Video Screencast Help
Search Video Help Close Back
to help

Website Security Solutions

Showing posts tagged with SSL
Showing posts in English
Client Certificates vs. Server Certificates – What’s the Difference?
Jimmy Edge | 14 Jun 2013 | 0 comments

Mention PKI or ‘Client Certificates’ to many people and it may well conjure up images of businesses busily protecting and completing their customers’ online transactions, yet such certificates are to be found throughout our daily lives, in any number of flavours; when we sign into a VPN; use a bank card at an ATM, or a card to gain access to a building; within Oyster public transport smart cards, used in central London. These digital certificates are even to be found in petrol pumps, the robots on car assembly lines and even in our passports.

In Continental Europe and many so-called ‘emerging countries’, the use of client certificates  is particularly widespread, with governments issuing ID cards that have multiple uses, such as to pay local taxes, electricity bills and for drivers’ licenses. And the reason to see why is simple – client...

Read more
A solid foundation for public sector security.
Andy Horbury | 20 May 2013 | 0 comments

The public sector has a somewhat mixed record when it comes to staving off security breaches within its walls. In the UK, for example, the hugely embarrassing data losses at HMRC (Inland Revenue/Taxation services) – when the personal details of 25 million people were heavily compromised, due to what were described as "serious institutional deficiencies" – still linger in the mind a few years down the line.

On the plus side, the UK government has been heavily engaged in getting its own house in order, identifying information security as a key priority for 2013 and beyond. In recent months, new initiatives to address growing cyber security threats have been announced, with a cyber security ‘fusion cell’ established for cross-sector threat information sharing. The intention is to put government, industry and information security analysts side-by-side for the first time. The analysts will be joined by members of intelligence agencies,...

Read more
Five steps to search engine success. Search engine optimization matters
Andy Horbury | 18 Feb 2013 | 2 comments

 

Following on from our recent webinar on the theme of website optimisation we have developed a series of three blog posts. These are high level blogs and not intended to be all encompassing, but rather have been written to kick start thoughts on concepts such as analytics, website security and to start off with some thoughts on search engine optimisation.

Five steps to search engine success. Search engine optimization matters:

  • When researching branded products, 44% of online shoppers begin by using a search engine
  • Inbound marketing costs 61% less per lead than traditional, outbound marketing...
Read more
Navigating the global threat landscape for online businesses
Jimmy Edge | 14 Jan 2013 | 0 comments

Running an ecommerce site is a rewarding business. There are almost 2.5 billion people online, and the global consumer ecommerce market is worth around $1 trillion, which is nothing to be sneezed at.

But that opportunity also attracts criminals, which is why running any public-facing website is highly risky. The cost of cybercrime runs into the hundreds of billions each year, and in 2011, 403 million unique variants of malware were discovered, according to Symantec's Internet Security Threat Report.

That's not just stolen money we're talking about – you also need to factor in compensation payments, the time and manpower it takes to clean up after a successful attack, and the massive impact that systems breaches...

Read more
Microsoft goes Always On with EV for Outlook.com
FranRosch | 18 Dec 2012 | 0 comments

On Tuesday, Microsoft announced that they have just upgraded their entire Outlook.com mail environment to an Always On SSL experience, protected by Extended Validation (EV).  This means that all of the user’s data is protected via 2048-bit encryption - not just the log on page - on Outlook.com, as well as Hotmail, and Live.

This is a big deal. Always-On SSL is the most recommended way for any kind of social media to be enabled for user security.  When a site is completely hosted over HTTPS, the user is much better protected from attacks and surveillance.  For example, on sites without Always On SSL, although the logon would be encrypted, if the subsequent pages are not protected by HTTPS the cookie with the login credentials could be intercepted and used for malicious purposes.

The dangers of...

Read more
2013 Predictions for SSL
Rick Andrews | 18 Dec 2012 | 1 comment

It doesn’t take a crystal ball to predict that 2013 will press the limits of the mobile infrastructure.  The sales of smart phones and tablets are through the roof, and apps are being written at a fast pace. This is a boon for many, bringing the internet and cloud applications to the hands of users all over the world, who may not own a computer or have ISP service, but do own a phone.

In the race to be part of the mobile rush however, fast app development is often more valued than a well thought out and secure application.  As a result, SSL/TLS app failures can result in broken, disabled or nonexistent validation behind the scenes of mobile applications.  SSL is the backbone technology for secure connections between the app and the cloud, but without proper certificate handling by the developers it’s still vulnerable to attacks by outsiders. This core vulnerability presents a real danger, and it’s imperative that the app developer learn how...

Read more
How Websites Deal with Rejection
Jeannie Warner | 18 Dec 2012 | 0 comments

An SSL/TLS Certificate, which website visitors see by the HTTPS:// prefix in the address bar of your browser lets you know that the site you are visiting has been authenticated, and any information you share with that site is encrypted. Knowing that a site is legitimate and secure is especially important with holiday shopping season upon us, where scam sites spring up like snowmen only to melt away with your money.

Symantec takes its responsibility as a certificate authority seriously. It is very important that we do not issue SSL certificates to questionable organizations. Any website with a Symantec SSL certificate has gone through strict authentication practices and procedures. There are also some very firm processes for revoking certificates, or not renewing certificates if there is an issue with an organization. In fact, on average 6-8% of requests for new certificates and renewals are declined. That means Symantec denies tens of thousands of requests every year, as...

Read more
SSL FLAWS LEAVE ANDROID APPS VULNERABLE
Brian Wall | 18 Dec 2012 | 5 comments

Apps it seems are everywhere now, and they continue to spread like wildfire. It’s a ‘technology on the go’ world we inhabit, where we are using apps for everything from social media, banking, gaming, making payments and a host of other things, at any time or day of the week. The convenience afforded by smart phones and other mobile devices have fast become the platform for serious business and consumer alike.

Global mobile app store downloads are forecast to surpass 45.6 billion in 2012, with free downloads accounting for 40.1 billion (89%) and paid-for downloads totalling 5 billion, according to research analysts Gartner.

So it’s alarming to hear that some Android developers are failing abysmally when it comes to...

Read more
Protecting the Internet Trust Model
FranRosch | 18 Dec 2012 | 0 comments

With National Cyber Security Month right around the corner, I  wanted to take this chance to discuss Symantec’s point of view about the current state of the Certificate Authority (CA) industry.

After a year riddled with highly publicized CA security breaches that threatened to undermine confidence in the entire system the message is clear:  In order to build public confidence and protect the trust model that the Internet relies on every single day (over 4.5 million sites!), the CA industry must pull together and focus on improving its operations and practices while adapting to a constantly evolving technological environment. 

One way we do this is by actively supporting organizations such as the CAB Forum and the Online Trust Alliance (OTA).  Coming up shortly is the Online Trust Forum in San Jose, CA on Oct 2-4.  To learn more, visit: ...

Read more
Physical Security Makes Web Security Possible
FranRosch | 18 Dec 2012 | 0 comments

Trust on the internet isn't just a catch phrase. It's a concern that engenders policies that extend from the virtual world of security products and integration all the way down into process and physical reinforcement. It is also a daily practice at Symantec, where we back up our mission statements with concrete, measured practices. We built our datacenter facilities with a defense in depth approach, and believe in practicing what we preach regarding the standards a CA should adhere to. My leadership team demands that our infrastructure supports our strategy to be the best.

We gave the folks at CNet a tour of our Operations facility where we process SSL Certificates, and showed them our model of what makes a secure facility. We are constantly investing in improvement, keeping up with the latest trends in physical security as a vital link to supporting our virtual security. Recently, CNet published the following article about what they saw on that tour:

...

Read more