Akamai Diversity
Home > Web Security

Recently in Web Security Category

BsidesBoston Details

The final speaker list and agenda have yet to be finalized, but plenty of details are now available regarding BSides Boston 2014. Those details are below. As for the final agenda, stay tuned for that after the call for papers period closes March 31.

Full SOURCE Boston 2014 Schedule Released

The full schedule has been released for next month's SOURCE Boston security conference. This year's keynote speakers are:

  • Internationally renowned security technologist and author Bruce Schneier;
  • Justine Aitel, who manages cyber security and identity programs at Dow Jones; and 
  • Dr. Andrea M. Matwyshyn, an academic studying technology innovation and its legal implications, particularly corporate information security regulation and commercial and consumer privacy.
The SOURCE website includes podcast interviews with the keynoters as well as many other speakers.

The job of security professionals is becoming tougher by the day. While we work hard to ensure that vulnerabilities are covered, an attacker simply needs to find the weakest link. Not a pleasing thought, but often attackers have the time and resources on their side while the "good guys" work under a whole different set of pressures.

Patrick J. McGovern Left a Huge Legacy in Tech Media

International Data Group (IDG) announced yesterday that its Founder and Chairman, Patrick J. McGovern, died March 19 at Stanford Hospital in Palo Alto, California. Having worked at IDG for five years before coming to Akamai, the news made me profoundly sad. But this post is a celebration of a life well lived and the huge legacy he left in the world of tech media and beyond.

Full Disclosure Shutdown: A Journalist's Perspective

There's a lot of valuable perspective out there regarding the shutdown of Full Disclosure, a mailing list where researchers posted details of exploits and software security holes. I'll share that perspective below. But first, here are my thoughts as an ex-journalist who often relied on it for news.

If Security Pros Could Be Granted One Wish...

The great videos David Spark produced during RSA Conference 2014 keep rolling in. In this latest episode, security professionals are asked what they would want if they could be granted one wish. The answers are amusing and, in most cases, unattainable.

Visit the site of our partner Tripwire for a related article.

Why Security Pros Should Embrace DevOps

One of the big topics at last month's RSA Conference was DevOps, the process by which developers and IT operations work together to speed up development and production at unprecedented levels, pushing sometimes thousands of updates to production in a single day. 

Gene Kim (@RealGeneKim), author of "The Phoenix Project" and a huge proponent of DevOps production environments, and Josh Corman (@JoshCorman), CTO of Sonatype, explain the benefits in this Tripwire video:

The Tripwire site includes an article on DevOps. Check it out here.

A DDoS Checklist?

Following last week's cyber-attacks on Meetup's infrastructure, Antone Gonsalves, a reporter from CSO Online, asked me, for an article he was writing, what steps I would recommend CISOs to take "if they came under a similar attack". I hesitated before giving a softball answer, "don't wait for the attack, prepare for it." I could sense the reporter's frustration immediately. He wanted to give his readers step-by-step instructions, to what I have observed to potentially be a very complex problem.

Wordpress DDoS: New Attack, Old Problems

Our researchers spent much of yesterday tracking a massive DDoS exploiting weaknesses in the Wordpress blogging platform. Most of the news reports are consistent with what we saw, so let's take a look at some of the more comprehensive pieces, starting with a CSOonline blog post from Akamai Security Advocate Dave Lewis. The overall message: This latest attack is just another example of an old and unaddressed problem.

Akamai Participating in Cyber-Defense Competition

Akamai InfoSec personnel will be on hand this weekend to help run the seventh Annual Northeast Collegiate Cyber Defense Competition, in which students are divided into teams to carry out simulated cyber-defense scenarios.