Video Screencast Help
Website Security Solutions
Showing posts tagged with Code Signing
Showing posts in English
Tim Callan | 01 Jul 2010 | 1 comment

One of the features we offer with VeriSign SSL Certificates is what we call Seal-in-Search. Simply explained, VeriSign has forged relationships with outside parties that in some way interact with consumers as they're finding the sites to visit or do business with. Each of these parties displays a version of the VeriSign seal in its interface next to its listings for the sites that are secured with VeriSign SSL Certificates and/or the VeriSign Trust Seal.

Today we have high profile relationships in two categories. The first is comparison shopping sites. VeriSign seals display alongside their sites in TheFind and...

Tim Callan | 23 Jun 2010 | 0 comments

Here is a detailed story from Steve Ragan at The Tech Herald with detail and commentary on yesterday's accusatory press release from Comodo.

Tim Callan | 22 Jun 2010 | 11 comments

Today we saw some news stories about supposed vulnerabilities in VeriSign's enterprise SSL Certificate requesting process. These stories are based on a press release and outside press briefings from Comodo claiming to have found a "major security vulnerability" in VeriSign's SSL offering. These stories are incorrect. I have written this FAQ to clear up the misinformation that's floating around right now.

Q. Are there actually major security vulnerabilities in VeriSign SSL products that were revealed to the public by Comodo today?
A. No.

Q. What are the claimed vulnerabilities that Comodo announced?
A. Many large enterprises use a workflow whereby individuals within the organization can request SSL Certificates for the projects they're working on. Requests from these pages go to administrators, who then evaluate whether or not to issue the certificates. Comodo...

Tim Callan | 18 Jun 2010 | 3 comments

Since the recent announcement of Symantec's intention to acquire the VeriSign Authentication business, we've caught wind of some odd and unsubstantiated rumors. I'd like to take this occasion to clear up a few of the wilder ones.

Rumor: After the acquisition there will be no more VeriSign SSL Certificates issued.
Reply: Does anybody really believe that? Would Symantec pay $1.3 billion for a business in order to immediately and unceremoniously shut it down? Seems mighty unlikely to me. And yes, Symantec will have the right to continue doing business on legacy VeriSign products for some years so that we can achieve a smooth transition.

Rumor: The familiar check mark will disappear from...

Tim Callan | 10 Jun 2010 | 0 comments

It's been a while since we had SSL poetry.

Moving west quite a bit from Japan and its haiku all the way to the land of Eire, we have the limerick. In this case an EV SSL limerick, of course.

There once was a man from IT,
Whose customers often would flee,
for their safety concerned.
So his company earned
their trust by deploying EV.

Tim Callan | 09 Jun 2010 | 1 comment

Hi folks,

Sorry for the blogging delay. I was on vacation and also rather busy with the announced acquisition of VeriSign's SSL business by Symantec.

Anyway, in a recent post about increased attention to sensitive information offered outside SSL protection, I referenced Google's announced intention to offer SSL on Gmail content. Apparently Google has bigger plans in mind than just that, as exemplified by last week's decision to offer Google search under SSL as well. Google isn't the first engine to offer SSL-protected search, but with its hugely dominant market share, Google has much greater potential...

Tim Callan | 19 May 2010 | 5 comments

In case you haven't been paying attention, today VeriSign and Symantec each announced that Symantec will acquire VeriSign's Authentication business, including SSL, PKI, and VIP. Here is VeriSign's press release. Here is Symantec's.

Tim Callan | 17 May 2010 | 0 comments

You may recall that about a month ago I wrote about technology blogger Nasko and his experiment with SSL roots. My blog focused a lot of Nasko's crawl, but the punctuation mark on this entry was that Nasko was uninstalling all the trusted roots in his browser to see which ones he really needed. Now, 30 days later, the results are in.

You can look down the whole thing for yourself, but the CAs of the first four roots he encountered go as follows:

  1. GeoTrust
  2. VeriSign
  3. VeriSign
  4. GeoTrust
Tim Callan | 16 May 2010 | 2 comments

That's it. You can now enjoy the added protection of Extended Validation SSL on Twitter. 'Nuff said.

Tim Callan | 11 May 2010 | 2 comments

I recently wrote about the Online Trust Alliance (OTA) and its recent report card showing poor performance in trustworthy practices among the nation's leading onilne businesses. That news calls to mind an incident of about a month ago, when the FTC's departing commissioner called on popular online services such as Hotmail, Yahoo, Flickr, Facebook, MySpace, and financial providers to protect 100% of their service with SSL, and not just login pages as is the common practice today. In her speech commissioner Pamela Jones Harbour stated,

Encryption technology is already built into every popular web browser, but here is an unpleasant truth. Many...