Video Screencast Help
Search Video Help Close Back
to help

Website Security Solutions

Showing posts tagged with Security
Showing posts in English
It's National Cyber Security Awareness Week - here are a few tips
Belinda Charleson | 22 May 2013 | 1 comment

It’s time to stop and take a moment to consider cyber security, says the Australian Government. Once a year, the government gets together in partnerships with industry, the community, and consumer organisations to help make people aware of basic steps they can and should do to protect their personal and financial information.

This year’s theme on their Website is “Our Shared Responsibility”. I encourage you all to go out and look at their website, where they help distill a lot of activities down to the basic 10. (With commentary by me.)

  1. Install and update your security software and set it to scan regularly. If you’re broke, there are free A/V options from Microsoft, AVG, and Avast. Install one of these at minimum! Then as soon as you can, upgrade to a top-rated A/V like Norton.
  2. Turn on automatic updates on...
Read more
Microsoft goes Always On with EV for Outlook.com
FranRosch | 18 Dec 2012 | 0 comments

On Tuesday, Microsoft announced that they have just upgraded their entire Outlook.com mail environment to an Always On SSL experience, protected by Extended Validation (EV).  This means that all of the user’s data is protected via 2048-bit encryption - not just the log on page - on Outlook.com, as well as Hotmail, and Live.

This is a big deal. Always-On SSL is the most recommended way for any kind of social media to be enabled for user security.  When a site is completely hosted over HTTPS, the user is much better protected from attacks and surveillance.  For example, on sites without Always On SSL, although the logon would be encrypted, if the subsequent pages are not protected by HTTPS the cookie with the login credentials could be intercepted and used for malicious purposes.

The dangers of...

Read more
Friends Don't Let Friends Misunderstand Clouds
Jeannie Warner | 18 Dec 2012 | 4 comments

This is the first in a series of ponderings I've been having about Cloud computing, how little it's understood by end consumers, and what we in the IT space need to do to better educate the people on the street. The general internet has been greedy in terms of self-interest, selling people short in its expectations of their ability to learn about concepts and ideas. However, I am idealistic enough to really believe that once people understand what is in their best interest in terms of internet security, they will tend to act in ways that support that self-interest, to the extent that they are able. And so if we wish people to act in enlightened self-interest, we need to educate the society around us.

This pondering started when I read this viral article from the Business Insider, spread by Facebook: http://www.businessinsider.com/people-think-stormy-weather-affects-...

Read more
Physical Security Makes Web Security Possible
FranRosch | 18 Dec 2012 | 0 comments

Trust on the internet isn't just a catch phrase. It's a concern that engenders policies that extend from the virtual world of security products and integration all the way down into process and physical reinforcement. It is also a daily practice at Symantec, where we back up our mission statements with concrete, measured practices. We built our datacenter facilities with a defense in depth approach, and believe in practicing what we preach regarding the standards a CA should adhere to. My leadership team demands that our infrastructure supports our strategy to be the best.

We gave the folks at CNet a tour of our Operations facility where we process SSL Certificates, and showed them our model of what makes a secure facility. We are constantly investing in improvement, keeping up with the latest trends in physical security as a vital link to supporting our virtual security. Recently, CNet published the following article about what they saw on that tour:

...

Read more
Safe Surfing for Sports Season
Jeannie Warner | 18 Dec 2012 | 0 comments

Keeping Your Personal Information Secure
 

It’s a great time for sports fans, with the summer Olympics still fresh in our minds, the NFL season kicking off, and hockey and basketball just around the corner. Unfortunately, it’s also a great time for cyber criminals who take advantage of the excitement to steal valuable personal information.

A common approach, known as “phishing,” uses phony emails that inform fans they have won the “NFL Lottery” or can purchase discounted tickets. These emails often contain links to websites that look genuine but are designed to trick users into providing login and password details. Some also include attachments that can download nasty computer viruses.

