Video Screencast Help
Website Security Solutions
Showing posts tagged with VeriSign
Showing posts in English
Andy Horbury | 06 Feb 2014 | 1 comment

We’ve written in the past about this subject but a recent conversation with a customer brought me back to this concept and whilst we often talk about the perils of an infected website or an out-of-date SSL certificate in ominous tones: browser warnings, customers clicking away and loss of reputation and trust; how much of this is based on real customer behaviour?

The University of California, together with Google, recently undertook a study to track real-world clickthrough rates from browser security warnings in two of the most popular web browsers Google Chrome and Mozilla Firefox. The results reveal a much more security-conscious population than you might expect.

Alice in Warningland

The study looked at the malware, phishing and SSL certificate...

Andy Horbury | 06 Dec 2013 | 0 comments

I’d like to share two webinars with you that we delivered this week

The first was Attack of the Cyber Spies a webinar delivered as part of BrightTALK’s Hackers Summit which you can access here.

The second is the December update of the regular webinar series I do with my colleague Andrew Shepherd: Website Security Threats: December Update

I've also posted both webinar slide decks to Slideshare here

Finally, I’d also like to share this blog posted by Tom Powledge who is the VP of the Website Security Solutions division here at Symantec Keeping Your Data Safe with SSL

We'll be back next week with some new blogs.

Brad | 06 Feb 2013 | 0 comments

Sometimes, serendipity happens.

Here at Website Security Solutions, we're constantly striving to educate people on how important SSL Certificates are to the Internet. The Norton Secured Seal represents trust on the internet; a sure mark that the website where it is displayed represents a site that can be trusted to conduct business transactions.  We try to educate consumers about how to shop safely, and conduct their business online with a minimum of risk; because it's a world full of internet predators out there trying to steal people's money, their data, and their very identity.

Consumer education is one of the most important things we can do in the Security industry. We have to teach people what to look for, how to surf safely, and how to protect themselves. And all...

Rick Andrews | 26 Nov 2012 | 1 comment

It doesn’t take a crystal ball to predict that 2013 will press the limits of the mobile infrastructure.  The sales of smart phones and tablets are through the roof, and apps are being written at a fast pace. This is a boon for many, bringing the internet and cloud applications to the hands of users all over the world, who may not own a computer or have ISP service, but do own a phone.

In the race to be part of the mobile rush however, fast app development is often more valued than a well thought out and secure application.  As a result, SSL/TLS app failures can result in broken, disabled or nonexistent validation behind the scenes of mobile applications.  SSL is the backbone technology for secure connections between the app and the cloud, but without proper certificate handling by the developers it’s still vulnerable to attacks by outsiders. This core vulnerability presents a real danger, and it’s imperative that the app developer learn how...

Jeannie Warner | 15 Nov 2012 | 0 comments

An SSL/TLS Certificate, which website visitors see by the HTTPS:// prefix in the address bar of your browser lets you know that the site you are visiting has been authenticated, and any information you share with that site is encrypted. Knowing that a site is legitimate and secure is especially important with holiday shopping season upon us, where scam sites spring up like snowmen only to melt away with your money.

Symantec takes its responsibility as a certificate authority seriously. It is very important that we do not issue SSL certificates to questionable organizations. Any website with a Symantec SSL certificate has gone through strict authentication practices and procedures. There are also some very firm processes for revoking certificates, or not renewing certificates if there is an issue with an organization. In fact, on average 6-8% of requests for new certificates and renewals are declined. That means Symantec denies tens of thousands of requests every year, as...

FranRosch | 01 Nov 2012 | 0 comments

I’m very pleased to announce that as of today Symantec has wholly acquired VeriSign Japan, a long time business partner, solidifying our investment and commitment to growing our business in Japan. This acquisition achieves three key goals that help benefit customers in the local Japanese market:

  • We will expand VeriSign Japan’s current SSL offerings by providing full website security solutions, including Website Malware Scan, Vulnerability Assessment and Seal-in-Search functionality.
  • VeriSign Japan customers now benefit from the combined resources of the existing local team and Symantec’s global expertise.
  •  Organizations in Japan are now able to acquire identity and authentication security and website security solutions through a single vendor.

By bringing our two teams together, Symantec will help enable IT to confidently and securely adopt new computing models – from cloud computing to social networking to...

Rick Andrews | 30 Oct 2012 | 0 comments

SSL/TLS is technology that is critical for securing communications. The challenge facing the SSL ecosystem today is how it is being implemented and used. Several University researchers have recently published reports indicating errors and shortcomings in non-browser applications that act as the client of an SSL/TLS connection. These issues result from flawed implementations of SSL in the applications or in SDKs or APIs used by them. SSL Client non-browser applications should follow these best practices to ensure the high level of authentication, confidentiality and integrity promised by SSL remain intact.

A Developer must perform a number of checks, and the most important is to cryptographically validate that the end-entity certificate presented by the server is the expected certificate, or was signed by an expected certificate. In other words, the Developer must create a trusted and validated chain of certificates starting with the end-entity certificate and linking up to...

Jeannie Warner | 11 Oct 2012 | 0 comments

When your mobile or web browser address bar turns green it’s a clear sign that you can complete a transaction, or fill out an online form with confidence. The green address bar indicate that you’re on a site that has an Extended Validation (EV) certificate, a measure increasingly used by organizations to provide reassurance to customers who are wary of sharing personal information online. Sites protected by an EV certificate must pass the industry’s most stringent standards for identity validation and if the certificate is from Symantec it also protects you from malware, as these sites are scanned daily for infection.

To receive  an EV certificate, an organization  not only has to demonstrate secure encryption methods but also pass rigorous checks based on the highest industry standards to prove that it is a legitimate company, including: 

  • It...
FranRosch | 16 Mar 2012 | 2 comments

Yesterday Kaspersky Lab posted on their research blog that they had discovered a Trojan dropper file in the wild. The malicious code, designed to commit click fraud, was signed by a legitimately issued VeriSign code signing certificate. This was a result of private keys being compromised at one of our customers. The code signing certificate used to sign the malicious code was authenticated and issued by VeriSign to a legitimate organization. The certificate has since been revoked, as it appears that the private keys, which were controlled by the customer, have been compromised.

Allow me to emphasize that Symantec takes these situations very seriously. We’re working closely with the customer to resolve their security issue and to ensure that they are taking precautions and applying best practices for private key before we re-issue another code signing certificate to them. Symantec employs the highest levels of stringent authentication for every certificate we issue....

Michael Lin | 06 Dec 2011 | 1 comment

While presenting at the HostingCon earlier this year, some particular figures in my slide deck jumped out at me: 1) Corporations are seeing their information double every two years; and 2) Each day, 600 million emails are sent containing unencrypted confidential data. Those are staggering figures on their own. Put them together, and the need to protect sensitive data online becomes glaringly obvious.

The booming popularity of Secure Sockets Layer (SSL) Certificates and Extended Validation SSL (EV SSL) Certificates reflects the recognition that people and organizations must protect themselves from worsening malware, data breaches and other IT security threats. By validating user and...