Video Screencast Help
Search Video Help Close Back
to help

Website Security Solutions

Showing posts tagged with SSL Certificates
Showing posts in English
What you need to know to migrate from 1024-bit to 2048-bit encryption
Andy Horbury | 13 May 2013 | 0 comments

I hope by now that you are aware that the Certificate Authority/Browser Forum has mandated that Certificate Authorities stop supporting 1024-bit key length RSA certificates for both SSL and code signing by the end of this year (2013). To learn more about these changes please read the CA/Browser Forum’s paper on the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates

What do you need to do?

Any Symantec customers with certificates expiring this year (2013) will need to renew by generating a Certificate Signing Request (CSR) of 2048 bits or higher. Any Symantec customers with certificates expiring in 2014 or later will need to replace and upgrade all 1024-bit certificates with 2048-bit RSA/DSA or 256-bit ECC certificates by 1st October 2013. All existing 1024-bit certificates will be discontinued...

Read more
Making the most of website analytics
Andy Horbury | 21 Feb 2013 | 1 comment

 

Following on from our recent webinar on the theme of website optimisation we have developed a series of three blog posts that discuss website optimisation. These are high level blogs and not intended to be all encompassing but rather have been designed to kick start thoughts on concepts such as tips to keep your website safe, SEO and in this final post, website analytics.....

How to make the most of website analytics

Website analytics tools, such as Google Analytics, Optimizely or Mint, are invaluable tools when it comes to guiding your marketing and website development but only if you know how to make the most of the data they provide.

Resisting temptation: Vanity metrics

The term vanity metrics was coined by author Eric Ries in his book...

Read more
Seven ways to keep your website safe
Andy Horbury | 19 Feb 2013 | 1 comment

Following on from our recent webinar on the theme of website optimisation we have developed a series of three blog posts that discuss website optimisation. These are high level blogs and not intended to be all encompassing but rather have been designed to kick start thoughts on concepts such as analytics, SEO and some tips to keep your website safe..

Seven ways to keep your website safe

Broken links, badly formatted code, page errors and expired SSL certificates can hurt the quality and ranking of your site. Running a website isn’t simply a case of setting it up and forgetting about it. It’s not quite build it and they will come, you need to maintain it, keep it safe and secure it in order to maximize traffic, sign-ups and conversions. Here are seven top tips for a safe and successful website:

  1. ...
Read more
Norton Secured Seal is #1
Brad | 07 Feb 2013 | 0 comments

Sometimes, serendipity happens.

Here at Website Security Solutions, we're constantly striving to educate people on how important SSL Certificates are to the Internet. The Norton Secured Seal represents trust on the internet; a sure mark that the website where it is displayed represents a site that can be trusted to conduct business transactions.  We try to educate consumers about how to shop safely, and conduct their business online with a minimum of risk; because it's a world full of internet predators out there trying to steal people's money, their data, and their very identity.

Consumer education is one of the most important things we can do in the Security industry. We have to teach people what to look for, how to surf safely, and how to protect themselves. And all...

Read more
Welcome to the start of the 2013 Tax Fraud/Scheme Season
Jeannie Warner | 21 Jan 2013 | 3 comments

We're looking at a bumper crop of online frauds, cons, ID thefts, and check stealing this year. Some of them can steal your returns, others cost you your life savings or money you have not even begun to earn. As your W-2s come in, here are some simple pointers to remember about filing and online opportunities as well as methods for avoiding theft of multiple kinds.

  1. First and most important - the IRS will never email you. Ever. If you get an email from the IRS or EFTPS (Electronic Federal Tax Payment System), forward it to phishing@irs.gov and do not respond!
  1. Beware fake Tax preparation companies.  Never enter information online unless you see HTTPS: or a green bar in the URL, and look for the Preparer Tax identification Number (PTIN) on your return. You should always receive a copy of your tax return, and a reputable tax service should never do your taxes for a percentage of the refund....
Read more
Navigating the global threat landscape for online businesses
Jimmy Edge | 14 Jan 2013 | 0 comments

Running an ecommerce site is a rewarding business. There are almost 2.5 billion people online, and the global consumer ecommerce market is worth around $1 trillion, which is nothing to be sneezed at.

