Tag Archives: Authentication Services

The price of fame

      No Comments on The price of fame

In the past year we have seen a number of security related stories in the Finish media.

Spring saw one of the Nordic region’s largest banks forget  to renew the SSL certificate that secured their new online banking site. This unfortunately is not a rare phenomenon ,and companies such as Google , Twitter, and LinkedIn have all experienced similar certificate expiry issues. Consumers are advised, however, to be cautious online and pay heed to warning messages they see in their web browsers, my colleague Andy Horbury wrote about a similar incident recently

Another blunder highlighted in the press happened a few weeks after, when the Certificate Authority used to issue certificates on some local government sites advised users that the site they were visiting was no longer to be trusted. This was simply due to the fact that they had used a CA whose root certificate was not trusted in the Mozilla browser – Firefox. Imagine securing your site with an SSL certificate that works for everyone apart from Firefox users cannot and then compounding that by giving visitors the horrendous advice to ignore any browser warnings they might see when visiting this site. Today this issue has been fixed and the site in question has changed the SSL to a to trusted CA. However, I can’t even imagine how this advice from a powerful entity affected consumers and what this means for trust online if they can simply ignore browser warnings in my opinion and that of any IT professional this is pure nonsense.

 

Shopping at your own risk

The third incident, in the news coverage was the report regarding the part that Finns were playing in an international group of hackers. The young man in question has hacked sites in relative peace and quiet for the last couple of years beavering away diligently scouring Finnish discussion forums and gaming sites, for user names, passwords and credit card information, as well as anything else he could find. Were the sites he targeted protected by SSL certificates ? Unfortunately, not.

Sadly in too many instances SSL encryption is often forgotten when securing servers and websites. By not taking security as seriously as they should companies are playing a dangerous game with their own brand and reputation. As we saw in the Symantec ISTR report cybercriminals are increasingly targeting not only banks and large organizations but also much smaller businesses because they are viewed as being very attractive and lucrative targets.

Brand building and winning consumer confidence does not happen overnight, but comes as a result of many hours of work , sleepless nights and meetings after meetings… yet all this can be put at risk from the simplest mistake you make. By letting a certificate expire, using a mistrusted CA and even giving the wrong advice about security online you are building your business on foundations of sand.

 

If they can’t see it, how can they know?

I myself was recently talking about the information security to business students . Before I told them about the existence of SSL certificates I showed them these two sites and asked which of the two sites are safe :

blogiin.jpg

From there, came the reply like from the pharmacy shelf , one of the students pointed the one on the right hand side even thinking about it. When I asked the reasons for the choice he replied : ” Well.. there’s that green address bar there. ” Yes! Too bad I didn’t record this session, I would’ve forwarded the recording to some IT people..

Today’s online consumer , a young student chose the Extended Validation certificate certified site without knowing about all its technical features – intuitively they knew what looked safe and would put their money where their mouth is when it came to purchasing on a site like this.

Customers and the company’s protection of information is not a staggeringly large investment. Creating brand awareness and brand status are key when it comes to maintaining a trustworthy reputation part of the investment in your brand should be to make purchases from reliable partners – the same applies to security contracts. Security should no longer be purchased acquired with “as long as we have something there” attitude. If you feel that you don’t have the knowledge or resources you can always get this from your trusted service providers.

 

(Finnish) companies should be prouder of their brands – and protect them accordingly.

Knowledge is Power – Website Vulnerabilities

      No Comments on Knowledge is Power – Website Vulnerabilities

This blog post is based on the ‘Knowledge is Power: Symantec Guide to Protecting your Website’ whitepaper which is free to download now.In 2012 Symantec performed more than 1,400 website vulnerability scans each day. More than half the webs…

The Power to Destroy: How Malware Works

      No Comments on The Power to Destroy: How Malware Works

This blog post is based on the new Symantec Website Security Solutions free white paper, The Power to Destroy: How Malware Works which pulls together statistics from across Symantec’s global security network. The white paper is available in Frenc…

Staying safe online over the Christmas holiday period

While we rush online to buy gifts for our nearest and dearest, scammers are looking to make their wage from your online mistakes. Learn how to stay safe online while doing your Christmas shopping this holiday season.
‘I’m dreaming of a safe…

CYBERCRIME TAKES ITS TOLL

      No Comments on CYBERCRIME TAKES ITS TOLL

For anyone intent on finding out exactly what the worldwide impact of cybercrime is now – and the price we are all paying as it penetrates every corner of the global markets – there can be no better starting point than the 2013 Norton Cybercrime Report[1].

The findings are both eye-opening and deeply concerning. According to the report, some 1 million-plus adults become cybercrime victims every single day and, if you break that down, it equates to a staggering 12 victims per second.

This annual report, commissioned by Symantec[2], is focused on understanding exactly how cybercrime affects consumers (more than 13,000 adults across 24 countries took part in the 2013 survey) and how the adoption and evolution of new technologies impacts their overall security.

