The Akamai Blog Subscribe
Public Research Docs: The List So Far
Akamai InfoSec has slowly been making its security advisories public. What follows is a list of what has been released so far. These can be found in the security research section of the Akamai Security microsite.
The Brittleness of the SSL/TLS Certificate System
Despite the time and inconvenience caused to the industry by Heartbleed, its impact does provide some impetus for examining the underlying certificate hierarchy. (As an historical example, in the wake of CA certificate misissuances, the industry looked at one set of flaws: how any one of the many trusted CAs can issue certificates for any site, even if the owner of that site hasn't requested them to do so; that
Web Security Buzz
Each week, we compile a list of headlines trending on social media and distribute it internally via a newsletter called "Web Security Buzz." We recently decided to start running a public version via this blog. What follows are some of the stories we've been keeping an eye on for the past couple of weeks.
Microsoft's May 2014 Patch Load
Microsoft released it's May 2014 Security Update Tuesday. The latest vulnerabilities to be addressed affect everything from Windows, Internet Explorer and Office to Microsoft Server Software, Productivity Software and the .NET Framework.
Internet Disruptions Possible During World Cup 2014
Researchers from Akamai's CSIRT team warn of potential Internet disruptions during the upcoming World Cup event. FIFA's World Cup will be held in Brazil starting June 12. At the 2010 World Cup hosted in South Africa, some 3,170,856 spectators attended 64 matches. FIFA is again distributing a total of over 3,000,000 tickets for the tournament, where Brazilian and international visitors will attend football (soccer) matches in 12 cities across Brazil.
Podcast: CSO Andy Ellis on Heartbleed
By now, most of you are aware of the Heartbleed vulnerability that sent shockwaves through the tech industry. Like many of you, Akamai had to work overtime to ensure our customers were protected. We did that, but as is the case with any large security threat, we continue to be vigilant and, while letting everyone know what we did to keep them secure, we're looking back at the lessons learned
Microsoft Issues Patch Tuesday Preview for May 2014
Microsoft has released advance notification regarding the security updates it plans to release Tuesday. It looks like a busy month of patching ahead. The breakdown is below.
BSides Boston 2014: HallwayCon
As I noted in previous posts, LobbyCon is an important part of any security conference experience. At BSides Boston Saturday, attendees will enjoy the ritual with a special twist.Organizers call it HallwayCon. A description from the BSides Boston website:First come, first served! (Sign-up and put your name and topic on the board!) These lightning talks are 15-minute each and will go throughout the entire day.A variation of this happened during
BSides Boston 2014: Dan Geer and Heartbleed
I first met Dan Geer 10 years ago, after he debated Microsoft's Scott Charney on the "Microsoft Monoculture" at a USENIX event in Boston. I was just starting to write about security and the man intimidated me. His intellect and speaking style were light years beyond anything I had comprehended before. As a news reporter, you talk to a lot of police officers, firefighters and politicians who speak in plain,