Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts tagged with SSL Certificates
Showing posts in English
Tim Callan | 14 Nov 2006 | 0 comments

Fascinating article on how criminals are using fake online greeting cards to place malware on computers. The criminals spam us with mimetically accurate fakes of popular greeting cards' notification e-mails. In this case the card is looking for a unpatched system onto which it can install a keylogger. However, the classic phishing technique of sending e-mails pretending to be something they're not is still at work here.

Tim Callan | 10 Nov 2006 | 0 comments

Opera developer Yngve Pettersen has posted a nice writeup of Extended Validation SSL and why it is beneficial to the online community. Yngve ends his missive with the promise of an upcoming Opera release that supports EV. He writes,

Opera has not yet implemented complete support for what is needed for Extended Validation, but work is underway:

Opera has supported OCSP verification of certificates since version 8.0, but CRL support is not yet implemented.

Some of the necessary functionality have been tested in an internal demo version..., based on a weekly release from March 2006.

There is a lot more that needs to be implemented before we can release a version with support for EV, but we will do so When It's Ready.

Tim Callan | 09 Nov 2006 | 0 comments

Brian Krebs published this nice writeup of EV SSL Certificates and how they'll be good for the Web ecosystem. It includes this comment from Bruce Schneier:

"It's a serious problem that people on the 'Net don't know the difference between a real Web site and a clever fake," Schneier said. "I think laying this infrastructure could be useful along with other things in the browser to make it more obvious," when users are at a legitimate site, he said. "This is a big problem, and this is a piece of the solution..."

Tim Callan | 07 Nov 2006 | 0 comments

On the Internet Explorer 7 blog today Microsoft announced that EV-specific functionality is expected to go live in the end of January, 2007. Writes Windows program manager Kelvin Yiu,

Starting at the end of January 2007, we will make the necessary updates to Windows, so that IE7 will recognize EV Certificates and modify the display accordingly (with a green background for the address bar, as well as embedded identify info...)

Tim Callan | 02 Nov 2006 | 0 comments

I recently received this question in reference to one of my postings on the VeriSign Secured Seal.

Am I able to display the VeriSign Secured Seal on websites that link to my checkout process, assuming the checkout is protected with a Verisign SSL certificate?

For example, if I have http://www.mysite.com/ can it have a secured seal beside the buy button that sends people to https://secure.mysite.com ? While the domain is the same, the hostname is different.

What about partners or affiliates that send people to our checkout page? Like if http://www.affiliate.com/ has a buy now button...

Tim Callan | 31 Oct 2006 | 0 comments

I've spoken in the past about the CA/Browser Forum, which is the group that has created the Extended Validaiton SSL standard. Now the CA/Browser Forum has gone live with its Web site.

Tim Callan | 30 Oct 2006 | 0 comments

This new description of Extended Validation SSL Certificates just went up on the Ziff Davis IIS Zone. Disclaimer: The ZD IIS Zone is sponsored by VeriSign. It's a very crisp and cogent summary of the state of the nation for Extended Validation AKA High Assurance SSL.

Tim Callan | 28 Oct 2006 | 0 comments

IE 7 lead program manager Rob Franco recently posted an update on the status of Extended Validation SSL Certificates. It's available on Microsoft's IE7 blog.

Tim Callan | 26 Oct 2006 | 0 comments

At RSA Europe I conducted an interview with The Register on the subject of Extended Validation SSL Certificates, and as a consequence a lot of people are mad at me. I would like to explain the circumstances under which this discussion took place and what I meant by the statement. And I'd like to make it clear that I regret the statement.

Tim Callan | 24 Oct 2006 | 0 comments

Yesterday my VeriSign colleague Mike Davies and I ran a 70-minute breakout session here at the RSA Security conference. It went really well with a good turnout and a number of intelligent questions. We covered Extended Validation SSL, two-factor authentication, and fraud detection as individual components of a larger, mutual authentication model. Thanks to everyone to turned out.