Akamai Diversity

The Akamai Blog

Bill Brenner

Bill Brenner

January 18, 2014 1:44 PM

#ShmooCon, Day 2: Instant Messaging Insecurity

At Akamai, one of our security policies goes something like this: If you want to do instant messaging for personal matters, use whatever you want. If you want to discuss company business on IM, however, you have to use a specialized instant messaging program we've set up specifically for communication between colleagues.

Bill Brenner

Bill Brenner

January 18, 2014 8:53 AM

#ShmooCon, Day 2: Security Tools You Can Use

As the second day of ShmooCon 2014 dawns over Washington DC, I'm reflecting on the talks that kicked off the weekend yesterday. Particularly useful was a presentation by security practitioner Rob Fuller called "Attacker Ghost Stories: Mostly Free Defenses That Give Attackers Nightmares."

Bill Brenner

Bill Brenner

January 17, 2014 2:22 PM

#ShmooCon, Day 1: Schwag for the Security Messaging ...

After getting my badge for this weekend's ShmooCon conference in Washington DC, I excitedly emptied the contents of my bag on the table. Schwag. Lots of it. There was a wooden airplane kit. A harmonica. Stickers aplenty. All branded with the names of various security vendors and organizations. 

Bill Brenner

Bill Brenner

January 15, 2014 5:57 AM

Your January 2014 Patch Tuesday Update

Patch Tuesday is an important calendar item for Akamai customers, given how dominant Windows machines are in many companies. What follows is Microsoft's January 2014 Security Update. 

Bill Brenner

Bill Brenner

January 14, 2014 5:41 AM

A New Resource for Training Kids in Internet Safety

I got a message this morning from an Akamai colleague who read yesterday's blog post on the HacKids security conference for children. He wanted me to know that he is doing something similar. Stefano Buttiglione, one of our senior solutions architects, says a school in his home town in Italy asked him to do a training course on the risks of social media to kids and their parents. It started as

Bill Brenner

Bill Brenner

January 13, 2014 5:02 AM

HacKid Conference: Security Training for Kids

As I've written before, we in Akamai InfoSec take our security training very seriously. We also know that our success as a security operation depends on the skills and talents of the future. So when I see great examples of training for younger generations, I'm compelled to mention it here. For this post, the subject is the HacKid Conference scheduled for April 19 and 20 at the San Jose Tech Museum of

Bill Brenner

Bill Brenner

January 9, 2014 8:27 AM

Like Skipfish, Vega is Used to Target Financial Site ...

Yesterday, we told you about how attackers were exploiting the Skipfish Web application vulnerability scanner to target financial sites. Since then, Akamai's CSIRT team has discovered that another scanner, Vega, is being exploited in the same manner. Skipfish and Vega are automated web application vulnerability scanners available by free download. Skipfish is available at Google's code website and Vega is available from Subgraph. These are scanners intended for security professionals to evaluate

Akamai

Akamai

January 8, 2014 2:58 PM

WordPress Plugins Exploitation Through the Big Data ...

Overview According to Wikipedia, WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL, which runs on a web hosting service. Features include a plug-in architecture and a template system. WordPress is used by more than 18.9% of the top 10 million websites as of August 2013. WordPress is the most popular blogging system in use on the Web, at

Bill Brenner

Bill Brenner

January 8, 2014 5:56 AM

Attackers Use Skipfish to Target Financial Sites

Akamai's CSIRT team has discovered a series of attacks against the financial services industry. In this instance, the bad guys are exploiting the Skipfish Web application vulnerability scanner to probe company defenses. Skipfish is available for free download at Google's code website. Security practitioners use it to scan their own sites for vulnerabilities. The tool was built and is maintained by independent developers and not Google, though Google's information security