The Internet is buzzing with news of a recently compromised Certificate Authority (CA), DigiNotar, owned by VASCO Data Security International, Inc., possibly compromising a large number of consumers.

In July of this year an internal audit discovered an intrusion within DigiNotar’s CA infrastructure indicating compromise of their cryptographic keys. The breach of these keys resulted in the fraudulent issuance of public key certificates to a several dozen domains including the domain Google.com. Shortly after the incident DigiNotar revoked all of the certificates in question, conducted an additional external security audit and then attempted to revoke outstanding certificates that were affected. As of July 19th, DigiNotar believed all fraudulent certificates were taken out of circulation by revocation.

Unfortunately this week it was found that there were still instances of fraudulent certificates still in circulation. On August 28, 2011 a false DigiNotar wildcard...

...on behalf of Michael Lin, senior director of Trust Services

A recent flurry of media stories and blog posts has debated which technology is more crucial for online security: Domain Name System Security (DNSSEC) or Secure Sockets Layer (SSL) encryption?  The very question itself indicates that confusion may still exist over what each technology does – and how they actually work best together.

DNSSEC ensures that people reach the real IP address of the websites they seek. More specifically, DNSSEC authenticates the origin and integrity of DNS data as that data traverses the Internet. The technology helps thwart man-in-the-middle attacks and DNS cache poisoning, where cybercriminals corrupt stored DNS data to direct website visitors to fraudulent sites. The Online Trust Alliance recommended organizations support of DNSSEC in their latest scorecard,...

Yesterday, an independent researcher claimed in his blog to have successfully exploited vulnerabilities in the way LinkedIn handles and transmits cookies over SSL (see blog at http://www.wtfuzz.com/blogs/linkedin-ssl-cookie-vulnerability). According to the blog, one of the problems is the availability of cookies sent in plain text over unencrypted channels of communication, which is due to SSL cookies not having a secure flag set, as well as appearing to contain session tokens.

"An attacker may be able to perform a man in the middle (MITM) attack, and thus capture these cookies from an established Linkedin session." said the researcher.

This type of attack is similar to how Firesheep, a Firefox plug-in that was released in October 2010, enabled hackers to hijack information from other users on the same unsecured Wi-Fi. The most notable...

...on behalf of Carlos Chang, product marketing manager, Symantec.

 It is Small Business Week here in the U.S., and time for outstanding small businesses to be recognized. Small businesses are the engines that power our economy and deserve recognition for everything they do that makes our country strong. 

Traditionally, consumers tend to trust small business owners – whether it is the helpful pharmacist around the corner, or the owner of the sandwich shop down the street that will always greet you with a friendly hello. Unfortunately, consumers don’t always have that same trust when doing business online.

Consumers do not always know who is behind a website they are visiting and need confirmation that it is run by a legitimate business. One way to receive that confirmation is through a symbol or mark on the website itself, indicating that it is indeed safe. It is important for small businesses that have an online presence to have a trust...