HITBSecConf2017 Amsterdam (April 10th - 14th)
Register Online Now!
Akamai's HTTPS fail sets a bad example
"If your firm uses Akamai, know that they can't even be bothered to install a valid HTTPS cert for their own website," tweeted Christopher Soghoian, a technologist whose day job is with the American Civil Liberties Union (ACLU), on Tuesday. He's referring to the digital certificate, which, if it were valid, would confirm when you make an encrypted connection to the website that it's actually connecting to the right place — as opposed to being intercepted by an impostor.
Except it isn't, so it doesn't.
Soghoian is also clearly unimpressed with Akamai's response. Apparently, the certificate has been dodgy for months, and it has been told about it several times. "Thanks for noting, Chris. It's something we're actively addressing. Hope you'll let your followers know that, as well," tweeted Jamie Pappas, a social media consultant who's working with Akamai.