And what an impact that turns out to be, with the global price tag of consumer cybercrime now topping US$113 billion annually – enough to host the 2012 London Olympics nearly 10 times over –  while the cost per cybercrime victim has shot up to USD$298: a 50% increase over 2012. In terms of the number of victims of such attacks, that’s 378 million per year – averaging 1 million plus per day.[3] Speaking of the Olympics: BT security chief executive officer Mark Hughes, in a presentation at the recent RSA conference, said that no (successful) cyber-attack had occurred during the Games. Quite an achievement, considering BT dealt with over 212 million cyber-attacks on the official website during last year’s Olympic and Paralympic Games.

PAYING THE PRICE

According to the report, 83% of direct financial costs are a result of fraud, repairs, theft and loss. Equally worrying is how deeply cybercrime is etching its mark across each and every continent.

In North America, the percentage hit by these attacks was 63% in the USA (at a cost of US$38 bn), while, in Canada, it was even higher, at 68% (cost: US$3 bn)

In Central America-Latin America (CALA), the figures were no less alarming: Brazil 60% (cost: US$8 bn); Mexico 71(US$3 bn); and Colombia 64% (US$0.5 bn)

In the Middle East, the worst affected countries were Saudi Arabia (62% – US$0.5 bn) and the UAE (71% – US$0.3 bn).

THE VICTIMS

What makes this even more concerning is that, as our channels and means of communication expand, cybercrime is seizing on the opportunity, spreading across the world with the speed and ferocity of a pandemic. Well over a third (38%) of those surveyed have experienced mobile cybercrime in the past 12 months, the main victims being:

  • Social network users – 63%
  • Public/unsecured Wi-Fi users – 68%
  • Emerging market – 68%
  • Parent of children 8-17 – 65%.

Half (50%) of all online adults have been victims of cybercrime and/or negative online situations in the past year, the report confirms, while 41% have fallen victim to attacks such as malware, viruses, hacking, scams, fraud and theft.

PUBLIC/UNSECURED WI-FI

As far as public/unsecured Wi-Fi is concerned, the statistics relating to potentially risky behaviour are particularly disturbing:

  • 56% access their social network account
  • 54% access personal email
  • 29% access their bank accounts
  • 29% shop online
  • 30% do not always log off after having used a public Wi-Fi connection
  • 39% do not take any special steps to protect themselves when using public Wi-Fi.

The cybercriminals must be equally encouraged at the response to their full-on assaults when it comes to mobile devices – because the 2013 Norton Cybercrime Report also reveals that nearly a half of respondents don’t use basic precautions, such as passwords, security software or back-up files.

On the plus side, when it comes to their PCs:

  • 90% do delete suspicious emails from people they don’t know
  • 72% have at least a basic free antivirus solution
  • 78% avoid storing sensitive files online.

However, that still means more than a quarter DON’T appear to have any antivirus protection at all, while almost a quarter DO store sensitive files on line.

CONVENIENCE OVER SAFETY

Why is safety on line treated so indifferently by so many people? According to the 2013 Norton Cybercrime Report: “Many consumers are making a conscious decision to trade their safety for convenience; many more are unaware that they’re making the same trade.”

What the report highlights most of all is that the need to stay safe at all times has never been greater. Moreover, ‘constantly connected, doesn’t have to equal ‘constantly at risk’, it points out. The tools and solutions are readily to hand to ensure that you are always protected. And here are some ‘Top Tips’ from the report on how to defend your data:

  • A comprehensive security suite provides a strong defence against online threats. Norton 360 multi-device offers protection for PCs, smartphones and tablets, in a single solution
  • Be cautious in the cloud. While cloud storage solutions make it easy to save and share files, they also open other avenues for attack
  • Be careful about who has access to your files and use a solution with built-in security, if possible
  • Save sensitive transactions for secure connections
  • Free or unsecured Wi-Fi networks can make it easy for thieves to eavesdrop on your activity
  • Avoid conducting sensitive transactions, such as banking or shopping, while connected to these networks, or use a personal VPN client
  • After you connect, double check!
  • Check credit card and bank statements regularly for fraudulent transactions, and report any suspicious activity to your provider and/or law enforcement.
  • And, of course, when shopping online or signing into webmail or social networks, look for https, The Norton Secured Seal and the Extended Validation ‘green bar’.

Failing to ensure this means the cybercriminals will only go from strength to strength, leaving an ever greater trail of destruction in their wake. And even more victims.

For more information on how to stay safe and secure online, visit https://www.staysecureonline.com/

[1] 2013 Norton Cybercrime Report: go.symantec.com/norton-report-2013 (Direct link to PPT of the report)

[2] Research conducted Edelman Berland.

[3] Online adults per country x % cybercrime victims past 12 months per country = 377,943,431 (sum of 24 countries).

 

Symantec SSL Authentication Procedures: Short-Term Pain for Long-Term Gain

Stefano Rebulla, Senior Account Manager – Continental Europe
On a regular basis questions arise such as: “Why are your authentication procedures so complicated? Why is it so difficult to get my certificate or account vetted?”
These ar…

Website vulnerabilities: which countries’ websites are most vulnerable to malware?

