Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts tagged with SSL
Showing posts in English
Teresa Wingfield | 30 Apr 2012 | 0 comments

If you are using self-signed SSL certificates for internal sites such as corporate email servers, human resource portals, wikis, software development sandboxes, etc. you’re probably doing so because you think you’re saving your company a ton of money by not purchasing certificates from a third-party Certificate Authority.  But, for a number of reasons, this probably isn’t true. 

Self-signed certificates cost more than most  implementers realize because the total cost of ownership (TCO) of an SSL certificate is far more than just the price of the certificate. From security hardware, to management software, to data center space and more, the costs of establishing a secure self-signing architecture can quickly add up.  And, a do-it-yourself approach to SSL security may put an organization at risk for costly security breaches and lost trust.

“The Hidden Costs of Self-Signed SSL Certificates” is a new white paper that...

FranRosch | 21 Feb 2012 | 0 comments

We are excited about hosting the CA/Browser Forum meeting this week in Mountain View and have a great set of attendees from the leading browser vendors and Certificate Authorities as well as several other interested third parties.  At Symantec, we believe that the CA/B Forum efforts to improve the SSL ecosystem have become even more important given the breaches and attacks over the past year.  The agenda this week is packed with some important topics including:

  1. Standards for improving the security related to CA operations
  2. Intellectual Property Sharing Policy
  3. Discussion on how we can evolve the CA/B Forum decision making process and how we can include the feedback from external third parties including Relying Parties
  4. Higher Authenticated Code Signing Certificates
  5. Certificate invalidation methods

One other topic sure to be discussed is the role of Domain...

FranRosch | 19 Feb 2012 | 0 comments

By now, everyone is aware of the story published in the New York Times earlier this week by John Markoff.   The team of researchers led by Arjan Lenstra scanned 7.1 million 1024-bit public facing RSA keys, and came to the conclusion that an estimated 0.2 percent of all RSA keys in the wild are duplicate keys, and many more may share a common prime factor. Lentra's research paper stated the following:  
 
“We performed a sanity check of public keys collected on the web. Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that the vast majority of public keys work as intended. A more...

FranRosch | 02 Feb 2012 | 3 comments

News broke recently that Verisign, Inc. reported in their quarterly SEC filings that they had been victims of a security breach in 2010. At this time, Verisign, Inc. has only confirmed that the incident did not impact their DNS business. 

Just as Verisign, Inc. stated that there was no impact to their production environment, I stand behind the following statement that Symantec made in response to media questions regarding the 2010 Verisign, Inc. security breach:

Symantec takes the security and proper functionality of its solutions very seriously.Trust Services (SSL), User Authentication (VIP, PKI, FDS), and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the Verisign, Inc. quarterly filing.

Unfortunately, many people are associating the breach at...

Michael Lin | 06 Dec 2011 | 1 comment

While presenting at the HostingCon earlier this year, some particular figures in my slide deck jumped out at me: 1) Corporations are seeing their information double every two years; and 2) Each day, 600 million emails are sent containing unencrypted confidential data. Those are staggering figures on their own. Put them together, and the need to protect sensitive data online becomes glaringly obvious.

The booming popularity of Secure Sockets Layer (SSL) Certificates and Extended Validation SSL (EV SSL) Certificates reflects the recognition that people and organizations must protect themselves from worsening malware, data breaches and other IT security threats. By validating user and...

FranRosch | 26 Oct 2011 | 3 comments

There is a distributed denial of service (DDOS) attack making news this week called THC-SSL-DOS, and it’s stirring up some discussion about the renegotiation feature of SSL. Some are saying this is a flaw in SSL. It is not. SSL renegotiation is a feature; not a flaw to be fixed. The attack is primarily another DDOS attack.

A better user experience

Renegotiation is a feature that makes it possible to adjust the parameters of an SSL handshake without requiring an entirely new SSL session. This allows for an improved user experience, a must have for most Ecommerce, media, cloud providers, and SaaS sites.

Here is just one example: a web user visits a web site that is SSL encrypted. After spending some time shopping on that site anonymously the user decides to purchase or log in. Renegotiation will allow the SSL connection with that site to adjust to authenticate the user without requiring a break in the user experience. This way, all the...

FranRosch | 18 Oct 2011 | 0 comments

Some of the files associated with the new W32.Duqu threat were signed with a private key. After intense investigation we concluded that the private key used for signing these Duqu files was stolen from a Symantec customer whose systems appear to have been compromised. The private key was associated with a code signing certificate issued to that customer.

A Stolen Key

We take this very seriously and quickly revoked the customer code signing certificate in question. We have found no evidence of any breach to our systems and our records show that the code signing certificate was issued only after completing our rigorous customer authentication process. Our systems, roots and intermediate CAs were never at risk.

Running the world’s largest commercial cyber-intelligence network, Symantec is constantly monitoring the internet and customer environments in search of...

AllenKelly | 06 Oct 2011 | 0 comments

As you may already know, VeriSign Authentication Services became part of Symantec in August of 2010. Since then, we’ve continued to invest in and enhance your SSL Certificates—adding more value and providing even more protection for your business—while still giving online customers the greatest confidence that your website is secure. Since we became part of Symantec we’ve delivered:

  • Express Renewal and AutoRedeem/AutoPay Renewal Services Learn more

  • Vulnerability Assessment Learn more

  • Symantec Certificate Intelligence Center...

FranRosch | 13 Sep 2011 | 0 comments

The recent DigiNotar and Comodo Certificate Authority (CA) security breaches have once again highlighted the need to create standards for stronger security around SSL business operations and authentication processes.  At Symantec, we believe that the industry needs to work together to develop stronger security policies and procedures in three areas and then implement third party monitoring of adherence to these policies by the CA community.  These three areas are:

1.     CA Infrastructure:  Rigorous and diligent upkeep of CA security infrastructure is critical, components of which include:

·       Specifically-designed hardened facilities and physical security measures to defend against attacks

·       Hardware-based cryptographic signature systems

·       Regular third party...

AllenKelly | 12 Sep 2011 | 0 comments

Symantec® announced today the availability of Symantec Certificate Intelligence Center for public beta.  Symantec Certificate Intelligence Center helps organizations discover SSL Certificates, regardless of issuing CA, across their entire network, and manage the entire lifecycle of SSL Certificates.  This is an add-on option for existing VeriSign® MPKI for SSL customers.

Symantec created this service after hearing from their enterprise customers on the need for an easy-to-deploy SSL Certificate discovery and management system to help provide inventory visibility, ensure business continuity and increase operational efficiency. Other capabilities in the service include:

  • a distributed architecture to enable parallel and fast discovery scans
  • flexible scanning parameters...