Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts in English
Andy Horbury | 06 Feb 2014 | 1 comment

We’ve written in the past about this subject but a recent conversation with a customer brought me back to this concept and whilst we often talk about the perils of an infected website or an out-of-date SSL certificate in ominous tones: browser warnings, customers clicking away and loss of reputation and trust; how much of this is based on real customer behaviour?

The University of California, together with Google, recently undertook a study to track real-world clickthrough rates from browser security warnings in two of the most popular web browsers Google Chrome and Mozilla Firefox. The results reveal a much more security-conscious population than you might expect.

Alice in Warningland

The study looked at the malware, phishing and SSL certificate...

Jimmy Edge | 29 Jan 2014 | 0 comments

Update, August 19 2014: Google has now said that the use of SSL is now a positive ranking factor: "over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal." [1]https://www-secure.symantec.com/connect/blogs/better-website-security-and-google-search-rankings-smb-s-always-ssl

‘I don’t know of any reason why you[r website] wouldn’t be able to rank with just HTTPS,’ says Matt Cutts of Google.

Always On SSL is a mechanism for ensuring that every interaction with every page of your website is encrypted from the moment a visitor arrives to the moment they leave. This goes beyond using SSL on transaction pages, like sign in and payment...

Sven29 | 23 Jan 2014 | 2 comments

SSL certificates do more than encrypt data, they also authenticate websites. This is an important and fundamental function because it builds trust. Website visitors see the SSL padlock or HTTPS and they believe that the site is genuine.

In the fight against fake sites, phishing and fraud, trustworthy SSL certificates are essential.

This is why domain-validated certificates can be dangerous.

What is domain validation?

Certificate Authorities (CAs) will issue a domain-validated certificate to anyone who is listed as the domain admin contact in the WHOIS record of a domain name. They just send an email to the contact email address and that’s it.

It is the lowest level of authentication used to validate SSL certificates. Higher levels include organisationally-validated and extended validation certificates which require more detailed checks.

Why can...

Jimmy Edge | 16 Jan 2014 | 1 comment

A UK Government public awareness campaign Cyberstreetwise.com launched this week, aiming to help educate UK consumers and small businesses about online security. The campaign, running for three months via radio, outdoor and online advertising, offers tips to help people improve their performance online, and help keep important and personal information safe.

120px_cyberstreet_partners.jpg

We know that most of the UK population are not doing enough to protect themselves, leaving themselves open for cybercriminals to access their data and abuse their personal info, tricking them into downloading malware.

Cyberstreetwise is advising people in the UK to adopt a few simple online behaviours to make them and their families safer, such as:

  1. Using strong, memorable passwords
  2. Installing...
Christoffer Olausson | 09 Jan 2014 | 1 comment

With the rise of Cybercrime, companies are investing significant amounts in Information Security in order to protect themselves, their employees and partners, but in the end that might not be enough.

The most common technology used to protect confidential data in transit is Secure Socket Layer(SSL). Yet is SSL-encryption enough to protect a company from industrial espionage and other malicious activities that would lead to sensitive data falling into the wrong hands? It should be, but that is not always the case. Too many companies ignore the fact that they are responsible for the private key that is required to unlock their SSL-certificate.

There are basically two key components to an SSL-certificate. The public key and the private key. The public key is accessible for anyone to use and it is used to encrypt data. The private key is used by the company to decrypt the data turning it into readable information. If an attacker has full access to the private key; then...

Elliot_Samuels | 19 Dec 2013 | 2 comments

If you use SSL certificates on intranet sites with internal server names, they may not work from 1 November 2015.

For companies with complex infrastructures, the change may be challenging but now is the time to start getting ready. If you use SSL certificates on intranet sites with internal server names, they may not work from 1 November 2015.

For companies with complex infrastructures, the change may be challenging but now is the time to start getting ready.

 

Local vs. global address

Imagine you have a server on your network. It may have an IP address that is resolvable on the internet, but it’s more likely to have an address that is only valid on the local network, such as 192.168.1.1. It is also likely to have a domain name that is only resolvable on the local network, such as https://intranet.local or https://mail.

...

Christaine Buemberger | 12 Dec 2013 | 0 comments

More and more software developers in the UK and US are looking to Eastern Europe to get their code written. After all, it can be done far more cheaply there, as well as offering an abundance of choice. Indeed, code writing ‘houses’ in Eastern Europe are proliferating in response to this demand – from one-man bands to sizeable operations. So any developer intent on keeping their costs down, and often along with the promise of a quick turnaround, has the perfect scenario for having their software code written there, right?

Not necessarily. Because cheap is not good if the code that’s written becomes compromised in any way. And when you, the developer, are possibly thousands of miles away from whoever is writing your code, you need to be even more sure of those into whose hands you are entrusting this process.

Certainly, there are many highly reputable enterprises in Eastern Europe that provide this service and deliver to the highest standards. But this is also a region...

Andy Horbury | 06 Dec 2013 | 0 comments

I’d like to share two webinars with you that we delivered this week

The first was Attack of the Cyber Spies a webinar delivered as part of BrightTALK’s Hackers Summit which you can access here.

The second is the December update of the regular webinar series I do with my colleague Andrew Shepherd: Website Security Threats: December Update

I've also posted both webinar slide decks to Slideshare here

Finally, I’d also like to share this blog posted by Tom Powledge who is the VP of the Website Security Solutions division here at Symantec Keeping Your Data Safe with SSL

We'll be back next week with some new blogs.

Tom Powledge | 05 Dec 2013 | 0 comments

There's been plenty in the news recently regarding encryption and SSL – which has led some people to wonder how safe the technology really is.  As the leader of Symantec's Trust Services Products & Services organization, I want to assure you that SSL is safe.  Below is some information that may help you understand why, and also inform you about the current state of SSL security.

First, the fundamental key strength of RSA 2048-bit certificates is solid and without question.  Independent cryptography experts have confirmed this, and highly-respected publications such as the MIT Technology Review have published articles on the subject.  As always, organizations that use SSL should make sure they use the strongest algorithms available.

Customers of SSL certificates should take specific actions...

Amer Sethi | 04 Dec 2013 | 0 comments

As we wrote in our previous blog The Middle East and North Africa (MENA) region is basking in the joys of booming economic growth.

These are exciting times however, that said, such success also has its downsides. While e-commerce is on a rapid upward trajectory – particularly in the banking and travel sectors – it has made many MENA businesses highly attractive to the cybercriminals, who are out to cash in on any vulnerabilities they can exploit.

Just how open to the cybercriminals the region is can best be exemplified by the targeting of its oil and gas sector. Last year, it was the victim of a hacker attack known as Shamoon (aka W32.Disttrack), which is capable of wiping files and rendering several computers on a network unusable. Saudi Arabia's national oil company Saudi Aramco itself came under fire, with 30,000 of its computers knocked out, resulting in its own network...