This post is based on the new vulnerability gap white paper compiled by Symantec Website Security Solutions
Malware infection is one of the fastest emerging security threats for websites. More than 24% of websites are vulnerable to malware, while a lar…

Symantec Receives Eight Honors from Information Security Magazine and SearchSecurity.com 2013 Readers’ Choice Awards

Information Security™ magazine and SearchSecurity.com recently announced the winners of its 2013 Reader’s Choice Awards, which were selected based on feedback by customers who were asked to assess products deployed within their organizations. We’re excited to announce that Symantec was honored with eight awards – four Gold, two Silver and two Bronze –demonstrating significant representation across our diverse portfolio of market-leading security solutions.

Included below is a complete list of Symantec’s wins, which will be featured in the October edition of Information Security magazine and are highlighted online at SearchSecurity.com.

The Information Security magazine and SearchSecurity.com 2013 Readers’ Choice Award winners were selected based on extensive, in-depth discussions and interviews between the editors of Information Security magazine and SearchSecurity.com, and over 1,000 information security executives and managers. These executives and managers were asked to rate products deployed within their organizations from a listing of more than 350 products. The editors used these scores to determine Gold, Silver and Bronze award winners for the industry’s best security products.

For more information and a detailed list of categories and winners, please visit http://searchsecurity.techtarget.com/essentialguide/Security-Readers-Choice-Awards-2013#guideCategory19.

 

Information Security magazine and SearchSecurity.com 2013 Readers’ Choice Awards

 

Best of Endpoint Security

Gold: Symantec Endpoint Protection

 

Best of Data Loss Prevention

Gold: Symantec Data Loss Prevention

 

Best of Email Security

Gold: Symantec Messaging Gateway powered by Brightmail

 

Best of Authentication

Gold: Symantec User Authentication Solutions

Silver: Symantec Managed PKI for SSL

 

Best of Cloud Security

Silver: Symantec Email Security.cloud

Bronze: Symantec O3

 

Best of Web Security

Bronze: Symantec Web Security.cloud

RCA_gold.jpg     RCA_silver.jpg     RCA_bronze.jpg

Symantec Receives Eight Honors from Information Security magazine and SearchSecurity.com 2013 Readers’ Choice Awards

Information Security™ magazine and SearchSecurity.com recently announced the winners of its 2013 Reader’s Choice Awards, which were selected based on feedback by customers who were asked to assess products deployed within their organizations. We’re excited to announce that Symantec was honored with eight awards – four Gold, two Silver and two Bronze –demonstrating significant representation across our diverse portfolio of market-leading security solutions.

Included below is a complete list of Symantec’s wins, which will be featured in the October edition of Information Security magazine and are highlighted online at SearchSecurity.com.

The Information Security magazine and SearchSecurity.com 2013 Readers’ Choice Award winners were selected based on extensive, in-depth discussions and interviews between the editors of Information Security magazine and SearchSecurity.com, and over 1,000 information security executives and managers. These executives and managers were asked to rate products deployed within their organizations from a listing of more than 350 products. The editors used these scores to determine Gold, Silver and Bronze award winners for the industry’s best security products.

For more information and a detailed list of categories and winners, please visit http://searchsecurity.techtarget.com/essentialguide/Security-Readers-Choice-Awards-2013#guideCategory19.

 

Information Security magazine and SearchSecurity.com 2013 Readers’ Choice Awards

 

Best of Endpoint Security

Gold: Symantec Endpoint Protection

 

Best of Data Loss Prevention

Gold: Symantec Data Loss Prevention

 

Best of Email Security

Gold: Symantec Messaging Gateway powered by Brightmail

 

Best of Authentication

Gold: Symantec User Authentication Solutions

Silver: Symantec Managed PKI for SSL

 

Best of Cloud Security

Silver: Symantec Email Security.cloud

Bronze: Symantec O3

 

Best of Web Security

Bronze: Symantec Web Security.cloud

RCA_gold.jpg     RCA_silver.jpg     RCA_bronze.jpg

Testing the Norton Secured Seal in a Development Environment

We have written this short blog post about how to set up and test the Norton Secured Seal in a website development environment after recieveing a question about it on Twitter @nortonsecured 

Customers can test the Norton Secured Seal in their development environment following these steps:

  • Set up a development environment where the domain name matches their production website that is secured by a Symantec SSL certificate. E.g. If the production website is www.abc.com, the development environment could be test.abc.com
  • Generate the Seal script from Symantec’s Seal Install page at http://www.symantec.com/ssl/seal-agreement/install.jsp (script needs to be generated using the domain name of the website in test environment e.g. test.abc.com)
  • Update the web page in the development environment to include the generated seal script

Since the development environment will, in most cases, not have an exact match of domain name with production environment, customers would see a generic seal splash page in their test/development environments