Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Identity and Authentication Services
Showing posts in English
vgtero | 24 Apr 2014 | 0 comments

With the recently discovered Heartbleed vulnerability, information security professionals and end users are feeling the pressure and impact to better protect their information. The task of securing your organization and information can seem overwhelming.

Don’t miss out on this webcast to get step-by-step instructions on how to protect your business and information, and keep your communications secure. 

Join Us To Learn About:

  • What is Heartbleed and the impact it has
  • Understand how the vulnerability is exploited and how you can detect it
  • Steps you need to take to secure information now and going forward

Register at:  https://symantecevents.verite.com/31175/241406

DeanJC | 14 Apr 2014 | 1 comment

2013 saw an increase in malware signed with valid code signing certificates. How did this happen? Are verified entities actually signing and distributing malware? That does not appear to be the case. Rather, the code signing private keys are being harvested from users' hard drives, extracted and sent to malicious parties. Microsoft identified a Trojan that specifically does just this. It's called Fareit and details about some of the malware signed using this exploit can be found here: http://blogs.technet.com/b/mmpc/archive/2013/12/15...

Symantec has come up with a solution to this using a cloud based code signing model. This approach keeps the private keys off developer's hard drives and in a secure environment...

smartblogger | 28 Jan 2014 | 0 comments

An SSL certificate is a mode of authenticating a website and securing the transactions, as well as the data communicated through the website by users. It is, therefore, a critical tool for any website that is involved in e-commerce or similar ventures. Any responsible webmaster understands the indispensable value of this tool to the success of their website.

The first step to have your website SSL certified involves acquiring an SSL certificate from the companies that deal in internet based security. These companies will create the certificate for the website as well as a private key. The private key is what enables the webmaster to use the certificate that they have acquired. Many times SSL certificate India providers, in order to boost the security of the certificate; will delete all copies of the key from their server. This means that a webmaster must store his or her copy of the key quite securely to prevent it from getting lost. The webmaster will need to sign the...

DomSYMC | 20 Jan 2014 | 0 comments

The Vulnerability Assessment (VA) scan is a service that each week performs a scan searching for common entry points for the domain you enrolled in for with a purchase of certain SSL certificates. 

If the scan finds any potential weakness within that domain that if breached could threaten your online security, an e-mail will be sent out informing the technical contact to pick up the results of the scan in a downloadable PDF report highlighting the most critical vulnerabilities if any are found.

The Vulnerability Assessment scan is a service that is available for following account types and products:

 

VA scan products.JPG

 

You may have lots of questions or may want to know more regarding the technicalities of the Vulnerability Assessment scan. Such as..

  • What IP address does it scan from?
  • What types of...
smartblogger | 16 Jan 2014 | 0 comments

Many people visit websites and see some form of notification that signifies that the website that they are accessing has an SSL certificate. This can be represented as an encircled tick mark, which is representative of a particular company providing internet security, or it can be in some other form. Very few internet users will stop for a minute to try and understand the importance of this form of certification on the websites that they visit. They do not realize that it is to their own detriment as they end up being victims of fraud on the internet.

An SSL certificate is the internet’s symbol for security on a website. It means that the internet user is protected for all the data that they provide on that website. It signifies that data sent between the website and the user is protected and cannot be accessed by a third party. This is not only useful for protecting the privacy on the internet but is also essential for any transactions that involve sensitive data. Users...

captain jack sparrow | 03 Dec 2013 | 0 comments

can transmit information between computers using high-frequency sound waves inaudible to the human ear. The duo successfully sent passwords and more between non-networked Lenovo T400 laptops via the notebooks’ built-in microphones and speakers. Freaky-deaky!
The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached.

ref:
http://www.pcworld.com/article/2068525/researchers...

DomSYMC | 02 Dec 2013 | 3 comments

In our constant endeavor to provide a better experience for our customers, we are in the process of updating our Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) infrastructure.

The upgrade for CRL lists has been transitioned and implemented on May 06, 2013. With the OCSP list undergoing an upgrade by January 13, 2014.

Here’s how you’ll benefit

  • Faster response time – CRL/OCSP requests will be served from the closest location to the user with dramatically improved average response times.
  • 100+ additional new sites – more sites handling CRL/OCSP requests mean improved availability and reliability all over the globe.

More information and best practices for updating any firewall policies and/or access control devices for this transition for both CRL and OCSP lists can be found referencing our knowledge base articles below.

...

Teresa Law | 18 Oct 2013 | 0 comments

Governments around the world are using this month to educate industry and the public on the importance of cybersecurity.  As part of this year’s observance of Cybersecurity Awareness month, the United States Department of Homeland Security has identified a theme for each week of the month, based on a different cybersecurity issue.  The issue I’d like to focus on is:

Being Mobile: Online Safety and Security - Emphasizes the importance of cybersecurity no matter where you are or what device you are using.

Symantec is committed to helping organizations create a comprehensive and resilient security strategy and mobile security is a key component of that strategy.   The use of mobile devices continues to grow at an amazing rate and a staggering number of organizations now permit employee-owned devices to be used in the workplace.  This...

Spencer Parkinson | 02 Oct 2013 | 2 comments

Information Security™ magazine and SearchSecurity.com recently announced the winners of its 2013 Reader’s Choice Awards, which were selected based on feedback by customers who were asked to assess products deployed within their organizations. We’re excited to announce that Symantec was honored with eight awards – four Gold, two Silver and two Bronze –demonstrating significant representation across our diverse portfolio of market-leading security solutions.

Included below is a complete list of Symantec’s wins, which will be featured in the October edition of Information Security magazine and are highlighted online at SearchSecurity.com.

The Information Security magazine and SearchSecurity.com 2013 Readers’ Choice Award winners were selected based on extensive, in-depth discussions and...

Tariq Naik | 06 Aug 2013 | 0 comments

This article is written based on wide spread Internet reports from Black Hat Conference at Las Vegas.

Recent advances in math and cryptology research in the academic field indicate that there might be mathematical algorithms or solutions in place to break RSA and Diffie-Hellman based encryption without obtaining the secret key and without the need of massive computing resources for significant durations of time within the next four to five years. These encryption schemes are widely on the Internet today for keeping sensitive date private right from encrypting Internet communications used for electronic commerce to securing software updates to encrypting global corporate and government networks.

The key to the security today is that there are no practical ways or efficient algorithms which can break these encryptions without obtaining the secret keys. The day such algorithms are found the encryption and hence the trust on which the Internet works will be broken.

...