Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts tagged with Identity and Authentication Services
Showing posts in English
geoffnoakes | 06 Jun 2012 | 1 comment

I sat down today with Craig Spiezle, Executive Director of the Online Trust Alliance, at the Internet Retailer show in Chicago, to learn more about OTA’s Online Trust Honor Roll announcement.  This is the OTA's fourth annual Online Trust Honor Roll -- the report promotes for the adoption of best practices; it recognizes leaders, and it provides prescriptive advice to businesses and governments.  Symantec had made the OTA’s Online Trust Honor Roll 4 years in a row.  The report is located at

Among the changes in this year’s report:

  • Tools, methodology, and transparency: the OTA uses a number of publicly-available tools to capture and report on its best practices, and defines its methodology in the report,...
AllenKelly | 17 May 2012 | 0 comments

Author: Dean Coclin, Senior Director of Business Development at Symantec

Today, I had the opportunity to meet over a hundred talented developers at AnDevCon 2012 during my session on “Challenges in Code Signing and Key Security."

Android has quickly become one of the most popular operating systems for mobile devices. It’s amazing how this ecosystem has changed. Only 5 years ago, Symbian was the #1 smartphone OS in the world and now its market share has dwindled down to a much smaller number. Five years ago we were also carrying around our Palm Treo devices, a company that no longer even exists and their WebOS has been literally thrown away by HP, their new parent.

It’s been an interesting month in the Bay Area as tech giants Oracle and Google battled each other in court over whether Android contains unlicensed portions of Java™. But while the...

FranRosch | 09 May 2012 | 1 comment

We started Vision 2012, our technology summit, with a bang this year.  Yesterday, Symantec made two significant mobile authentication announcements: Code Signing (CS) for Android and Certificate Intelligence Center (CIC) for Mobile.  To set the stage for extending our solutions to mobile, let’s do a quick recap of the current mobile threat landscape.  

With the growing uptake in smartphones and tablets, and their increasing connectivity and capability, there has been a corresponding increase in activity by malicious attackers.  Symantec’s 2012 Internet Security Threat Report revealed that mobile vulnerabilities increased by 93 percent in 2011 while at the same time, a rise in threats targeting the Android operating system occurred.  The report also showed that 2011 was the first year that...

Teresa Wingfield | 30 Apr 2012 | 0 comments

If you are using self-signed SSL certificates for internal sites such as corporate email servers, human resource portals, wikis, software development sandboxes, etc. you’re probably doing so because you think you’re saving your company a ton of money by not purchasing certificates from a third-party Certificate Authority.  But, for a number of reasons, this probably isn’t true. 

Self-signed certificates cost more than most  implementers realize because the total cost of ownership (TCO) of an SSL certificate is far more than just the price of the certificate. From security hardware, to management software, to data center space and more, the costs of establishing a secure self-signing architecture can quickly add up.  And, a do-it-yourself approach to SSL security may put an organization at risk for costly security breaches and lost trust.

“The Hidden Costs of Self-Signed SSL Certificates” is a new white paper that...

AllenKelly | 24 Apr 2012 | 0 comments

To participate in the contest, start surfing the Internet to find the new Norton Secured Seal. 


Once you have located the new seal, tweet the following phrase to qualify for a daily drawing: “I spotted the Norton Secured Seal at (insert publicly-accessible URL) #SpotTheCheck” hash tag in less than 140 English characters.

Entrants will be entered into a random drawing each day for a seven day period to win a $100 gift card to 

Full contest rules are below.




FranRosch | 23 Apr 2012 | 1 comment

Today, the VeriSign seal got a new look and became the new Norton Secured Seal. 

One of the questions we get asked the most is why make this change to one of the most recognized trust marks on the Internet.  Our response, it just makes sense for us and for our customers.  By combining the power of the VeriSign checkmark with the industry’s most respected Norton brand, we are creating the most valued and highly visible security seal on the Internet.  Businesses will experience the same high security standards and protection that was delivered from the previous VeriSign seal.  The rigorous and proven authentication processes ensures their customers and information stays safe and secure.

The Value of a Trust Seal

The Norton Secured Seal is an indispensable tool and is valued by business customers for its proven ability to provide consumers a secure online experience while instilling confidence and trust in their...

AllenKelly | 17 Apr 2012 | 1 comment

Over the next few weeks, we’ll be making a change to the trust mark on your websites. We are combining the VeriSign Checkmark with the industry-leading Norton brand to create the Norton™ Secured Seal. By bringing together these two well-known and respected brands, the new seal will not only prove to your site visitors that the site is secure, but may also increase traffic, add click-throughs and provide higher visibility in search results. Even before the official launch, a U.S. online consumer study found high recognition of the Norton Secured Seal.

We developed the new Norton Secured Seal to provide our customers with increased visibility and transactions, and plan to make this transition as smooth and seamless as possible. We understand that for many of our customers, having...

Charla Bunton-Johnson | 17 Apr 2012 | 0 comments

JP Donnio, President, TBS Internet
Symantec Trust Services Platinum Partner

It can be difficult to let tried-and-true brands go, unless of course it’s replaced by a better and stronger brand. That is the case with Symantec’s transition from the VeriSign Seal to a Norton Secured Seal, powered by VeriSign combining the trust asset of both VeriSign and Symantec, the new Norton Secured Seal will be even stronger and more effective than its predecessor. Not only is it a positive evolution of the trust mark, but it is also an innovative solution to add to the range of products we offer our customers.

TBS has been a partner with VeriSign since 2003, and since that...

FranRosch | 16 Mar 2012 | 2 comments

Yesterday Kaspersky Lab posted on their research blog that they had discovered a Trojan dropper file in the wild. The malicious code, designed to commit click fraud, was signed by a legitimately issued VeriSign code signing certificate. This was a result of private keys being compromised at one of our customers. The code signing certificate used to sign the malicious code was authenticated and issued by VeriSign to a legitimate organization. The certificate has since been revoked, as it appears that the private keys, which were controlled by the customer, have been compromised.

Allow me to emphasize that Symantec takes these situations very seriously. We’re working closely with the customer to resolve their security issue and to ensure that they are taking precautions and applying best practices for private key before we re-issue another code signing certificate to them. Symantec employs the highest levels of stringent authentication for every certificate we issue....

Rick Andrews | 01 Mar 2012 | 1 comment

RSA 2012 has lived up to expectations with some great thought-provoking presentations. Tuesday morning I attended “Revocation Checking for Digital Certificates: Why Won’t It Work?” moderated by Kirk Hall. Kirk and the other panellists clearly described the shortcomings of revocation checking by CRLs or OCSP and why all modern browsers “soft-fail” if they can’t get a revocation response. They also detailed a number of proposed improvements, and the pros and cons of each.

At Symantec, we believe that revocation checking is essential. That’s why we’ve invested heavily in building a highly-available, massive scale infrastructure to serve our CRLs and OCSP responses. Today our infrastructure supports over 3.5 Billion OCSP lookups every day. We’re an active part of the CA/Browser Forum, including the working group that will study improvements in revocation checking. It’s a great topic that has the potential to make a big...