Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts tagged with SSL
Showing posts in English
Andy Horbury | 18 Jul 2013 | 0 comments

14717-Symantec-WSTR-header-660x200.jpg

We recently published Symantec’s Website Security Threat Report which contains a huge amount of information on the security threat landscape. In this series of blog posts we will focus on topics such as the re-emergence of phishing, the rise of malware and what you need to be aware of to keep your work and personal life secure.

Starting with Phishing…Over the past few years there has been a slight change to the type of phishing attacks we’ve seen. As sites such as Facebook and Twitter have grown in popularity, they have drawn the attention of the cybercriminal fraternity and we’ve seen a significant increase in spam and phishing...

Brook R. Chelmo | 16 Jul 2013 | 0 comments

In the sales world when we look at the sales cycle we tend to see everything as a funnel.  It has a wide open mouth at the top with narrower pipe at the end representing our sales.  As a business leader you look at each portion of the sales process to evaluate your success at each point to maximize the effectiveness of your marketing efforts.  Customer conversion rates are highly important.  Abandoned shopping carts are worrisome.  The checkout process for online retail sales is critical.  So how can you use security technology to drive customer conversion?  How can you widen the portion of the sales “funnel” at the checkout process and drive more sales?

At Symantec we have two very strong options you can leverage.

  1. Leverage the power of the Norton Secured Seal, the most trusted seal on the web.  Take a look at this interesting...
Brook R. Chelmo | 28 Jun 2013 | 0 comments

Migrating certificates during a major key size migration can be difficult at best. I’m going to give you some background, share a great video we have produced, as well as share seven steps to aid in this migration.

Background - Key Sizes Change with Time

Since the RSA algorithm was first publically described in 1977 by Ron Rivest, Adi Shamir, and Len Adleman, 17 key sizes have been factored (hacked).  So far the highest key size that was factored was RSA 768-bit in 2009.  As cloud computing grows so does the threat that RSA 1024-bit will be factored as well. 

Industry Response – Bring 1024-bit Certificate to End-of-Life

In order to be proactive, Certification Authorities (CAs) have been tasked to bring these certificates to end-of-life by the end of 2013.  An end date of December 31, 2013 was listed by...

Brook R. Chelmo | 21 Jun 2013 | 0 comments

Imaging installing a new deadbolt on your backdoor and after all the measuring, drilling, sizing, and installation you stand back to admire your work only to notice the lock was installed backwards.   The device implemented to keep people out will now let them in.  As noted by several university researchers, including Dan Boneh of Stanford University at RSA13, this is the same issue developers are facing when they poorly implement SSL/TLS security within their mobile applications.  The flaw is not in the security technology but in its implementation.

It is natural to assume that I don’t need to sell you on the fact that you need to have all aspects of your information security program in line without any loop holes.  Implementing SSL within non-browser apps has been laid out to make it clear and easy for any user or developer within this white paper.  A...

Jimmy Edge | 14 Jun 2013 | 0 comments

Mention PKI or ‘Client Certificates’ to many people and it may well conjure up images of businesses busily protecting and completing their customers’ online transactions, yet such certificates are to be found throughout our daily lives, in any number of flavours; when we sign into a VPN; use a bank card at an ATM, or a card to gain access to a building; within Oyster public transport smart cards, used in central London. These digital certificates are even to be found in petrol pumps, the robots on car assembly lines and even in our passports.

In Continental Europe and many so-called ‘emerging countries’, the use of client certificates  is particularly widespread, with governments issuing ID cards that have multiple uses, such as to pay local taxes, electricity bills and for drivers’ licenses. And the reason to see why is simple – client...

Andy Horbury | 20 May 2013 | 0 comments

The public sector has a somewhat mixed record when it comes to staving off security breaches within its walls. In the UK, for example, the hugely embarrassing data losses at HMRC (Inland Revenue/Taxation services) – when the personal details of 25 million people were heavily compromised, due to what were described as "serious institutional deficiencies" – still linger in the mind a few years down the line.

On the plus side, the UK government has been heavily engaged in getting its own house in order, identifying information security as a key priority for 2013 and beyond. In recent months, new initiatives to address growing cyber security threats have been announced, with a cyber security ‘fusion cell’ established for cross-sector threat information sharing. The intention is to put government, industry and information security analysts side-by-side for the first time. The analysts will be joined by members of intelligence agencies,...

Andy Horbury | 12 Feb 2013 | 4 comments

 

Following on from our recent webinar on the theme of website optimisation we have developed a series of three blog posts. These are high level blogs and not intended to be all encompassing, but rather have been written to kick start thoughts on concepts such as analytics, website security and to start off with some thoughts on search engine optimisation.

Five steps to search engine success. Search engine optimization matters:

Brook R. Chelmo | 28 Jan 2013 | 0 comments

Imagine you are looking for a new home and after a considerable amount of research and time you find the perfect place for your budget.  As you settle in and begin to meet with your new neighbors you discover an alarming trend.  Within the past 6 months about one in eight of the homes in the neighborhood experienced a major security issue such as armed break ins, cat burglars snatching information, or someone redirecting their mail to a foreign address.  You wonder if these people are unlucky or have you moved into a bad neighborhood.  When you share your findings with a friend they respond with "I'm sure you're fine!  Just check the locks on the doors every 6 months."

You may find this illustration laughable but it reflects how some IT managers respond to their web security. 

Recently IDG Connect, the world’s largest...

Jimmy Edge | 11 Jan 2013 | 0 comments

Running an ecommerce site is a rewarding business. There are almost 2.5 billion people online, and the global consumer ecommerce market is worth around $1 trillion, which is nothing to be sneezed at.

But that opportunity also attracts criminals, which is why running any public-facing website is highly risky. The cost of cybercrime runs into the hundreds of billions each year, and in 2011, 403 million unique variants of malware were discovered, according to Symantec's Internet Security Threat Report.

That's not just stolen money we're talking about – you also need to factor in compensation payments, the time and manpower it takes to clean up after a successful attack, and the massive...

FranRosch | 12 Dec 2012 | 0 comments

On Tuesday, Microsoft announced that they have just upgraded their entire Outlook.com mail environment to an Always On SSL experience, protected by Extended Validation (EV).  This means that all of the user’s data is protected via 2048-bit encryption - not just the log on page - on Outlook.com, as well as Hotmail, and Live.

This is a big deal. Always-On SSL is the most recommended way for any kind of social media to be enabled for user security.  When a site is completely hosted over HTTPS, the user is much better protected from attacks and surveillance.  For example, on sites without Always On SSL, although the logon would be encrypted, if the subsequent pages are not protected by HTTPS the cookie with the login credentials could be intercepted and used for malicious purposes.

...