If you go to https://www.symantec.com/ you would expect to ge the standard Symantec website through an encrypted HTTPS channel.

Instead, you get an Invalid Site Certificate warning.

The reason for this is due to Symantec using Akami's acceleration network, which rotues website traffic to the closest local cache of their website. Unfortunately, it is not configured correctly to handle HTTPS requests, so you get the inalid certificate warning because Akami's cache server name does not match "www.symantec.com".

Even if you accept the certificate (it is safe to do so, it is legitimately Akami's), you end-up getting redirected to the HTTP version of Symantec's webpsage.

This is a serious problem, but not because it puts anyones information at risk. Instead, the problem is Symantec customers and non-customers alike have no way to properly verify they are visitng Symantec's true website. This sort of mis-configuration makes it easier for a malicious entity to trick someone into believing they are visiting Symantec's website for information, and get mis-directed to a forged site. The forged site can use an invalid certificate, but a user will already be used to getting that from Symantec's official website and blindly click "accept".