Video Screencast Help
Search Video Help Close Back
to help

Website Security Solutions

Showing posts in English
OTA Recommendations Help Businesses, Consumers Know Who Their Friends Are
AllenKelly | 18 Dec 2012 | 0 comments

April Fool's Day is almost here. This annual celebration of silliness has endured largely because of trust - we all know who's playing the jokes on us and that those jokes will be harmless.
Unfortunately, this holiday also presents cyber criminals -- phishers, Web site spoofers and other scammers -- with a lure and smokescreen for their malicious attacks. These felons deliberately misrepresent themselves as legitimate organizations to gain unauthorized access to confidential or proprietary data. Their attacks are anything but playful and painless - rather, they can do incredible harm to industry, government and the citizens they serve.

To better protect the online community, the Online Trust Alliance (OTA) today released its 2011 Top 10 Recommendations to Help Businesses Protect Consumers From Being Fooled. OTA's recommendations provide a good cheat sheet of quick, effective IT security...

Read more
How to avoid fraudulent SSL
AllenKelly | 18 Dec 2012 | 0 comments

This week Mozilla, Microsoft and Google all updated their browser blacklists to include a list of fraudulent SSL certificates issued for the following URLs:
mail.google.com
www.google.com
login.live.com
addons.mozilla.org
login.skype.com
login.yahoo.com

These SSL certificates were issued by a Registration Authority (RA) affiliated with (and trusted by) Comodo, which claims that access to the RA was compromised and a user account was breached. They claim that this RA account was fraudulently used to issue 9 SSL certificates for the URLs above. They also claim that the attack originated from Iran.

Although these fraudulent certificates were revoked, many end users were still exposed to risk. Why? Because the technology that make sure revoked certificates are not mistakenly validated are either turned-off or entirely missing in some users' browsers. Even if the...

Read more
Tim Callan has left Symantec
Tim Callan | 18 Dec 2012 | 0 comments

Hello readers. Yesterday was my last day as a Symantec employee, and this entry is my last on Tim Callan's SSL Blog. After nearly seven years at VeriSign/Symantec I am moving on. The transition of the VeriSign authentication business since our acquisition in August 2010 has gone well, and with the approach of a new Symantec fiscal year, it's the right time for me to hand my responsibilities over to the going-forward team and find my own next adventure. I don't know right now what that adventure is, but if you're interested, just follow Tim Callan on Twitter, and I'll let you know. I also am authoring my own, personal blog, Tim Callan on Marketing and Technology, and I encourage you to come see me there as well. The future of this blog...

Read more
Twitter offers always-on HTTPS
Tim Callan | 18 Dec 2012 | 0 comments

In the wake of Ashton Kuchur's recent Twitter account takeover and calls for consistent SSL protection on social media sites, Twitter is now offering an always-on SSL option.

Read more
Trust Indicators at Search Engine Strategies in New York City next week
Tim Callan | 18 Dec 2012 | 0 comments

If you're attending Search Engine Strategies next week in New York City, make sure you come by and see our presentation on how trust indicators drive traffic from search results and maximize click-through rates on landing pages. Trust the link. Trust the Website. Trust the Transaction.

Read more
Warnings go out about Japanese earthquake and phishing
Tim Callan | 18 Dec 2012 | 0 comments

For the past seven years or so we've seen a common criminal practice of creating just-in-time phishing scams around breaking news or other current events. These scams consistently appear for predictable events such as tax time or even March Madness, but they also arrive very quickly when high profile natural disasters occur. Dating back at least as far as the Katrina/Rita disaster (and occurring as recently as February's earthquake in Christchurch, New Zealand), these attacks seek to prey on concerned well wishers trying to donate money to aid disaster relief. The good news is that public awareness of this attack vector continues...

Read more
Stuxnet code signing incident emphasizes role of ACS
Tim Callan | 18 Dec 2012 | 0 comments

Blogger Roman Poroshyn recently posted commentary pointing out that code signing certificates can be stolen (as illustrated by the Stuxnet attack) and that he expects the syndrome of stolen certificates to continue in 2011. Roman writes,

Stuxnet has made it painfully clear that a virtual identity can be stolen. Authorities issuing digital certificates are unable to prevent that and their response is always delayed, because it is based on reports from computer security companies.

The good news is that a well developed code signing paradigm exists that can greatly improve our ability to defend against certificate theft. It's called...

Read more
"Dude, where's my SSL?"
Tim Callan | 18 Dec 2012 | 0 comments

Less than a week after New York Senator Charles Schumer called out Twitter by name for incomplete SSL implementation (along with Yahoo and Amazon) the popular social networking site finds itself in the SSL media crosshairs once again. Specifically, Ashton Kutcher had his Twitter account taken over. The thief tweeted a pair of messages, which were

Ashton, you've been Punk'd

and then

This account is not secure. Dude, where's my SSL?

While it's to Twitter's discredit that such a high profile service hasn't even secured its login pages at this late date, unfortunately Twitter is not alone. A quick look around the web...

Read more
Google app malware incident highlights need for publisher identity and accountability
Tim Callan | 18 Dec 2012 | 0 comments

Whole buncha headlines yesterday as Google pulled the plug on more than fifty Android apps for containing malware. Threatpost has a good writeup here, and Android Police has even more detail here and here. Existing writing on the subject has focused on the cleverness and skill of the trojan itself, along with debate about how soon...

Read more
Always-on SSL coverage continues with the Economist
Tim Callan | 18 Dec 2012 | 0 comments

The Economist has a cogent and thorough description of the need for always-on SSL and Senator Schumer's recent public exhortion to leading social and e-commerce sites to put their entire user experiences under SSL.

Read more