But that opportunity also attracts criminals, which is why running any public-facing website is highly risky. The cost of cybercrime runs into the hundreds of billions each year, and in 2011, 403 million unique variants of malware were discovered, according to Symantec's Internet Security Threat Report.

That's not just stolen money we're talking about – you also need to factor in compensation payments, the time and manpower it takes to clean up after a successful attack, and the massive impact that systems breaches...

Read more
Microsoft goes Always On with EV for Outlook.com
FranRosch | 18 Dec 2012 | 0 comments

On Tuesday, Microsoft announced that they have just upgraded their entire Outlook.com mail environment to an Always On SSL experience, protected by Extended Validation (EV).  This means that all of the user’s data is protected via 2048-bit encryption - not just the log on page - on Outlook.com, as well as Hotmail, and Live.

This is a big deal. Always-On SSL is the most recommended way for any kind of social media to be enabled for user security.  When a site is completely hosted over HTTPS, the user is much better protected from attacks and surveillance.  For example, on sites without Always On SSL, although the logon would be encrypted, if the subsequent pages are not protected by HTTPS the cookie with the login credentials could be intercepted and used for malicious purposes.

The dangers of...

Read more
2013 Predictions for SSL
Rick Andrews | 18 Dec 2012 | 1 comment

It doesn’t take a crystal ball to predict that 2013 will press the limits of the mobile infrastructure.  The sales of smart phones and tablets are through the roof, and apps are being written at a fast pace. This is a boon for many, bringing the internet and cloud applications to the hands of users all over the world, who may not own a computer or have ISP service, but do own a phone.

In the race to be part of the mobile rush however, fast app development is often more valued than a well thought out and secure application.  As a result, SSL/TLS app failures can result in broken, disabled or nonexistent validation behind the scenes of mobile applications.  SSL is the backbone technology for secure connections between the app and the cloud, but without proper certificate handling by the developers it’s still vulnerable to attacks by outsiders. This core vulnerability presents a real danger, and it’s imperative that the app developer learn how...

Read more
How Websites Deal with Rejection
Jeannie Warner | 18 Dec 2012 | 0 comments

An SSL/TLS Certificate, which website visitors see by the HTTPS:// prefix in the address bar of your browser lets you know that the site you are visiting has been authenticated, and any information you share with that site is encrypted. Knowing that a site is legitimate and secure is especially important with holiday shopping season upon us, where scam sites spring up like snowmen only to melt away with your money.

Symantec takes its responsibility as a certificate authority seriously. It is very important that we do not issue SSL certificates to questionable organizations. Any website with a Symantec SSL certificate has gone through strict authentication practices and procedures. There are also some very firm processes for revoking certificates, or not renewing certificates if there is an issue with an organization. In fact, on average 6-8% of requests for new certificates and renewals are declined. That means Symantec denies tens of thousands of requests every year, as...

Read more
SSL for Apps
Rick Andrews | 18 Dec 2012 | 0 comments

SSL/TLS is technology that is critical for securing communications. The challenge facing the SSL ecosystem today is how it is being implemented and used. Several University researchers have recently published reports indicating errors and shortcomings in non-browser applications that act as the client of an SSL/TLS connection. These issues result from flawed implementations of SSL in the applications or in SDKs or APIs used by them. SSL Client non-browser applications should follow these best practices to ensure the high level of authentication, confidentiality and integrity promised by SSL remain intact.

A Developer must perform a number of checks, and the most important is to cryptographically validate that the end-entity certificate presented by the server is the expected certificate, or was signed by an expected certificate. In other words, the Developer must create a trusted and validated chain of certificates starting with the end-entity certificate and linking up to...

Read more