Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts tagged with Code Signing
Showing posts in English
Tim Callan | 16 Feb 2011 | 0 comments

Yesterday Websense announced in a blog post that it had discovered malware on the BBC's 6 Music and 1Xtra radio streaming sites. That's the second such episode in six months, as the BBC Radio 3 site had a similar incident in September of 2010. These incidents illustrate the importance of the drive-by-download as a threat. The large number of sites and pages available to your browser user creates a huge attack surface to exploit. Even an organization like the BBC, which certainly has resources and expertise in the area of web development, can be hit. Our approach to solving the problem is proactive scanning for web site malware distribution...

Tim Callan | 12 Feb 2011 | 0 comments

I'm very pleased to announce the launch and strong start of a new, personal blog of mine called Tim Callan on Marketing and Technology. Tim Callan's SSL Blog has been and continues to be a great experience for me. At the same time I've noticed that I'm rejecting an increasingly large number of interesting topics about which I'd like to write because they fall outside the highly targeted focus of my SSL blog. I've created the marketing and technology blog to alleviate that problem. I still intend to keep the blog focused, so it's unlikely you'll see me talking about last Sunday's football game or my favorite new movies unless those topics are directly illustrative of a salient point about marketing or technology. We're...

Tim Callan | 09 Feb 2011 | 0 comments

About a month ago Sony made headlines at the Chaos Communication Congress in Berlin when a Playstation 3 jailbreak was revealed based on the use of stolen private keys for the PS3's code signing functionality. This incident illustrates the danger organizations face if their private keys are stolen. Similar incidents in the wild can result in the forced revocation of code signing certificates, which may cause existing deployments to stop working. To help organizations protect themselves from this possibility, Symantec has commissioned security writer/blogger Larry Seltzer to study...

Tim Callan | 03 Feb 2011 | 0 comments

We have a cool new online tool called the VeriSign Trust Assessment. The VeriSign Trust Assessment asks straightforward questions about the features and information on your web site that can help visitors establish trust in your site. After you fill it out, you'll receive a free assessment that shows you how your site's trust profile compares to others of the same type. Try it now.

Tim Callan | 26 Jan 2011 | 0 comments

The most recent SSL report from Netcraft surprised industry watchers by stating that it had seen a drop in GeoTrust SSL certificates. We ourselves were surprised to see that, considering that GeoTrust enrollments are growing and that active certificates are at an all-time high. We have been in touch with Netcraft analysts, and working together we discovered missing GeoTrust certificates on the order of 1% of the total count. This gap is due to a recent root rollover for which the Netcraft was not registering the new GeoTrust intermediate root as a Symantec SSL product. The number of missing certificates is right around 10,000, which is just the number by which GeoTrust appeared to drop. Netcraft has told us that these certificates will be counted under the correct CA for future reports. Despite the artificially low numbers, GeoTrust still dominated...

Tim Callan | 26 Jan 2011 | 0 comments

Today Facebook announced that it now supports always-on SSL as a user-configurable option. This announcement comes in the wake of recent attention to the possibility of using rogue hotspots to harvest sensitive information from e-mail or social media sites. The issue is that many of these sites use SSL to encrypt the login page, inhibiting the potential theft of logins and therefore accounts, but they fail to offer encyption for the subsequent content that you see when you're inside the site. That's problematic because a man-in-the-middle (MITM) can sit and harvest this information, information that then becomes the basis for a second tier of social engineering attacks. One clear way to become a man-in-the-middle is by operating a rogue hotspot and preying on those who use it to connect to their mail or social accounts. This practice garnered a lot of attention last year with the release of...

Tim Callan | 07 Jan 2011 | 0 comments

This week we had a pair of noteworthy items in the battle of GeoTrust vs. Go Daddy for the low-end SSL market. The first item is that the seventh Alexa-Netcraft index once again puts GeoTrust far ahead of Go Daddy in terms of actual SSL usage on the world's million most visited sites. GeoTrust has 40% more domains under its protection than Go Daddy does. This momentum is fueled by the increased attention the industry has been paying to the rivalry between GeoTrust and Go Daddy. Now the latest development in that rivalry is our new Go Daddy ad parody from GeoTrust, which already is...

Tim Callan | 16 Dec 2010 | 0 comments

As you know, Symantec acquired about half of the VeriSign business in August. That means there's still a significant going-forward concern called VeriSign incorporated, even while a large business (including me) has gone over to become part of Symantec.

As a part of that we've gone through a significant web refresh. The new site makes our association with Symantec clear and segregates the businesses owned by Symantec from the go-forward businesses that are VeriSign Inc. At the same time VeriSign Inc has launched its own independent site as well, complete with its own new brand look and feel.

Tim Callan | 15 Dec 2010 | 0 comments

Earlier this year we released a web site malware scanning capability as part of the VeriSign Trust Seal, using technology from our partner Armorize. By virtue of the large volume of VeriSign seals on web sites, Symantec's SSL business has quickly become the world's second largest web site malware scanning service (first is Google).

A few months ago our service was the starting point for identifying a major malware threat on Network Solutions...