Video Screencast Help
Search Video Help Close Back
to help

Website Security Solutions

Showing posts in English
Physical Security Makes Web Security Possible
FranRosch | 18 Dec 2012 | 0 comments

Trust on the internet isn't just a catch phrase. It's a concern that engenders policies that extend from the virtual world of security products and integration all the way down into process and physical reinforcement. It is also a daily practice at Symantec, where we back up our mission statements with concrete, measured practices. We built our datacenter facilities with a defense in depth approach, and believe in practicing what we preach regarding the standards a CA should adhere to. My leadership team demands that our infrastructure supports our strategy to be the best.

We gave the folks at CNet a tour of our Operations facility where we process SSL Certificates, and showed them our model of what makes a secure facility. We are constantly investing in improvement, keeping up with the latest trends in physical security as a vital link to supporting our virtual security. Recently, CNet published the following article about what they saw on that tour:

...

Read more
Safe Surfing for Sports Season
Jeannie Warner | 18 Dec 2012 | 0 comments

Keeping Your Personal Information Secure
 

It’s a great time for sports fans, with the summer Olympics still fresh in our minds, the NFL season kicking off, and hockey and basketball just around the corner. Unfortunately, it’s also a great time for cyber criminals who take advantage of the excitement to steal valuable personal information.

A common approach, known as “phishing,” uses phony emails that inform fans they have won the “NFL Lottery” or can purchase discounted tickets. These emails often contain links to websites that look genuine but are designed to trick users into providing login and password details. Some also include attachments that can download nasty computer viruses.

As scammers grow more sophisticated, users have to up their defensive game. Here are some tips to help protect against phishing attacks:

  1. Never click on links or open attachments in unsolicited emails....
Read more
Symantec Continues to Grow Market Share in SSL
FranRosch | 18 Dec 2012 | 0 comments

Last week Netcraft released its monthly report on global SSL certificate issuance and market share. The report states that Symantec experienced another banner month of growth.  According to the August 2012 Netcraft report, Symantec saw the largest overall gain in net new SSL certificates. We continue to remain the overall SSL market leader with a market share of 38.4% (Netcraft, August 2012).  Our internal Symantec model actually reflects that Symantec has a much larger market share as many large Enterprises use our SSL certificates behind their firewalls where Netcraft is unable to explore. 

Symantec also continues to dominate the Extended Validation (EV) SSL market segment, outpacing the competition in terms of growth while issuing 64.5% of all active EV SSL certificates today. EV SSL certificates offer the highest level of validation, and provide consumers the absolute highest level of trust in the websites they are sharing data with. It’s important...

Read more
Next Generation Code Signing: Keeping malware off of your system
DeanJC | 18 Dec 2012 | 0 comments

Code signing has been around forever and was the initial step to keeping personal computer systems secure. The concept is simple: have developers digitally sign their code before it’s released so that if it turns out to be malware, we can determine who signed it and when. Then we call the FBI, arrest the malware author and clean up our machines.  On the surface this sounds pretty straightforward, but

Over the last few years, it was discovered that stolen code signing certificates have been used to sign malware. No one knows for sure how the certificates were stolen but most likely, the private keys, which are stored on PCs, were not protected with good passwords and were hacked. Those keys were then used to sign code such as Stuxnet.  Stolen keys undermine code signing and something had to be done about that.

Most people have heard of Extended Validation (EV) SSL certificates; an SSL certificate which displays differently in the browser, utilizing a...

Read more
Why Your Certificate Authority Matters, Now More Than Ever
FranRosch | 18 Dec 2012 | 0 comments

Last week the Certificate Authority / Browser Forum (CA/B) voted down a motion to extend a deadline for its members to sign an intellectual property rights agreement (IPR). Signing this agreement is mandatory to retain membership. Those who had not signed by August 1st are no longer members of the CA/B Forum. Entrust, CyberTrust (Verizon), and Research In Motion (RIM) are among the CAs who did not, or would not sign the IPR. They’re all out.

So what?

