Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Website Security Solutions
Showing posts tagged with Code Signing
Showing posts in English
Tim Callan | 06 Aug 2010 | 0 comments

I just confirmed that I'll be a speaker at the Online Trust and Cybersecurity Forum in Washington D.C. on September 22 to 24, brought to us by the Online Trust Alliance. It's a good lineup, and I'm looking forward to it.

Tim Callan | 04 Aug 2010 | 0 comments

Last month I wrote about the Alexa-Netcraft Index, which tracks usage of SSL Certificates among the million most visited sites. The newest Alexa-Netcraft index is out, and once again GeoTrust is in the lead by a long shot, with almost 40% more domains using GeoTrust SSL Certificates than those from Go Daddy.

Tim Callan | 31 Jul 2010 | 1 comment

Here's some weekend fun for loyal SSL Blog readers.

Back before VeriSign launched the award-winning Cart Whisperer viral campaign, we were toying with various ideas. We always intended the anchor of the campaign to be a highly entertaining, breakthrough video that called attention to the social evil that is abandoned shopping carts. As with the final treatment, the video would direct viewers to the No More Abandoned Carts site. At one point I personally scripted a candidate concept before one of our writers eventually provided the script that went on to be viewed more than five million times.

I recently discovered my script, reread it, and decided that I still...

Tim Callan | 30 Jul 2010 | 4 comments

From an SSL perspective it was a quiet Black Hat this year. There were two presentations focused on SSL (plus one at DefCon which I didn't have the opportunity to attend).

The earlier of the two presentations came from Ivan Ristic of SSL Labs. Ivan presented the results of his large scale crawl of domains, searching for SSL Certificates and in particular checking the implementation of these certificates. The good news is that the vast bulk of installed certificates appear to be well configured in Ivan's view, but he did find significant numbers of certificates containing one or more of what he considers to...

Tim Callan | 27 Jul 2010 | 0 comments

So VeriSign's authentication business is slated for acquisition by Symantec. One question I've felt motivated to look into is what that means to Tim Callan's SSL Blog. While I don't have all the answers and won't/can't until the deal closes, I do have some early impressions.

For starters, Symantec does run a set of blogs. The ones I browsed appeared to be group blogs. I've never been a group blogger and have managed to run my blog just fine by myself (despite famously being dissed by Network World), so I hope I can keep running my own blog. But I suppose if I have to open up to a group blogging, then I can live with that.

Another...

Tim Callan | 26 Jul 2010 | 0 comments

Just a few days ago VeriSign announced new expanded functionality for the VeriSign seal and VeriSign SSL Certificates. The press has shown keen interest in this story, as exemplified by the stories that have appeared in these sources:

Tim Callan | 21 Jul 2010 | 0 comments

Within the past week or so we have seen a pair of malicious worms used that employ what appear to be stolen VeriSign Code Signing certificates. We became aware of both these attacks when they were reported in the press, and both of the certificates involved are revoked. Each certificate holder was fully cooperative and understanding about the need to revoke the certificates in question. We're looking at potential methods of predicting certificates that may be compromised and therefore used in subsequent attacks and then encouraging preemptive replacement by the holders of those certificates. Microsoft has issued an advisory on the Windows flaw and states it's working on a fix.

Here's a summary of the...

Tim Callan | 20 Jul 2010 | 0 comments

We made a big announcement today. We've added significant functionality to VeriSign SSL Certificates. VeriSign SSL users will be able to take advantage of our web site malware scanning and Seal-in-Search capabilities, just as users of the standalone VeriSign Trust Seal can.

Tim Callan | 09 Jul 2010 | 0 comments

VeriSign recently got back the results of some extremely interesting research. We commissioned a third party to compare the Netcraft SSL list to the Alexa 1 Million, which is Alexa's list of the one million most visited domains in the world. This research compared the number of domains using various brands of SSL and determined that GeoTrust is chosen by more of the world's million largest domains than any other SSL brand.

I recently wrote about the quick and dirty look that security blogger Nasko did at certificate market share while...

Tim Callan | 05 Jul 2010 | 0 comments

Greetings from down under. I'm here to give a presentation at the Online Retailer conference and expo, which is Australia's largest trade show focused on the online retail segment. My focus is web site malware distribution and the drive-by download. This sophisticated new attack blends several techniques to deliver malware using honest, legitimate online businesses as its distribution channel.

Here's how it works.

It all starts with malware. Malware is short for malicious software, and the moniker stands for any piece of software that you might find installed in your system without your knowledge and consent and that is there to promote an hidden agenda on behalf of the party that controls that malware, even if it hurts you in the process. The two most common forms of malware are the keylogger and the botnet. Keyloggers are pieces of spy software that record everything you do...