Video Screencast Help
Website Security Solutions
Showing posts tagged with VeriSign
Showing posts in English
FranRosch | 26 Oct 2011 | 3 comments

There is a distributed denial of service (DDOS) attack making news this week called THC-SSL-DOS, and it’s stirring up some discussion about the renegotiation feature of SSL. Some are saying this is a flaw in SSL. It is not. SSL renegotiation is a feature; not a flaw to be fixed. The attack is primarily another DDOS attack.

A better user experience

Renegotiation is a feature that makes it possible to adjust the parameters of an SSL handshake without requiring an entirely new SSL session. This allows for an improved user experience, a must have for most Ecommerce, media, cloud providers, and SaaS sites.

Here is just one example: a web user visits a web site that is SSL encrypted. After spending some time shopping on that site anonymously the user decides to purchase or log in. Renegotiation will allow the SSL connection with that site to adjust to authenticate the user without requiring a break in the user experience. This way, all the...

FranRosch | 18 Oct 2011 | 0 comments

Some of the files associated with the new W32.Duqu threat were signed with a private key. After intense investigation we concluded that the private key used for signing these Duqu files was stolen from a Symantec customer whose systems appear to have been compromised. The private key was associated with a code signing certificate issued to that customer.

A Stolen Key

We take this very seriously and quickly revoked the customer code signing certificate in question. We have found no evidence of any breach to our systems and our records show that the code signing certificate was issued only after completing our rigorous customer authentication process. Our systems, roots and intermediate CAs were never at risk.

Running the world’s largest commercial cyber-intelligence network, Symantec is constantly monitoring the internet and customer environments in search of...

AllenKelly | 06 Oct 2011 | 0 comments

As you may already know, VeriSign Authentication Services became part of Symantec in August of 2010. Since then, we’ve continued to invest in and enhance your SSL Certificates—adding more value and providing even more protection for your business—while still giving online customers the greatest confidence that your website is secure. Since we became part of Symantec we’ve delivered:

  • Express Renewal and AutoRedeem/AutoPay Renewal Services Learn more

  • Vulnerability Assessment Learn more

  • Symantec Certificate Intelligence Center...

AllenKelly | 12 Sep 2011 | 0 comments

Symantec® announced today the availability of Symantec Certificate Intelligence Center for public beta.  Symantec Certificate Intelligence Center helps organizations discover SSL Certificates, regardless of issuing CA, across their entire network, and manage the entire lifecycle of SSL Certificates.  This is an add-on option for existing VeriSign® MPKI for SSL customers.

Symantec created this service after hearing from their enterprise customers on the need for an easy-to-deploy SSL Certificate discovery and management system to help provide inventory visibility, ensure business continuity and increase operational efficiency. Other capabilities in the service include:

  • a distributed architecture to enable parallel and fast discovery scans
  • flexible scanning parameters...
AllenKelly | 08 Sep 2011 | 0 comments

This is the second part of a two-part series on the proper management of SSL Certificates.

In Part I of this series, we discussed some of the risks and implications of poorly managed SSL Certificates.  When SSL Certificates expire or become compromised, the need to rectify the situation quickly is paramount. Take the example of a recent incident where a Certificate Authority (CA) was compromised. Customers of that CA may want to take appropriate actions quickly to minimize any cascading impact from that security breach. Unfortunately, if the customers do not have a robust SSL Certificate Management System, they may not know their level of threat exposure.

Many organizations recognize the risks and implications of out-of-status SSL certificates....

AllenKelly | 01 Sep 2011 | 0 comments

On August 17th eWeek ran an article that described how improper SSL implementations can leave websites vulnerable to various cyber attacks.  While this story is spot-on, what is equally important to consider is the proper management of SSL Certificates. The mismanagement of SSL Certificates can lead to financial loss and lack of credibility for your organization.

One particular challenge that enterprises face can be having hundreds of SSL Certificates and no proper SSL Certificate management tool. The status of each certificate is usually tracked manually on a spreadsheet or through some other manual mechanism.  Manual mechanisms are prone to human error, and what’s more, data is difficult to track when IT personnel changes.  In addition, it isn’t unheard of for an SSL Certificate to expire in the middle of the...

Tim Callan | 30 Nov 2010 | 0 comments

Cyber Monday has traditionally served as a sort of Ground Hog day for holiday shopping, or an early indicator of online sales for the season. Currently, a couple notable arrows are pointing to a very successful online shopping season: sales and seals. While CNN Money reports that Cyber Monday sales are up 20%, I'm happy to report that the number of VeriSign seals viewed on Cyber Monday is up 52% over the same number last year---another record year. We recently announced a new high water mark for overall seals viewed in a single day with more than 500 million. Cyber Monday broke that record as the seal was viewed just under 650 million times. And if we follow the same pattern as last year when Cyber Monday sales and seals viewed were...

Bob Angus | 18 Jun 2010 | 0 comments

Father's Day and graduations are right around the corner; it's time to
start looking for those special gifts to express your gratitude. Golfballs.com and HumidorVault.com build customer loyalty and trust by displaying the VeriSign Trust Seal.

As the nation honors 67.8 million fathers and more than 6.5 million high school, college and professional school graduates, loved ones from coast to coast will go online to find and purchase gifts for the dads and grads in their lives. In fact, online sales for Father's Day look very solid. Check out the stats being reported in...

Bob Angus | 17 Jun 2010 | 0 comments

Chicago was hopping last week. Congratulations to the Chicago Blackhawks for winning the 2010 Stanley Cup. And huge congratulations to Internet Retailer and Yahoo! for putting on fantastic events for online retailers!!!!

Pictures are worth a thousand words...

Check out my Flickr photostream from both IRCE 2010 and the Yahoo! Merchant Summit. Here are some of my favorites:

Mike Roebuck of All Web
Promotion wins the VeriSign
Kindle at Yahoo! Merchant Summit
.

Yahoo Merchant Summit Kindle Winner.jpg

...

Bob Angus | 09 Jun 2010 | 0 comments

shopping-cart-basket.pngChicago is the epicenter of ecommerce right now with the Internet Retailer Conference (IRCE 2010) in full force. VeriSign is adding to the buzz too. We just announced a new partnership with Cart32.

Cart 32 now offers the VeriSign Trust Seal to the thousands of merchants who use their comprehensive e-commerce solution. So now online retailers can go to one place for shopping cart software, store management tools, merchant services...