Video Screencast Help
Website Security Solutions
Showing posts tagged with Extended Validation SSL
Showing posts in English
Tim Callan | 09 Sep 2008 | 0 comments

I mentioned that I recently gave a Web seminar with some lively questions at the end. I'll present some of the questions I received, with my responses. Because I received so darn many questions, I'll break this one into multiple postings.

Q: If EV is so far ahead of standard SSL (in terms of security/authentication), do you think the PCI industry will mandate EV in near future?

A: I certainly hope so. EV is a definite improvement to a consumer's ability to protect herself against credit card theft, and the PCI standard is all about reducing credit card theft. It's not only in the interest of the consumers but also in the interest of the issuing banks, who usually are the ones that wind up eating bad credit card debt.

Q: What is the cost of implementing EV?...

Tim Callan | 28 Aug 2008 | 0 comments

Another paper that's oft cited by those who want to discredit Extended Validation SSL was published soon after the release of EV SSL at the beginning of 2007 and is titled "An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks," authored by Stanford student Collin Jackson.

The Jackson paper is frequent link fodder, usually for bloggers who want to prove that Extended Validation SSL is not the considerable step forward in Web security that the community at large perceives it to be. Typically the link accompanies some broad statement like, "These certificates have been shown not to work." Indeed, if you read the paper's abstract, it appears to back up that claim,

Across all groups, we found that picture-in-picture attacks showing a fake...

Tim Callan | 26 Aug 2008 | 0 comments

We recorded a couple of good Web seminars recently on the subject of Extended Validation SSL. I had the privelege to give the first to over 500 security professionals. In addition to boiling the basic EV story down to a half hour, it also contains an excellent Q& A session.

The second was run by my compatriot Ryan White, and what's special about this seminar is it has a special guest visitor, Darren Shafae, vice-president of Proof-Reading.com. Darren offers the unique insights of an online business that has chosen to go with EV SSL.

Tim Callan | 25 Aug 2008 | 0 comments

Chinese megabank ICBC has deployed Extended Validation SSL. The Forbes Global 2000 lists this bank as the 42nd largest in the world and the largest in China. This deployment is noteworthy because it illustrates that EV SSL is a worldwide phenomenon and not just something for North America and Europe.

Tim Callan | 21 Aug 2008 | 0 comments

The Street picked up some tips I published for people to protect themselves online. That fact got me reading the article originally, but what I want to call your attention to today is the other half of the article, which details some interesting research implying that online banks commit an awful lot of errors that enable phishing against their customer bases. States the article,

The study found that of the 214 U.S. financial institution Web sites that were analyzed, 76% of them had at least one design flaw which could compromise your financial data.

Unlike many studies that focus on the vulnerabilities of the coding of the Web sites, where hackers may be able to gain access to information, this study focused on design flaws of the banks' sites that made it easier for users to be tricked...

Tim Callan | 14 Aug 2008 | 0 comments

We recently hit a very cool milestone, which is that over half the client systems in use today are capable of distinguishing between Extended Validation SSL Certificates and traditional certificates. In other words, the combined market share of IE7, IE8 (very small), Firefox 3, and Opera 9.5 adds up to in excess of 52% of browsers in use. What's especially cool about that is it's an increase of almost 3% in a single month, which is quite a growth trajectory.

People have been writing about this milestone, such as this blogger at DaniWeb. The blogger questions how well six or seven thousand online businesses compare to the millions of Web sites that are out there, and I think that's a question...

Tim Callan | 12 Aug 2008 | 2 comments

Sorry for the gap in blogging. We got a blogging software upgrade and it's been two solid weeks of technical problems. I've been traveling a lot, and in the few moments I did have to blog the console was unavailable.

I have lots of things to tell you, but let's make it an easy one this morning. Credit card giant Visa has added EV SSL to its site.

Tim Callan | 28 Jul 2008 | 0 comments

I have both a personal and a professional interest in the way Extended Validation SSL changes consumer behavior on the sites that use these new SSL Certificates. The personal interest is that since I sat on the CA/Browser Forum during EV's formative stage, I'd like to know if our efforts were successful. The professional interest is a little more obvious but very similar; since we offer these certificates at VeriSign it's very important to determine what effect they have on completed transactions on sites.

First we had the Tec-Ed research, which demonstrated that online shoppers have a natural understanding of the vocabulary of green bars and view EV SSL as a...

Tim Callan | 21 Jul 2008 | 0 comments

I've written in the past that Chase Paymentech has deployed EV SSL. Well, JPMC has now expanded its EV usage to include the J.P. Morgan site itself.

Tim Callan | 30 Jun 2008 | 0 comments

Readers of this SSL Blog will recall that there was a time when tracking the early adoption of Extended Validation SSL was one of this blog's main functions. As it has become more mainstream, I've left off mentioning deployment on individual sites unless they're very important.

Today I'm highlighting the fact that EV SSL is live on Aetna. This deployment is important because of Aetna's leadership position in...