The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

Triple-Track Conference - 15th & 16th October


Capture the Flag - 15th & 16th October

HackWEEKDAY - 15th & 16th October

CommSec Village - 15th & 16th October


Akamai's HTTPS fail sets a bad example

"If your firm uses Akamai, know that they can't even be bothered to install a valid HTTPS cert for their own website," tweeted Christopher Soghoian, a technologist whose day job is with the American Civil Liberties Union (ACLU), on Tuesday. He's referring to the digital certificate, which, if it were valid, would confirm when you make an encrypted connection to the website that it's actually connecting to the right place — as opposed to being intercepted by an impostor.

Except it isn't, so it doesn't.

Soghoian is also clearly unimpressed with Akamai's response. Apparently, the certificate has been dodgy for months, and it has been told about it several times. "Thanks for noting, Chris. It's something we're actively addressing. Hope you'll let your followers know that, as well," tweeted Jamie Pappas, a social media consultant who's working with Akamai.