Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts tagged with Extended Validation SSL
Showing posts in English
Tim Callan | 16 Jun 2008 | 0 comments

If you're reading an SSL Blog like this one, you probably already have heard that Firefox 3 is due for release tomorrow. What you may not have heard is that Opera 9.5 is released and available for download now. Adding these to Internet Explorer 7, in two days the industry has tripled the number of browsers compatible with EV SSL.

Tim Callan | 05 Jun 2008 | 0 comments

One thing I've been meaning to write about for a while now is NTT Data's deployment of EV SSL across 80 Japanese banks. Because of the relationship this ASP has with its customer banks, NTT Data can affect EV SSL deployment across this huge number of online banks simultaneously. The Japanese banking industry has been a strong user of EV SSL, including early deployment by leaders like SMBC and Sony Bank.

Tim Callan | 02 Jun 2008 | 0 comments

I recently wrote an entry in which I stated that EV SSL is a powerful mitigator against the classic phishing attack. I have received an e-mail asking me to explain how I know that to be the case. Happy to oblige.

If you were a reader of The SSL Blog a little over a year ago when VeriSign premiered the Extended Validation SSL Certificate, you know about the Tec-Ed research. For newer readers or in case we all don't exactly remember how it went, here's a recap.

Tim Callan | 19 May 2008 | 0 comments

In my posting from earlier today, I stated that three of the world's four largest businesses use EV SSL. Well, I'm wrong. You see, #2 on the Forbes list is GE. GE is the owner of GE Money Bank, a significant worldwide bank without a big footprint in the US. And of course, GE Money Bank has EV. So that makes it the world's four largest companies that protect their customers with EV SSL.

Here the inevitable bias of one's own home geography comes into play. I apologize to my neighbors in other parts of the world for forgetting about GE Money. It is a...

Tim Callan | 19 May 2008 | 0 comments

Bank of America, the world's third largest company has deployed EV SSL on its personal banking site. And you may have noticed that HSBC has done the same thing. That matters because HSBC is the largest company in the world according to Forbes. And JP Morgan Chase is the fourth largest, which is noteworthy considering that Chase also recently deployed EV. So, three of the four largest companies in the world are protecting their customers with...

Tim Callan | 07 May 2008 | 0 comments

Mozilla Corporation member Deb Richardson gives us this thorough tour of the new trust indicators in Firefox 3. Apparently Firefox will have a five-tiered color scheme, which goes (in decreasing order of trust):

Green - EV SSL Certificate. Complete idenity known, both domain and organization.
Blue - SSL Certificate. Partial identity know. Domain only.
Gray - no information.
Yellow - invalid certificate. Deb's example includes a self-signed certificate.
Red - phishing site.

The careful observer will notice that this scheme is very similar to (though not identical to) IE7's four-tier system of green, "clear" (white), yellow, and red. The...

Tim Callan | 23 Apr 2008 | 0 comments

SSL Blog readers are aware that HSBC has deployed EV SSL on its first direct site. Now this new press release details the bank's plans to roll out EV SSL to all its online banking customers.

Barry Jones, Senior Manager of Group IT Security at HSBC is quoted to say,

As e-criminals grow more sophisticated, financial services leaders like HSBC must always remain a step ahead to ensure the security and trust of our customers. Deploying VeriSign Extended Validation SSL...

Tim Callan | 18 Apr 2008 | 0 comments

PayPal CISO Michael Barrett, who stirred up a lot of talk recently by advising his customers not to use the Safari browser, has published a white paper on PayPal's comprehensive approach to combatting phishing.

This white paper discusses mutli-factor authentication credentials and contains a whole section on Extended Validation SSL. The paper defines unsafe browsers as "those browsers which do not have support for blocking phishing sites or for Extended Validation Certificates," and goes on to say, "In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles...

Tim Callan | 15 Apr 2008 | 0 comments

I'm here at Net.Finance in Scottsdale, Arizona. Yesterday I had my roundtable session, which had healthy attendance from business leaders in the banking and finance sectors. It was a rotating, two-hour session, so I found myself in a series of short conversations about Extended Validation SSL. There were a few questions which came up repeatedly. Since those appear to be of more general interest, I'll list some of them here with my reponses.