2728973 – Unauthorized Digital Certificates Could Allow Spoofing – Version: 1.2

Revision Note: V1.2 (September 5, 2012): Corrected the common name for the “CN=Microsoft Online Svcs BPOS APAC CA4” certificate issued by Microsoft Services PCA.Summary: Microsoft is aware of Microsoft certificate authorities that are outside our recom…

Microsoft Security Advisory (2728973): Unauthorized Digital Certificates Could Allow Spoofing – Version: 1.2

Severity Rating: Revision Note: V1.2 (September 5, 2012): Corrected the common name for the “CN=Microsoft Online Svcs BPOS APAC CA4” certificate issued by Microsoft Services PCA.Summary: Microsoft is aware of Microsoft certificate authorities that are …

Microsoft Security Advisory (2728973): Unauthorized Digital Certificates Could Allow Spoofing – Version: 1.2

Revision Note: V1.2 (September 5, 2012): Corrected the common name for the “CN=Microsoft Online Svcs BPOS APAC CA4” certificate issued by Microsoft Services PCA.
Summary: Microsoft is aware of Microsoft certificate authorities …

Physical Security Makes Web Security Possible

      No Comments on Physical Security Makes Web Security Possible

Trust on the internet isn’t just a catch phrase. It’s a concern that engenders policies that extend from the virtual world of security products and integration all the way down into process and physical reinforcement. It is also a daily practice at Symantec, where we back up our mission statements with concrete, measured practices. We built our datacenter facilities with a defense in depth approach, and believe in practicing what we preach regarding the standards a CA should adhere to. My leadership team demands that our infrastructure supports our strategy to be the best.

We gave the folks at CNet a tour of our Operations facility where we process SSL Certificates, and showed them our model of what makes a secure facility. We are constantly investing in improvement, keeping up with the latest trends in physical security as a vital link to supporting our virtual security. Recently, CNet published the following article about what they saw on that tour:

http://news.cnet.com/8301-1009_3-57498393-83/rare-peek-inside-symantecs-security-fortress/

By hardening every piece of our layered security model, we’re helping set the standard throughout the CAB Forum participants and industry at large. CNet’s tour shows in tangible ways our commitment to secure methods and processes, and the tight physical security that backs up our logical security. If an attacker can steal a private key, all the data for an organization becomes at risk. This is multiplied exponentially for Certificate Authorities that are responsible for the safety of managed PKI systems all over the world.

We’re proud of our 100% uptime commitment to our customers. We’re proud that we have never had an instance of compromise in our certificate datacenter. We’re proud to be leaders in the CA industry with our commitment to the CAB (Certification Authority/Browser) forum. We walk the walk of security every day, and challenge our competitors to do the same to help combat cyber-crime and make the Net a safer place.

2743314 – Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure – Version: 1.0

Revision Note: V1.0 (August 20, 2012): Advisory published.Summary: Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2…

Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure – Version: 1.0

Severity Rating: Revision Note: V1.0 (August 20, 2012): Advisory published.Summary: Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2…

Microsoft Security Advisory (2743314): Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure – Version: 1.0

Severity Rating: Revision Note: V1.0 (August 20, 2012): Advisory published.Summary: Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2…

Microsoft Security Advisory (2743314): Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure – Version: 1.0

Revision Note: V1.0 (August 20, 2012): Advisory published.
Summary: Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (M…

Latest Yahoo Data Breach Restates Need for Basic Security

News broke today of a large data breach against Yahoo Voices, resulting in more than 400,000 username/password combinations being posted in clear text. The compromise involved a basic SQL-injection attack against an exposed Yahoo server (dbb1.ac.bf1.yahoo.com).  Similar to other recent events, the account data was reportedly stored in an unencrypted state. We see this type of attack Read more…