As scammers grow more sophisticated, users have to up their defensive game. Here are some tips to help protect against phishing attacks:

  1. Never click on links or open attachments in unsolicited emails....
Read more
Why Your Certificate Authority Matters, Now More Than Ever
FranRosch | 18 Dec 2012 | 0 comments

Last week the Certificate Authority / Browser Forum (CA/B) voted down a motion to extend a deadline for its members to sign an intellectual property rights agreement (IPR). Signing this agreement is mandatory to retain membership. Those who had not signed by August 1st are no longer members of the CA/B Forum. Entrust, CyberTrust (Verizon), and Research In Motion (RIM) are among the CAs who did not, or would not sign the IPR. They’re all out.

So what?

What’s so important about the IPR is that it enables CAs and browsers to work together as an industry to develop improved Internet security standards without infringing on any particular organization’s intellectual property rights.  This transparent, collaborative workgroup will help drive innovation to better secure data in transit over the Internet.

As a result of their inaction, the CA’s mentioned above will not have a role in forging a more secure future for...

Read more
Why are the Certification Authority/Browser Baseline Requirements so important?
FranRosch | 18 Dec 2012 | 0 comments

Symantec has been a key driver in collaborative work with the CA/B Forum to develop a new set of baseline requirements for organization and domain validated SSL certificates. The CA/B Forum is an organization of leading Certification Authorities (CAs) and vendors of Internet browser software and other applications. The CA/B Baseline Requirements are documented in “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates v. 1.0”.

We are proud to announce that Symantec is adopting the new Baseline Requirements effective July 1st, 2012. 

The Baseline Requirements focus on providing clear standards for CAs on important topics including verification of identity, certificate content and profiles, CA security, revocation mechanisms, use of algorithms and key sizes, audit requirements, liability, privacy and confidentiality, and delegation (including external sub-...

Read more
AnDevCon 2012: New Code Signing Services to Protect Your App
AllenKelly | 18 Dec 2012 | 0 comments

Author: Dean Coclin, Senior Director of Business Development at Symantec

Today, I had the opportunity to meet over a hundred talented developers at AnDevCon 2012 during my session on “Challenges in Code Signing and Key Security."

Android has quickly become one of the most popular operating systems for mobile devices. It’s amazing how this ecosystem has changed. Only 5 years ago, Symbian was the #1 smartphone OS in the world and now its market share has dwindled down to a much smaller number. Five years ago we were also carrying around our Palm Treo devices, a company that no longer even exists and their WebOS has been literally thrown away by HP, their new parent.

It’s been an interesting month in the Bay Area as tech giants Oracle and Google battled each other in court over whether Android contains...

Read more
Protecting digital certificates is everyone’s responsibility
FranRosch | 18 Dec 2012 | 2 comments

Yesterday Kaspersky Lab posted on their research blog that they had discovered a Trojan dropper file in the wild. The malicious code, designed to commit click fraud, was signed by a legitimately issued VeriSign code signing certificate. This was a result of private keys being compromised at one of our customers. The code signing certificate used to sign the malicious code was authenticated and issued by VeriSign to a legitimate organization. The certificate has since been revoked, as it appears that the private keys, which were controlled by the customer, have been compromised.

Allow me to emphasize that Symantec takes these situations very seriously. We’re working closely with the customer to resolve their security issue and to ensure that they are taking precautions and applying best practices for private key before we re-issue another code signing certificate to them. Symantec employs the highest levels of stringent authentication for every certificate we issue....

Read more
Verisign, Inc. breach update: Symantec not compromised.
FranRosch | 18 Dec 2012 | 3 comments

News broke recently that Verisign, Inc. reported in their quarterly SEC filings that they had been victims of a security breach in 2010. At this time, Verisign, Inc. has only confirmed that the incident did not impact their DNS business. 

Just as Verisign, Inc. stated that there was no impact to their production environment, I stand behind the following statement that Symantec made in response to media questions regarding the 2010 Verisign, Inc. security breach:

Symantec takes the security and proper functionality of its solutions very seriously.Trust Services (SSL), User Authentication (VIP, PKI, FDS), and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the Verisign, Inc. quarterly filing.

Unfortunately, many people are associating the breach at Verisign, Inc. with...

Read more