Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts tagged with Code Signing
Showing posts in English
Tim Callan | 14 Jan 2010 | 0 comments

The 768-bit RSA algorithm has been factored. The team's paper states in part,

If we are optimistic, it may be possible to factor a 1024-bit RSA modulus within the next decade by means of an academic effort on the same limited scale as the effort presented here. From a practical security point of view this is not a big deal, given that standards recommend phasing out such moduli by the end of the year 2010.

In an unusual footnote (literally), the cryptographers included dialog from Quentin Tarantino film Inglourious Basterds among their reference sources.

This present accomplishment represents a cryptography milestone but not a practical threat to VeriSign's roots or systems...

Tim Callan | 12 Jan 2010 | 0 comments

Here's a well considered, thought provoking blog by a site operator about SSL errors and the pros and cons of Extended Validation SSL Certificates. Among other things the writer has looked at the top 100 online retailers according to Internet Retailer and given us a chart detailing how these sites use SSL.

Tim Callan | 14 Dec 2009 | 0 comments

An interesting paper recently came out in which the researchers measured the rate of removal of SSL Certificates with bad Debian keys from the Web. You may recall that in 2008 a security researcher discovered that Debian's random number generator was not in the slightest bit random and that as a result any key pair generated on the flawed operating system was not trustworthy.

VeriSign responded by modifying our systems to disallow any such comprimised CSR, searching our customer base for such keys, and informing all affected online businesses of the bad certificate so that they could replace it. We eliminated our replacement fee for affected certificates and proactively worked with...

Tim Callan | 01 Dec 2009 | 1 comment

Every year starting around Thanksgiving we see a lot of stories running about holiday shopping online. This article just appeared in Inc., and it discusses how online businesses can expect to be financially rewarded by employing premium security and making it highly visible to site visitors.

Tim Callan | 30 Nov 2009 | 2 comments

I'm pleased to point your attention to our newly revised Web site for Thawte. We put a lot of study into the information Thawte customers needed and how they wanted to move through a site. We've confident that this new site will offer a greatly upgraded experience to Thawte customers.

Tim Callan | 19 Nov 2009 | 0 comments

A couple of days ago we announced that Microsoft Azure will be using SSL and code signing certificates from VeriSign.

Tim Callan | 18 Nov 2009 | 1 comment

Mobile devices continue to grow in importance as a platform for doing real business online. You may recall that the iPhone broke the EV glass as the first popular mobile device to specifically call out EV SSL Certificates in the interface. This recent article explains how German bank Postbank is using EV on its iPhone specific site. A Postbank official says,

With the launch of the VeriSign EV SSL Certificates for iBanking on the iPhone, we're taking a huge step forward in our efforts to build trust and reassurance for this fast-growing segment of our customer base.

Tim Callan | 17 Nov 2009 | 2 comments

A researcher has published an exploit that uses the SSL renegotiation attack to compromise Twitter logins. That appears to run counter to earlier assessments that this exploit wasn't aimed at the accounts of individuals accessing sites. So what's going on here, you ask?

This attack does indeed follow the parameters of the attack as previously described. It attaches exploit code to the encrypted stream and indeed cannot decrypt the data going to and from the site. What the inserted exploit code does is take advantage of a vulnerability in Twitter's API that allows it to command Twitter to publish the credentials of the currently active account. And of course the currently active account by definition is the same as the one operated by...

Tim Callan | 11 Nov 2009 | 0 comments

Two articles recently came to my attention because I'm quoted in them. Ordinarily I wouldn't blog something for that reason alone, but each of these articles took a somewhat novel angle on the topic of security fears among site visitors and what businesses can do to alleviate them. Therefore I thought they were worth bringing to your attention.

Smart Computing covers alternative (aka non-credit-card) payment services and how they play into consumers' security fears and therefore shopping cart abandonment.

E-Commerce News breaks the issue down into three components: Educating consumers, developing...