Website Security Solutions

Website Security Solutions allow companies and consumers to engage in communications and commerce online with trust and confidence. With more than one and a half million web servers using our SSL certificates, an infrastructure that processes more than four and a half billion certificate checks daily, and a trust mark that is seen more than half a billion times a day in 170 countries, the Norton Secured seal is the most recognized symbol of trust on the Internet.

Follow Us on Twitter
  • 0
    Created: Leelin Thye 17 Jan 2013

    “Danger: Malware Ahead!- Please, Not My Site”

    In the article “Google Flags Ad Network Isocket for Alleged Malware; Chrome Blocks TechCrunch, Cult of Mac, others (Updated)”,[1] a large number of popular sites using a prominent advertising network was affected when  their sites were blocked by Google on suspicion of containing malware. Regardless whether the action was a result of false positive reading or not, the financial impact to advertising networks and their client sites is high when users are unable to access the websites and see a “Danger: Malware Ahead!” warning.  Business is disrupted and brand reputation compromised. On the other hand...
  • 0
    Updated: Tim Callan 18 Dec 2012

    Google app malware incident highlights need for publisher identity and accountability

    Whole buncha headlines yesterday as Google pulled the plug on more than fifty Android apps for containing malware. Threatpost has a good writeup here, and Android Police has even more detail here and here. Existing writing on the subject has focused on the cleverness and skill of the trojan itself, along with debate about how soon...
  • 1
    Updated: Tim Callan 18 Dec 2012

    Subdomain of TechCrunch blacklisted by Google for malware distribution

    As of posting time, a Google search of the phrase techcrunch crunchies yields as its first result a blacklisted result for the 2009 Crunchies award page (crunchies2009.techcrunch.com). The details page shows that on September 28 (yesterday) Google found malware distributed on this subdomain of TechCrunch. This result gives you an opportunity to see how a real, blacklisted site looks on Google. If you do click on the link for crunchies2009.techcrunch.com (it's safe; don't worry) you'll go to a Google roadblock page that reads, Warning - visiting this web site may harm your computer! Suggestions: Return to the previous page and pick another result. Try another search to find what you're looking for. Or you can continue to http://crunchies2009.techcrunch.com/ at your own risk. For detailed information about the problems we found,...
  • 0
    Updated: Tim Callan 18 Dec 2012

    Certificate revoked in Acrobat malware attack

    A new malware attack made the press yesterday by exploiting vulnerability in the Adobe Acrobat platform to circumvent Windows defenses. Like other recent attacks, this malware was signed using a compromised certificate. Symantec found out about this attack on Wednesday afternoon. On Wednesday we contacted the customer to inform them of the compromised certificate and revoked the certificate. The original blog entry that revealed the attack is here. The attack was covered in The Tech Herald here.
  • 0
    Updated: Tim Callan 18 Dec 2012

    Network Solutions malcode widget first discovered by VeriSign Trust Seal web site malware scanning

    There's a lot in the news right now about the malware distributed from what may be as many as 5,000,000 parked Network Solutions pages. In addition to the earlier article, here's a nice summary from Brian Krebs, and here's one from Elinor Mills of CNET. The story originally broke from VeriSign Trust Services partner Armorize in a detailed two-part blog (part two here) with a subsequent, also detailed, follow up. In...
  • 0
    Updated: Tim Callan 18 Dec 2012

    Web site malware scan and seal-in-search added to VeriSign SSL Certificates

    We made a big announcement today. We've added significant functionality to VeriSign SSL Certificates. VeriSign SSL users will be able to take advantage of our web site malware scanning and Seal-in-Search capabilities, just as users of the standalone VeriSign Trust Seal can.
  • 0
    Updated: Tim Callan 18 Dec 2012

    Making the Grade on the Annual OTA Online Safety Honor Roll

    The Online Trust Alliance (OTA) just announced its Online Safety 2010 Honor Roll, on which only 8% of the 1200 analyzed companies made the list. The OTA evaluated these 1200 sites based on their usage of e-mail authentication standards, Extended Validation SSL Certificates, and the presence or absence of malware on their public-facing sites. OTA also reported that more than 26% of the Internet Retailer 500 and top 100 financial services companies have adopted EV SSL Certificates. Here's what the Wall Street Journal had to...
  • 9
    Updated: Tim Callan 18 Dec 2012

    EV SSL and iFrame attacks

    We're seeing active discussion online about the possibility of hijacking a single frame in a production site to steal logins or PII. The scenario is that a criminal gang would redirect this frame (through DNS poisoning, let's say) and populate it with its own content from servers under its control. Presumably this content would involve form fields asking for information the criminals want to receive and which you would be willing to share in this context (such as your bank account login or social security number). Now, the recent dialog is around the scenario where this proposed attack happens on a site with an Extended Validation SSL Certificate. The certificate identifies the controller of the top-level frame and does not report on the sources of any internal frames in that page. That is in keeping with near-ubiquitous practices in consumer Web applications...
  • 0
    Updated: Tim Callan 18 Dec 2012

    Political campaign spoofing already underway

    Yesterday I discussed the possibility of Presidential campaigns being phished. This article in SC Magazine explains the criminal activity we already have seen in this arena. The essence of the story is that anti-virus software vendor Webroot just in the past few days announced that is had detected malware attacks against major Presidential campaigns. Reports SC Magazine, the campaign websites of Obama, a Democratic senator from Illinois, and Paul, a Republican representative from the 14th Congressional District of Texas, have been spoofed as part of online scams. The article goes on to say, "We initially saw these types of spoofs...
  • 0
    Updated: Tim Callan 18 Dec 2012

    Can political donations be phished?

    In light of Ron Paul's massive fundraising day yesterday ($3.8 million raised online in a single day) one security blogger has brought up the question of phishing attacks against Web-based political fundraising. In his Threat Chaos blog Richard Stiennon asks the question, But how many of those 35,000 donors checked the URL carefully before providing their credit card information as well as the name of their employer? Was it a phishing site they were visiting? Richard is exactly right to be asking this question. As I have pointed out in the past, phishing attacks a great deal more than simply banks. Why are they not attacking online political parties? They probably are. And if they aren't, it's only a matter of time until they do.