Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts in English
Andy Horbury | 03 Jul 2013 | 0 comments

A friend of mine called me last week (I’m the de facto security/IT guy in my circle of friends) her question was what to do when faced by the message below as it was something she’d not seen before. The warning message as you can see below says that the site may no longer be secure because of an expired SSL certificate.


My immediate answer was that under no circumstances should she ever proceed. If in doubt go to another site, visit their bricks and mortar address, try calling or emailing the store. But do not use the website. The answer I got back from my friend was quite surprising……after enquiring what the issue was via Twitter, she was told by a representative of the site “This warning is nothing to worry about”. After sitting down to consider this I realised what horrendous advice this...

Brook R. Chelmo | 28 Jun 2013 | 0 comments

Migrating certificates during a major key size migration can be difficult at best. I’m going to give you some background, share a great video we have produced, as well as share seven steps to aid in this migration.

Background - Key Sizes Change with Time

Since the RSA algorithm was first publically described in 1977 by Ron Rivest, Adi Shamir, and Len Adleman, 17 key sizes have been factored (hacked).  So far the highest key size that was factored was RSA 768-bit in 2009.  As cloud computing grows so does the threat that RSA 1024-bit will be factored as well. 

Industry Response – Bring 1024-bit Certificate to End-of-Life

In order to be proactive, Certification Authorities (CAs) have been tasked to bring these certificates to end-of-life by the end of 2013.  An end date of December 31, 2013 was listed by...

Brook R. Chelmo | 21 Jun 2013 | 0 comments

Imaging installing a new deadbolt on your backdoor and after all the measuring, drilling, sizing, and installation you stand back to admire your work only to notice the lock was installed backwards.   The device implemented to keep people out will now let them in.  As noted by several university researchers, including Dan Boneh of Stanford University at RSA13, this is the same issue developers are facing when they poorly implement SSL/TLS security within their mobile applications.  The flaw is not in the security technology but in its implementation.

It is natural to assume that I don’t need to sell you on the fact that you need to have all aspects of your information security program in line without any loop holes.  Implementing SSL within non-browser apps has been laid out to make it clear and easy for any user or developer within this white paper.  A...

Jeannie Warner | 21 Jun 2013 | 0 comments

This year’s National Small Business Week is upon us, with 50 years of energy behind it. The occasion is sponsored by the US Small Business Association, celebrating how small businesses are critical to an economy of growth and job creation.

The most vital part of a smaller business is to sell what you produce, be it services or goods or a combination. As people turn to the web to find information, shop, and compare prices, it’s important to remember that at least 3 out of 5 of them will not actually buy anything, and are just visiting to look around and learn. There’s evidence from various polls and split testing that people tend to buy more when they feel secure about sharing financial information, which added to PCI compliance needs require a security solution appropriate for the business.

Determining an appropriate website security solution is one of the challenges of smaller businesses. If...

Belinda Charleson | 21 Jun 2013 | 0 comments

Should you go mobile? Should you expand your retail business online? Should you build a website and do transactions? What does the Australian shopper want, really?  The universal truth is that the entire world is moving digital, and cell phone usage continues its rise. What add-ons are important? Is there more than one answer? We looked through an eConsultancy study  that asked some of these questions to learn about what people want, and how appropriate Website Security Solutions could help support them having it.

How people buy: Yes, everyone knows people buy online. Additionally, many customers report that they are interested in being able to order online, and collect at the store. For simply using the internet as a route to market, one can piggy-back on the pre-existing online giants like to advertise products and move...

Andy Horbury | 17 Jun 2013 | 0 comments

You know just what a boon SSL can be to your business when it comes to keeping your transactions safe, ensuring that your sensitive information – such as credit card numbers, social security numbers and login credentials – is transmitted securely. Not only is it required by the Payment Card Industry, but it’s good business practice to make sure your customers’ information is safe and secure in transactions with your site. Encryption has an impact on the load time, and a wise site owner will work to find the best possible implementation to minimize the effect.

The impact of SSL in terms of speed and authentication is different from one environment to another. Factors include type and source of content, hardware and software tailored solutions such as outsourced transactions and through-put to traffic, whether and how the admin has preloaded pages. Additionally, with the...

Jimmy Edge | 14 Jun 2013 | 0 comments

Mention PKI or ‘Client Certificates’ to many people and it may well conjure up images of businesses busily protecting and completing their customers’ online transactions, yet such certificates are to be found throughout our daily lives, in any number of flavours; when we sign into a VPN; use a bank card at an ATM, or a card to gain access to a building; within Oyster public transport smart cards, used in central London. These digital certificates are even to be found in petrol pumps, the robots on car assembly lines and even in our passports.

In Continental Europe and many so-called ‘emerging countries’, the use of client certificates  is particularly widespread, with governments issuing ID cards that have multiple uses, such as to pay local taxes, electricity bills and for drivers’ licenses. And the reason to see why is simple – client...

Tom Powledge | 10 Jun 2013 | 0 comments

Here’s a number worth thinking about: According to estimates by research firm eMarketer, Inc., global e-commerce sales are expected to grow 18.3 percent to $1.298 trillion this year (Source: eMarketer, Jan 2013). So, what does this mean for you?

Every business, no matter the size, has an opportunity when it comes to e-commerce – it’s not just large retailers, though they do account for the biggest slice of the gigantic pie. As a small business you need to use the Web to attract, find, communicate, service and sell to your customers. It’s a cornerstone of staying competitive and essential if you’re keen to grow.

It may seem simple to open an e-commerce business or add e-commerce to your website. But, many business owners rush in and don’t take the time to lay the proper groundwork before they go live. It...

Tom Powledge | 03 Jun 2013 | 0 comments

The Online Trust Alliance (OTA) has news today, June 5. The OTA conducts an annual audit of a range of businesses, government agencies, and vendors. This audit looks at how each organization deals with the key points of importance to the OTA; domain, brand and consumer protection; site, server, and infrastructure security (including SSL certificate implementation); data protection, privacy, and transparency. They look at over 750 websites, including the 2013 Internet Retailer Top 500, leading financial institutions (certified FDIC), social networking sites, and OTA member companies like Symantec. The public can go to the OTA's website, look at their criteria, and see who the OTA recommends for practicing safe online activity in their Honor Roll.

Inclusion isn't guaranteed, even for partner Certificate Authorities. Symantec Website...

Andy Horbury | 29 May 2013 | 0 comments


Tightly targeted cyber-espionage attacks designed to steal intellectual property are hitting the manufacturing sector and small businesses with ever greater venom, with the latter, highly vulnerable, organisations the target of 31% of such attacks – a threefold increase on 2011.

Meanwhile, targeted attacks overall have seen a massive 42% surge during 2012, compared to the previous year.

These are just some of the worrying statistics revealed by Symantec in its forthcoming ‘Website Security Threat Report’.

Why small businesses? Because they are seen as the path of least resistance. Cybercriminals are enticed by their bank account information, customer data and intellectual property – and the often...