On this coming Tuesday I will be giving a Web seminar on High Assurance SSL. This presentation will go over what High Assurance certificates are, how they will work in the browsers, how authentication standards will change for this standard, expected browser support, and anticipated availability. It's FREE to anyone who wants to register.
As the new High Assurance SSL standard makes its way into the public's awareness, I've run into an interesting gap in the way people think about the browsers that come to their site. It comes about when someone is considering how the two forms of extended SSL capability interact with each other. Those two forms of extended capability are High Assurance (highest authentication certificates) and Server Gated Cryptography (strongest encryption certificates).
Here is an interesting site in which CS professor and open source developer Amir Herzberg maintains a list of prominent online businesses that maintain unprotected logins. These businesses aid phishing attempts on their own sites by using practices that eliminate some fo the information you can use to distinguish a genuine site from a fake. It's thought-provoking site, and I suggest you check it out.
Today I'd like to walk you through a scenario where a dedicated criminal could take the sort of information routinely found on unprotected Web forms and use it to your detriment. My friend and fellow VeriSign employee Mike Davies originally called my attention to this potential exploit, so I'd like to thank him.
Another giant of the e-commerce industry has chosen to put the VeriSign Secured Seal on its shopping cart page. OfficeMax joins its peer Staples in showing off its choice of best-in-breed SSL security. In this case OfficeMax has placed the seal directly next to the Checkout button on the shopping cart page. I presume this decision was to reassure shoppers about the safety of their purchases at a key abandonment point, which is moving from the cart to the checkout process.
Website Security Solutions allow companies and consumers to engage in communications and commerce online with trust and confidence. With more than one and a half million web servers using our SSL certificates, an infrastructure that processes more than four and a half billion certificate checks daily, and a trust mark that is seen more than half a billion times a day in 170 countries, the Norton Secured seal is the most recognized symbol of trust on the Internet.