Video Screencast Help
Search Video Help Close Back
to help

Website Security Solutions

Showing posts tagged with Code Signing
Showing posts in English
A best practice in consumer security education
Tim Callan | 18 Dec 2012 | 0 comments

I recently discovered the fantastic work PNC has done on its site to educate its users about secure online banking and use of financial services. This area of the site includes not just the standard basic advice but goes into truly deep content such as real examples of phishing e-mails, a place for customers to report fraud, and a detailed description of what green address bars (and other colors) mean on a site. Every site that...

Read more
RSA 768 cracked
Tim Callan | 18 Dec 2012 | 0 comments

The 768-bit RSA algorithm has been factored. The team's paper states in part,

If we are optimistic, it may be possible to factor a 1024-bit RSA modulus within the next decade by means of an academic effort on the same limited scale as the effort presented here. From a practical security point of view this is not a big deal, given that standards recommend phasing out such moduli by the end of the year 2010.

In an unusual footnote (literally), the cryptographers included dialog from Quentin Tarantino film Inglourious Basterds among their reference sources.

This present accomplishment represents a cryptography milestone but not a practical threat to VeriSign's roots or systems. We're confident that our present root...

Read more
One site's views on SSL usage
Tim Callan | 18 Dec 2012 | 0 comments

Here's a well considered, thought provoking blog by a site operator about SSL errors and the pros and cons of Extended Validation SSL Certificates. Among other things the writer has looked at the top 100 online retailers according to Internet Retailer and given us a chart detailing how these sites use SSL.

Read more
Research on Debian certificate updating
Tim Callan | 18 Dec 2012 | 0 comments

An interesting paper recently came out in which the researchers measured the rate of removal of SSL Certificates with bad Debian keys from the Web. You may recall that in 2008 a security researcher discovered that Debian's random number generator was not in the slightest bit random and that as a result any key pair generated on the flawed operating system was not trustworthy.

VeriSign responded by modifying our systems to disallow any such comprimised CSR, searching our customer base for such keys, and informing all affected online businesses of the bad certificate so that they could replace it. We eliminated our replacement fee for affected certificates and proactively worked with their owners to remove those certificates...

Read more
Holiday shopping stories are running
Tim Callan | 18 Dec 2012 | 1 comment

Every year starting around Thanksgiving we see a lot of stories running about holiday shopping online. This article just appeared in Inc., and it discusses how online businesses can expect to be financially rewarded by employing premium security and making it highly visible to site visitors.

Read more
New and improved Thawte Web site unveiled
Tim Callan | 18 Dec 2012 | 2 comments

I'm pleased to point your attention to our newly revised Web site for Thawte. We put a lot of study into the information Thawte customers needed and how they wanted to move through a site. We've confident that this new site will offer a greatly upgraded experience to Thawte customers.

Read more
VeriSign certificates secure Microsoft Azure
Tim Callan | 18 Dec 2012 | 0 comments

A couple of days ago we announced that Microsoft Azure will be using SSL and code signing certificates from VeriSign.

Read more
EV importance increasing on mobile
Tim Callan | 18 Dec 2012 | 1 comment

Mobile devices continue to grow in importance as a platform for doing real business online. You may recall that the iPhone broke the EV glass as the first popular mobile device to specifically call out EV SSL Certificates in the interface. This recent article explains how German bank Postbank is using EV on its iPhone specific site. A Postbank official says,

With the launch of the VeriSign EV SSL Certificates for iBanking on the iPhone, we're taking a huge step forward in our efforts to build trust and reassurance for this fast-growing segment of our customer base.

Read more
More on the SSL renegotiation attack
Tim Callan | 18 Dec 2012 | 2 comments

A researcher has published an exploit that uses the SSL renegotiation attack to compromise Twitter logins. That appears to run counter to earlier assessments that this exploit wasn't aimed at the accounts of individuals accessing sites. So what's going on here, you ask?

This attack does indeed follow the parameters of the attack as previously described. It attaches exploit code to the encrypted stream and indeed cannot decrypt the data going to and from the site. What the inserted exploit code does is take advantage of a vulnerability in Twitter's API that allows it to command Twitter to publish the credentials of the currently active account. And of course the currently active account by definition is the same as the one operated by the site visitor who owns this...

Read more
A couple of recent articles with a different take on online security and consumer confidence
Tim Callan | 18 Dec 2012 | 0 comments

Two articles recently came to my attention because I'm quoted in them. Ordinarily I wouldn't blog something for that reason alone, but each of these articles took a somewhat novel angle on the topic of security fears among site visitors and what businesses can do to alleviate them. Therefore I thought they were worth bringing to your attention.

Smart Computing covers alternative (aka non-credit-card) payment services and how they play into consumers' security fears and therefore shopping cart abandonment.

E-Commerce News breaks the issue down into three components: Educating consumers, developing trust, and marketing security...

Read more