Video Screencast Help
Website Security Solutions
Showing posts tagged with SSL Certificates
Showing posts in English
Tim Callan | 17 Aug 2010 | 0 comments

A recent New York Times article discusses the concerns held by online civil rights groups that oppressive governments around the world might work with certificate authorities (CAs) through either coercion or willing partnership to compromise the integrity of private and/or corporate online communications.

The article points out that proliferation of CAs around the world means that the world's browser and device vendors have given the tremendous responsibility of issuing certificates to a very broad variety of organizations. Given that the conduct of these CAs is not policed to any effective degree, unscrupulous CAs could easily allow governments to decrypt communications, use compromised information for a variety of political purposes and not face any retribution.

Such concerns highlight the need for individuals and organizations to look to longstanding...

Tim Callan | 06 Aug 2010 | 0 comments

I just confirmed that I'll be a speaker at the Online Trust and Cybersecurity Forum in Washington D.C. on September 22 to 24, brought to us by the Online Trust Alliance. It's a good lineup, and I'm looking forward to it.

Tim Callan | 04 Aug 2010 | 0 comments

Last month I wrote about the Alexa-Netcraft Index, which tracks usage of SSL Certificates among the million most visited sites. The newest Alexa-Netcraft index is out, and once again GeoTrust is in the lead by a long shot, with almost 40% more domains using GeoTrust SSL Certificates than those from Go Daddy.

Tim Callan | 31 Jul 2010 | 1 comment

Here's some weekend fun for loyal SSL Blog readers.

Back before VeriSign launched the award-winning Cart Whisperer viral campaign, we were toying with various ideas. We always intended the anchor of the campaign to be a highly entertaining, breakthrough video that called attention to the social evil that is abandoned shopping carts. As with the final treatment, the video would direct viewers to the No More Abandoned Carts site. At one point I personally scripted a candidate concept before one of our writers eventually provided the script that went on to be viewed more than five million times.

I recently discovered my script, reread it, and decided that I still...

Tim Callan | 30 Jul 2010 | 4 comments

From an SSL perspective it was a quiet Black Hat this year. There were two presentations focused on SSL (plus one at DefCon which I didn't have the opportunity to attend).

The earlier of the two presentations came from Ivan Ristic of SSL Labs. Ivan presented the results of his large scale crawl of domains, searching for SSL Certificates and in particular checking the implementation of these certificates. The good news is that the vast bulk of installed certificates appear to be well configured in Ivan's view, but he did find significant numbers of certificates containing one or more of what he considers to...

Tim Callan | 27 Jul 2010 | 0 comments

So VeriSign's authentication business is slated for acquisition by Symantec. One question I've felt motivated to look into is what that means to Tim Callan's SSL Blog. While I don't have all the answers and won't/can't until the deal closes, I do have some early impressions.

For starters, Symantec does run a set of blogs. The ones I browsed appeared to be group blogs. I've never been a group blogger and have managed to run my blog just fine by myself (despite famously being dissed by Network World), so I hope I can keep running my own blog. But I suppose if I have to open up to a group blogging, then I can live with that.


Tim Callan | 26 Jul 2010 | 0 comments

Just a few days ago VeriSign announced new expanded functionality for the VeriSign seal and VeriSign SSL Certificates. The press has shown keen interest in this story, as exemplified by the stories that have appeared in these sources:

Tim Callan | 21 Jul 2010 | 0 comments

Within the past week or so we have seen a pair of malicious worms used that employ what appear to be stolen VeriSign Code Signing certificates. We became aware of both these attacks when they were reported in the press, and both of the certificates involved are revoked. Each certificate holder was fully cooperative and understanding about the need to revoke the certificates in question. We're looking at potential methods of predicting certificates that may be compromised and therefore used in subsequent attacks and then encouraging preemptive replacement by the holders of those certificates. Microsoft has issued an advisory on the Windows flaw and states it's working on a fix.

Here's a summary of the...

Tim Callan | 20 Jul 2010 | 0 comments

We made a big announcement today. We've added significant functionality to VeriSign SSL Certificates. VeriSign SSL users will be able to take advantage of our web site malware scanning and Seal-in-Search capabilities, just as users of the standalone VeriSign Trust Seal can.