What’s so important about the IPR is that it enables CAs and browsers to work together as an industry to develop improved Internet security standards without infringing on any particular organization’s intellectual property rights.  This transparent, collaborative workgroup will help drive innovation to better secure data in transit over the Internet.

As a result of their inaction, the CA’s mentioned above will not have a role in forging a more secure future for...

Read more
Staying Safe on Social Networking Sites
AllenKelly | 18 Dec 2012 | 0 comments

Last month, a popular social networking site fell victim to one of the industry’s largest hacking attacks, losing more than 6.5 million user passwords—including 165,000 that were cracked and posted online. Shortly after, similar password breaches occurred at a popular dating site and a popular music site.

With hackers increasingly targeting social networking sites to gain sensitive user information, it’s becoming especially important for users to be cautious and mindful of their online behavior. Because chances are, the passwords that many people use to log in to their social networking accounts are the same ones they use to access other online accounts, including banking or other transactional sites.

Want to make sure your next social networking session is a safe one? Here are a few tips to help keep...

Read more
Why are the Certification Authority/Browser Baseline Requirements so important?
FranRosch | 18 Dec 2012 | 0 comments

Symantec has been a key driver in collaborative work with the CA/B Forum to develop a new set of baseline requirements for organization and domain validated SSL certificates. The CA/B Forum is an organization of leading Certification Authorities (CAs) and vendors of Internet browser software and other applications. The CA/B Baseline Requirements are documented in “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates v. 1.0”.

We are proud to announce that Symantec is adopting the new Baseline Requirements effective July 1st, 2012. 

The Baseline Requirements focus on providing clear standards for CAs on important topics including verification of identity, certificate content and profiles, CA security, revocation mechanisms, use of algorithms and key sizes, audit requirements, liability, privacy and confidentiality, and delegation (including external sub-...

Read more
OTA Announces the 2012 Online Trust Scorecard and Honor Roll
geoffnoakes | 18 Dec 2012 | 1 comment

I sat down today with Craig Spiezle, Executive Director of the Online Trust Alliance, at the Internet Retailer show in Chicago, to learn more about OTA’s Online Trust Honor Roll announcement.  This is the OTA's fourth annual Online Trust Honor Roll -- the report promotes for the adoption of best practices; it recognizes leaders, and it provides prescriptive advice to businesses and governments.  Symantec had made the OTA’s Online Trust Honor Roll 4 years in a row.  The report is located at https://otalliance.org/honorroll.html.

Among the changes in this year’s report:

  • Tools, methodology, and transparency: the OTA uses a number of publicly-available tools to capture...
Read more
AnDevCon 2012: New Code Signing Services to Protect Your App
AllenKelly | 18 Dec 2012 | 0 comments

Author: Dean Coclin, Senior Director of Business Development at Symantec

Today, I had the opportunity to meet over a hundred talented developers at AnDevCon 2012 during my session on “Challenges in Code Signing and Key Security."

Android has quickly become one of the most popular operating systems for mobile devices. It’s amazing how this ecosystem has changed. Only 5 years ago, Symbian was the #1 smartphone OS in the world and now its market share has dwindled down to a much smaller number. Five years ago we were also carrying around our Palm Treo devices, a company that no longer even exists and their WebOS has been literally thrown away by HP, their new parent.

It’s been an interesting month in the Bay Area as tech giants Oracle and Google battled each other in court over whether Android contains...

Read more
News: Authentication for Mobile at Vision 2012
FranRosch | 18 Dec 2012 | 1 comment

We started Vision 2012, our technology summit, with a bang this year.  Yesterday, Symantec made two significant mobile authentication announcements: Code Signing (CS) for Android and Certificate Intelligence Center (CIC) for Mobile.  To set the stage for extending our solutions to mobile, let’s do a quick recap of the current mobile threat landscape.  

With the growing uptake in smartphones and tablets, and their increasing connectivity and capability, there has been a corresponding increase in activity by malicious attackers.  Symantec’s 2012 Internet Security Threat Report revealed that mobile vulnerabilities increased by 93 percent in 2011 while at the same time, a rise in threats targeting the Android operating system occurred.  The report also showed that 2011 was the first year that mobile malware presented a tangible threat to...

Read more