Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Website Security Solutions
Showing posts in English
Tim Callan | 08 Dec 2006 | 0 comments

It's here. VeriSign is taking orders for Extended Validation SSL Certificates, performing authentication, and issuing certificates. We've already issued the first of our certificates to customers.

Order your Extended Validation SSL Certificates here.
Read more about Extended Validation SSL Certificates here.

Tim Callan | 06 Dec 2006 | 0 comments

For the past few months I've been enjoying the hell out of Phillip Hallam-Baker's Web Security Blog. Here's a guy who's much smarter than I am and ready to share his considerable online security insights with the public. I never miss it, and I strongly recommend you check it out.

Tim Callan | 28 Nov 2006 | 0 comments

Yesterday was what they used to call "black Monday" (because it was the day that put online retailers in the black) and they now call "Cyber Monday" (presumably because it sounds cooler). Cyber Monday is often the biggest sales day of the year online, and yesterday was huge. How huge? Well, I can tell you that for the first time in history over 100 million VeriSign Secured Seals were viewed in a single day. I'm very confident that's an unprecedented event. I can't think of another online mark might ever have been viewed in that volume.

Pretty cool.

Tim Callan | 27 Nov 2006 | 0 comments

Here's a good writeup on about Opodo's measured sales increase using the VeriSign Secured Seal. It includes a quote from Gartner analyst Avivah Litan, who describes the increase driven by the VeriSign Secured Seal as "unusual."

Tim Callan | 14 Nov 2006 | 0 comments

Fascinating article on how criminals are using fake online greeting cards to place malware on computers. The criminals spam us with mimetically accurate fakes of popular greeting cards' notification e-mails. In this case the card is looking for a unpatched system onto which it can install a keylogger. However, the classic phishing technique of sending e-mails pretending to be something they're not is still at work here.

Tim Callan | 10 Nov 2006 | 0 comments

Opera developer Yngve Pettersen has posted a nice writeup of Extended Validation SSL and why it is beneficial to the online community. Yngve ends his missive with the promise of an upcoming Opera release that supports EV. He writes,

Opera has not yet implemented complete support for what is needed for Extended Validation, but work is underway:

Opera has supported OCSP verification of certificates since version 8.0, but CRL support is not yet implemented.

Some of the necessary functionality have been tested in an internal demo version..., based on a weekly release from March 2006.

There is a lot more that needs to be implemented before we can release a version with support for EV, but we will do so When It's Ready.

Tim Callan | 09 Nov 2006 | 0 comments

Brian Krebs published this nice writeup of EV SSL Certificates and how they'll be good for the Web ecosystem. It includes this comment from Bruce Schneier:

"It's a serious problem that people on the 'Net don't know the difference between a real Web site and a clever fake," Schneier said. "I think laying this infrastructure could be useful along with other things in the browser to make it more obvious," when users are at a legitimate site, he said. "This is a big problem, and this is a piece of the solution..."

Tim Callan | 07 Nov 2006 | 0 comments

On the Internet Explorer 7 blog today Microsoft announced that EV-specific functionality is expected to go live in the end of January, 2007. Writes Windows program manager Kelvin Yiu,

Starting at the end of January 2007, we will make the necessary updates to Windows, so that IE7 will recognize EV Certificates and modify the display accordingly (with a green background for the address bar, as well as embedded identify info...)

Tim Callan | 02 Nov 2006 | 0 comments

I recently received this question in reference to one of my postings on the VeriSign Secured Seal.

Am I able to display the VeriSign Secured Seal on websites that link to my checkout process, assuming the checkout is protected with a Verisign SSL certificate?

For example, if I have can it have a secured seal beside the buy button that sends people to ? While the domain is the same, the hostname is different.

What about partners or affiliates that send people to our checkout page? Like if has a buy now button...

Tim Callan | 31 Oct 2006 | 0 comments

I've spoken in the past about the CA/Browser Forum, which is the group that has created the Extended Validaiton SSL standard. Now the CA/Browser Forum has gone live with its Web site.