Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Website Security Solutions
Showing posts in English
Teresa Wingfield | 30 Apr 2012 | 0 comments

If you are using self-signed SSL certificates for internal sites such as corporate email servers, human resource portals, wikis, software development sandboxes, etc. you’re probably doing so because you think you’re saving your company a ton of money by not purchasing certificates from a third-party Certificate Authority.  But, for a number of reasons, this probably isn’t true. 

Self-signed certificates cost more than most  implementers realize because the total cost of ownership (TCO) of an SSL certificate is far more than just the price of the certificate. From security hardware, to management software, to data center space and more, the costs of establishing a secure self-signing architecture can quickly add up.  And, a do-it-yourself approach to SSL security may put an organization at risk for costly security breaches and lost trust.

“The Hidden Costs of Self-Signed SSL Certificates” is a new white paper that...

AllenKelly | 24 Apr 2012 | 0 comments

To participate in the contest, start surfing the Internet to find the new Norton Secured Seal. 

 

Once you have located the new seal, tweet the following phrase to qualify for a daily drawing: “I spotted the Norton Secured Seal at (insert publicly-accessible URL) #SpotTheCheck” hash tag in less than 140 English characters.

Entrants will be entered into a random drawing each day for a seven day period to win a $100 gift card to Amazon.com 

Full contest rules are below.

 

SPOT THE CHECK TWITTER CONTEST OFFICIAL RULES

THE “SPOT THE CHECK” TWITTER CONTEST IS OPEN TO LEGAL RESIDENTS OF THE 50 UNITED STATES AND THE DISTRICT OF COLUMBIA (EXCLUDING GUAM, PUERTO RICO...

FranRosch | 23 Apr 2012 | 1 comment

Today, the VeriSign seal got a new look and became the new Norton Secured Seal. 

One of the questions we get asked the most is why make this change to one of the most recognized trust marks on the Internet.  Our response, it just makes sense for us and for our customers.  By combining the power of the VeriSign checkmark with the industry’s most respected Norton brand, we are creating the most valued and highly visible security seal on the Internet.  Businesses will experience the same high security standards and protection that was delivered from the previous VeriSign seal.  The rigorous and proven authentication processes ensures their customers and information stays safe and secure.

The Value of a Trust Seal

The Norton Secured Seal is an indispensable tool and is valued by business customers for its proven ability to provide consumers a secure online experience while instilling confidence and trust in their...

AllenKelly | 17 Apr 2012 | 1 comment

Over the next few weeks, we’ll be making a change to the trust mark on your websites. We are combining the VeriSign Checkmark with the industry-leading Norton brand to create the Norton™ Secured Seal. By bringing together these two well-known and respected brands, the new seal will not only prove to your site visitors that the site is secure, but may also increase traffic, add click-throughs and provide higher visibility in search results. Even before the official launch, a U.S. online consumer study found high recognition of the Norton Secured Seal.

We developed the new Norton Secured Seal to provide our customers with increased visibility and transactions, and plan to make this transition as smooth and seamless as possible. We understand that for many of our customers, having...

Charla Bunton-Johnson | 17 Apr 2012 | 0 comments

JP Donnio, President, TBS Internet
Symantec Trust Services Platinum Partner

It can be difficult to let tried-and-true brands go, unless of course it’s replaced by a better and stronger brand. That is the case with Symantec’s transition from the VeriSign Seal to a Norton Secured Seal, powered by VeriSign combining the trust asset of both VeriSign and Symantec, the new Norton Secured Seal will be even stronger and more effective than its predecessor. Not only is it a positive evolution of the trust mark, but it is also an innovative solution to add to the range of products we offer our customers.

TBS has been a partner with VeriSign since 2003, and since that...

FranRosch | 16 Mar 2012 | 2 comments

Yesterday Kaspersky Lab posted on their research blog that they had discovered a Trojan dropper file in the wild. The malicious code, designed to commit click fraud, was signed by a legitimately issued VeriSign code signing certificate. This was a result of private keys being compromised at one of our customers. The code signing certificate used to sign the malicious code was authenticated and issued by VeriSign to a legitimate organization. The certificate has since been revoked, as it appears that the private keys, which were controlled by the customer, have been compromised.

Allow me to emphasize that Symantec takes these situations very seriously. We’re working closely with the customer to resolve their security issue and to ensure that they are taking precautions and applying best practices for private key before we re-issue another code signing certificate to them. Symantec employs the highest levels of stringent authentication for every certificate we issue....

Rick Andrews | 01 Mar 2012 | 1 comment

RSA 2012 has lived up to expectations with some great thought-provoking presentations. Tuesday morning I attended “Revocation Checking for Digital Certificates: Why Won’t It Work?” moderated by Kirk Hall. Kirk and the other panellists clearly described the shortcomings of revocation checking by CRLs or OCSP and why all modern browsers “soft-fail” if they can’t get a revocation response. They also detailed a number of proposed improvements, and the pros and cons of each.

At Symantec, we believe that revocation checking is essential. That’s why we’ve invested heavily in building a highly-available, massive scale infrastructure to serve our CRLs and OCSP responses. Today our infrastructure supports over 3.5 Billion OCSP lookups every day. We’re an active part of the CA/Browser Forum, including the working group that will study improvements in revocation checking. It’s a great topic that has the potential to make a big...

Quentin Liu | 29 Feb 2012 | 0 comments

The RSA 2012 Conference is this week, and I look forward to the usual exciting mix of reflection on the past year’s important trends, big announcements, and predictions on where things might go from here. For Symantec Authentication, this year’s RSA event carries added weight by falling roughly on the one and a half-year anniversary since Symantec acquired VeriSign. We’ve seen a lot of changes in the past 17 months, both within our company and in the IT industry at large, and the conference will be an excellent opportunity to share our observations and insights on both. There will be a lot to share, and I’m particularly eager to see what people have to say about a key issue that the Symantec Business Authentication team has been championing: Always On SSL.

As background, 2011 has earned ugly nicknames such as “Year of the Breach” and “Year of the Hack” for having the greatest...

FranRosch | 21 Feb 2012 | 0 comments

We are excited about hosting the CA/Browser Forum meeting this week in Mountain View and have a great set of attendees from the leading browser vendors and Certificate Authorities as well as several other interested third parties.  At Symantec, we believe that the CA/B Forum efforts to improve the SSL ecosystem have become even more important given the breaches and attacks over the past year.  The agenda this week is packed with some important topics including:

  1. Standards for improving the security related to CA operations
  2. Intellectual Property Sharing Policy
  3. Discussion on how we can evolve the CA/B Forum decision making process and how we can include the feedback from external third parties including Relying Parties
  4. Higher Authenticated Code Signing Certificates
  5. Certificate invalidation methods

One other topic sure to be discussed is the role of Domain...

FranRosch | 20 Feb 2012 | 0 comments

By now, everyone is aware of the story published in the New York Times earlier this week by John Markoff.   The team of researchers led by Arjan Lenstra scanned 7.1 million 1024-bit public facing RSA keys, and came to the conclusion that an estimated 0.2 percent of all RSA keys in the wild are duplicate keys, and many more may share a common prime factor. Lentra's research paper stated the following:  
 
“We performed a sanity check of public keys collected on the web. Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that the vast majority of public keys work as intended. A more...