Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts in English
Brook R. Chelmo | 12 Dec 2014 | 0 comments

As recently announced, fTLD Registry Services has partnered with Symantec to verify applicants before domain names are approved in the new .bank and .insurance generic Top-Level Domains (gTLDs).  So what does this truly mean?  Ultimately, it offers a form of brand protection for .bank and .insurance in this new era of the Internet. 


July 2013 through February 2014 marked the second major landrush for addresses on the Internet.  Companies from around the world applied to ICANN to operate nearly any gTLD they could think of (namely common search terms).  For example we have applied to operate .symantec and .norton.  With the new gTLDs as options for website...

Christoffer Olausson | 09 Dec 2014 | 0 comments

sql-injection-blog.jpgYour database has been breached, malware has infected your systems and sensitive records are available for anyone to download on the internet. Your first action is to launch an investigation to find out more about the breach. The report shows that the vulnerability has been exploited for months and all forensic logs have been deleted.      

SQL injection isn’t new and it has been around for more than 10 years. However, most companies still plunge huge amounts of dollars into IDS/IPS, firewalls, security gateways and anti-virus software. Web application attacks are growing at an alarming rate and most security teams focus is network security and not business critical data that is found in databases. Unless there’s a breach, then focus tend to shift but it’s simply too late.


Brook R. Chelmo | 03 Dec 2014 | 0 comments

While doing an online search for “SSL Certificates” and one of the ads said “$4.99, Why Pay More?”  Without clicking on the ad I know what they are going to offer me; a simple domain validated (DV) SSL certificate.  This certificate will encrypt my site’s traffic at a basic level but this isn’t 1997; the business climate and threat landscape have changed and so have our requirements for security.  SSL is more than encryption.  We have to consider trust, security, service, certificate management & reliability.  While many Certification Authorities are cutting corners to compete with each other on price, Symantec is working around the clock to continually deliver best-in-class solutions.  At Symantec we believe in these core factors as does 91% of the fortune 500 and 94 of the top 100 financial institutions in the world.  Here’s why:

1. Increased End-Consumer Trust

  • Trust Seal -- Trust seals suggest that...
Brook R. Chelmo | 25 Nov 2014 | 0 comments

Thanks to George Orwell’s classic book 1984, I graduated High School thinking I would eventually live in a world monitored and suppressed by world governments.  In the wake of the PRISM scandal in 2013 I started to get the feeling that Orwell’s dystopian novel was looking like an ill-timed prophesy.  In light of comedian Pete Holms’ rant on how Privacy is Uncool, it is little brother (us) leaking our secrets; no one has to steal them from us.  If you thought unmanaged Social Media privacy settings were bad, how much would you cringe if you knew you were letting people watch you sleep?  Welcome to the perils of the Internet of Things (IoT).

Up until very recently a number of security camera manufactures were shipping internet connected cameras (AKA IP cameras) with default passwords.  Many of these passwords were never changed by the purchaser after setting...

Brook R. Chelmo | 15 Oct 2014 | 10 comments


A bug has been found in the Secure Sockets Layer (SSL) 3.0 cryptography protocol (SSLv3) which could be exploited to intercept data that’s supposed to be encrypted between computers and servers. Three Google security researchers discovered the flaw and detailed how it could be exploited through what they called a Padding Oracle On Downgraded Legacy Encryption (POODLE) attack (CVE-2014-3566).

(Updated Dec. 9, 2014) Recently, a new variant of the POODLE vulnerability (CVE-2014-8730) was found to affect even...

sanjaymodi | 13 Oct 2014 | 0 comments

The next change for SSL Certificates

Certificate Transparency (CT) is a Google initiative to log, audit, and monitor certificates that Certificate Authorities (CAs) have issued.  CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge.  Chrome support for CT requires that all CAs log all Extended Validation (EV) SSL certificates in publicly...

Stefano Rebulla | 17 Sep 2014 | 3 comments

Most of you reading this will immediately connect the acronym “RSA” with the encryption algorithm invented in 1977 by Rivest, Shamir and Adleman and which is still today the most-adopted in Public Key Infrastructure (PKI) systems, such as SSL. Through a mathematical process that remains ingenious even by modern standards its merits are strong, but the world changes very quickly in technology and the paint on the RSA algorithm is starting to crack. Some RSA key lengths have been successfully broken over the years, and RSA-1024 was deprecated by the industry for Public CA use before any hack could be proven, but it would only have been a matter of time.

Today’s regulations mandate a minimum of 2048 bits for keys in public SSL certificates, but since there is no randomization in the RSA process, continuing advances in the mathematics behind breaking RSA may eventually make attacks on longer key lengths feasible. This will not happen for the foreseeable future to 2048 bit keys,...

Brook R. Chelmo | 16 Sep 2014 | 0 comments

The latest news in the SSL and web browser industries is Google’s plans to deprecate SHA-1 in a unique way on upcoming releases of Chrome starting with version 39. Considerably different from Microsoft’s plans that were announced in November 2013, Google plans on placing visual marks or placing a block within the browser; all based on the version of the browser, date of use and certificate’s expiration date.

Here is what you need to know first:

  1. SHA-1 is still safe to use but critics say its long-term ability to stand up to collision attacks is questionable.
  2. SHA-2 is the next hashing algorithm to be used.  If your end-entity or intermediate certificates are SHA-1, it might be a good idea to exchange them...
Charla Bunton-Johnson | 11 Sep 2014 | 0 comments

Guest Blogger: John Monnett, V.P. & Partner, Secure128
Website Security Platinum Partner


Shopping Cart Abandonment is a Staggering 70%

In 2014 we’re living through an online revolution. When I started my university undergrad work in 1991, there was virtually no such thing as “e-commerce” as we know it today. In 2014, worldwide business-to-consumer ecommerce sales are estimated to reach nearly $1.5 Trillion.

How can those of us SMB owners capture a share of the ecommerce market most efficiently? There are many contributors to that conundrum, but one of the simplest ways to decrease website shopping cart abandonment is by...

Charla Bunton-Johnson | 18 Aug 2014 | 0 comments

Websites using https boosted in google rankings

Often considered the backbone of global business, SMBs are a unique mix of entrepreneurial drive, daring ingenuity and highly customer-centric practices.

SMBs need to compete in the virtual marketplace with players of all sizes, where square footage doesn’t matter; they are forever seeking ways to stay competitive. One arena where they have a greater chance to level the playing field is in the virtual marketplace.  They have more opportunities to take advantage of a variety of digital platforms, from Web-based businesses and social media outlets to SEO to mobile devices, all for a faster time to market. The Internet allows SMBs to use their limited budgets in ways that they can impress customers and help their brand become more relevant and recognized—even amidst enterprises with extensive budgets and brand...