes that allowed the breach to happen, we focus on the lessons learned and how companies can better protect themselves going forward.Listen to the full episode