Video Screencast Help
Website Security Solutions
Showing posts tagged with Certificate Authority (CA)
Showing posts in English
Andy Horbury | 10 May 2013 | 0 comments

I hope by now that you are aware that the Certificate Authority/Browser Forum has mandated that Certificate Authorities stop supporting 1024-bit key length RSA certificates for both SSL and code signing by the end of this year (2013). To learn more about these changes please read the CA/Browser Forum’s paper on the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates

What do you need to do?

Any Symantec customers with certificates expiring this year (2013) will need to renew by generating a Certificate Signing Request (CSR) of 2048 bits or higher. Any Symantec customers with certificates expiring in 2014 or later will need to replace and upgrade all 1024-bit certificates with 2048-bit RSA/DSA or 256-bit ECC certificates by 1st October 2013. All existing 1024-bit...

Brad | 06 Feb 2013 | 0 comments

Sometimes, serendipity happens.

Here at Website Security Solutions, we're constantly striving to educate people on how important SSL Certificates are to the Internet. The Norton Secured Seal represents trust on the internet; a sure mark that the website where it is displayed represents a site that can be trusted to conduct business transactions.  We try to educate consumers about how to shop safely, and conduct their business online with a minimum of risk; because it's a world full of internet predators out there trying to steal people's money, their data, and their very identity.

Consumer education is one of the most important things we can do in the Security industry. We have to teach people what to look for, how to surf safely, and how to protect themselves. And all...

Jeannie Warner | 15 Jan 2013 | 3 comments

We're looking at a bumper crop of online frauds, cons, ID thefts, and check stealing this year. Some of them can steal your returns, others cost you your life savings or money you have not even begun to earn. As your W-2s come in, here are some simple pointers to remember about filing and online opportunities as well as methods for avoiding theft of multiple kinds.

  1. First and most important - the IRS will never email you. Ever. If you get an email from the IRS or EFTPS (Electronic Federal Tax Payment System), forward it to phishing@irs.gov and do not respond!
  1. Beware fake Tax preparation companies.  Never enter information online unless you see HTTPS: or a green bar in the URL, and look for the Preparer Tax identification Number (PTIN) on your return. You should always receive a copy of your tax return, and a reputable tax service should never do your taxes for a percentage of the refund....
FranRosch | 13 Dec 2012 | 0 comments

On Tuesday, Microsoft announced that they have just upgraded their entire Outlook.com mail environment to an Always On SSL experience, protected by Extended Validation (EV).  This means that all of the user’s data is protected via 2048-bit encryption - not just the log on page - on Outlook.com, as well as Hotmail, and Live.

This is a big deal. Always-On SSL is the most recommended way for any kind of social media to be enabled for user security.  When a site is completely hosted over HTTPS, the user is much better protected from attacks and surveillance.  For example, on sites without Always On SSL, although the logon would be encrypted, if the subsequent pages are not protected by HTTPS the cookie with the login credentials could be intercepted and used for malicious purposes.

...

Rick Andrews | 30 Oct 2012 | 0 comments

SSL/TLS is technology that is critical for securing communications. The challenge facing the SSL ecosystem today is how it is being implemented and used. Several University researchers have recently published reports indicating errors and shortcomings in non-browser applications that act as the client of an SSL/TLS connection. These issues result from flawed implementations of SSL in the applications or in SDKs or APIs used by them. SSL Client non-browser applications should follow these best practices to ensure the high level of authentication, confidentiality and integrity promised by SSL remain intact.

A Developer must perform a number of checks, and the most important is to cryptographically validate that the end-entity certificate presented by the server is the expected certificate, or was signed by an expected certificate. In other words, the Developer must create a trusted and validated chain of certificates starting with the end-entity certificate and linking up to...

Jeannie Warner | 11 Oct 2012 | 0 comments

When your mobile or web browser address bar turns green it’s a clear sign that you can complete a transaction, or fill out an online form with confidence. The green address bar indicate that you’re on a site that has an Extended Validation (EV) certificate, a measure increasingly used by organizations to provide reassurance to customers who are wary of sharing personal information online. Sites protected by an EV certificate must pass the industry’s most stringent standards for identity validation and if the certificate is from Symantec it also protects you from malware, as these sites are scanned daily for infection.

To receive  an EV certificate, an organization  not only has to demonstrate secure encryption methods but also pass rigorous checks based on the highest industry standards to prove that it is a legitimate company, including: 

  • It...
FranRosch | 04 Sep 2012 | 1 comment

Trust on the internet isn't just a catch phrase. It's a concern that engenders policies that extend from the virtual world of security products and integration all the way down into process and physical reinforcement. It is also a daily practice at Symantec, where we back up our mission statements with concrete, measured practices. We built our datacenter facilities with a defense in depth approach, and believe in practicing what we preach regarding the standards a CA should adhere to. My leadership team demands that our infrastructure supports our strategy to be the best.

We gave the folks at CNet a tour of our Operations facility where we process SSL Certificates, and showed them our model of what makes a secure facility. We are constantly investing in improvement, keeping up with the latest trends in physical security as a vital link to supporting our virtual security. Recently, CNet published the following article about what they saw on that tour:

...

Jeannie Warner | 28 Aug 2012 | 0 comments

Keeping Your Personal Information Secure
 

It’s a great time for sports fans, with the summer Olympics still fresh in our minds, the NFL season kicking off, and hockey and basketball just around the corner. Unfortunately, it’s also a great time for cyber criminals who take advantage of the excitement to steal valuable personal information.

A common approach, known as “phishing,” uses phony emails that inform fans they have won the “NFL Lottery” or can purchase discounted tickets. These emails often contain links to websites that look genuine but are designed to trick users into providing login and password details. Some also include attachments that can download nasty computer viruses.

As scammers grow more sophisticated, users have to up their defensive game. Here are some tips to help protect against phishing attacks:

  1. Never click on links or open attachments in unsolicited emails....
FranRosch | 07 Aug 2012 | 0 comments

Last week the Certificate Authority / Browser Forum (CA/B) voted down a motion to extend a deadline for its members to sign an intellectual property rights agreement (IPR). Signing this agreement is mandatory to retain membership. Those who had not signed by August 1st are no longer members of the CA/B Forum. Entrust, CyberTrust (Verizon), and Research In Motion (RIM) are among the CAs who did not, or would not sign the IPR. They’re all out.

So what?

What’s so important about the IPR is that it enables CAs and browsers to work together as an industry to develop improved Internet security standards without infringing on any particular organization’s intellectual property rights.  This transparent, collaborative workgroup will help drive innovation to better secure data in transit over the Internet.

As a result of their inaction, the CA’s mentioned above will not have a role in forging a more secure future for...

FranRosch | 02 Jul 2012 | 0 comments

Symantec has been a key driver in collaborative work with the CA/B Forum to develop a new set of baseline requirements for organization and domain validated SSL certificates. The CA/B Forum is an organization of leading Certification Authorities (CAs) and vendors of Internet browser software and other applications. The CA/B Baseline Requirements are documented in “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates v. 1.0”.

We are proud to announce that Symantec is adopting the new Baseline Requirements effective July 1st, 2012. 

The Baseline Requirements focus on providing clear standards for CAs on important topics including verification of identity, certificate content and profiles, CA security, revocation mechanisms, use of algorithms and key sizes, audit requirements, liability, privacy and confidentiality, and delegation (...