Tag Archives: security

Vulnerabilidad FREAK puede dejar las comunicaciones cifradas expuestas a ataques

      No Comments on Vulnerabilidad FREAK puede dejar las comunicaciones cifradas expuestas a ataques

Una falla reportada recientemente permite a los atacantes forzar las conexiones seguras a usar un método de cifrado más débil y quebrantable.

Read More

Cavalos de Troia em 2014: Queda de 53% nas infecções, mas a ameaça ainda prevalece

      No Comments on Cavalos de Troia em 2014: Queda de 53% nas infecções, mas a ameaça ainda prevalece

Ainda que o número de detecções de Trojans financeiros tenha diminuído em 2014, a ameaça ainda é considerável, já que os atacantes alteraram suas táticas para contornar as medidas de segurança mais recentes.

Read More

Troyanos Financieros: Las infecciones disminuyeron 53 por ciento en 2014, pero la amenaza prevalece

      No Comments on Troyanos Financieros: Las infecciones disminuyeron 53 por ciento en 2014, pero la amenaza prevalece

Aunque el número de detecciones de Troyanos financieros disminuyó durante 2014, la amenaza fue considerable, ya que los agresores se han movido para evadir nuevas medidas de seguridad.

Read More

Financial Trojans in 2014: Takedowns contributed to 53 percent drop in infections, but threat is still prevalent

      No Comments on Financial Trojans in 2014: Takedowns contributed to 53 percent drop in infections, but threat is still prevalent

While the number of financial Trojan detections decreased in 2014, the threat was still considerable, as attackers moved to bypass newer security measures.Read More

SSL Market Leadership

      No Comments on SSL Market Leadership
Twitter Card Style: 

summary

As you might imagine, the Trust Services team at Symantec found ourselves scratching our heads last week when one of our competitors in the SSL market announced that it was now the “number one” certification authority in the world.  How could this claim be real, we questioned?  After all, for over 20 years, market analysts and customers alike have recognized Symantec as the leading and most trusted provider of SSL certificate products, solutions, and services around the world. 

With our curiosity piqued, we did a quick check of the most recent market reports and metrics from both Frost & Sullivan and Netcraft, the two most respected SSL market analysts in the industry.  While Frost & Sullivan analyzes the SSL market from a business perspective based on the revenue share of the various competitors, Netcraft actually crawls the Internet to analyze webservers and SSL certificate information to quantify market size and share.

Their studies continue to show Symantec at the top of the market (see chart below). 

Worldwide Marketshare for SSL Certificates 2015-1.png

Numbers aside, at Symantec, we believe “leadership” is earned rather than claimed.  Symantec’s success has largely been the result of our award-winning track record of Trust, Reliability, and Speed for our customers.  Over the years, we’ve demonstrated best-in-class OCSP response times allowing for faster and more secure web transactions for online businesses and consumers around the world.  Moreover, the Norton Secured Seal has continuously been displayed over half a billion times per day on websites in over 170 countries, serving as the most recognized trust mark on the Internet.  Over the past 2 decades, during the

tremendous growth of Internet activity and increased security threats, Symantec’s global infrastructure has NOT ONCE been compromised, never suffering a breach.  On the other hand, less than a week after this competitor claimed to be “number one” in the SSL market, the U.S. Department of Homeland Security reported on PrivDog, an SSL tampering tool associated with the competitor (see http://www.theregister.co.uk/2015/02/24/comodo_ssl_privdog).

So we’ll let the market decide, while we continue to do our best for our customers, earning every bit of trust that we can each day.

Os cibercriminosos realizam phishing com credenciais do iCloud das vítimas de roubo de iphones e ipads

      No Comments on Os cibercriminosos realizam phishing com credenciais do iCloud das vítimas de roubo de iphones e ipads

Hackers criaram sites de phishing para enganar os usuários cujos dispositivos iOS foram perdidos ou roubados, para assim liberar suas credenciais do iCloud

Read More

Cybercriminals phish iCloud credentials from victims of iPhone, iPad theft

      No Comments on Cybercriminals phish iCloud credentials from victims of iPhone, iPad theft

Attackers have created phishing sites to trick users whose iOS devices have been lost or stolen into handing over their iCloud credentials.Read More

Cibercriminales van por credenciales de iCloud de víctimas de robo de iPhone o iPad

      No Comments on Cibercriminales van por credenciales de iCloud de víctimas de robo de iPhone o iPad

Los atacantes han creado sitios de falsos (phishing) que engañan a los usuarios que han perdido o les han robado sus dispositivos con iOS para obtener sus datos de acceso a iCloud

Read More

What is OCSP?

      No Comments on What is OCSP?
Twitter Card Style: 

summary

The OCSP (Online Certificate Status Protocol) is one of the two ways for obtaining the revocation status of X.509 digital certificate (e.g. SSL & code-signing certificates) and hence maintains the security of a server or other network resource. The other older mechanism, which OCSP has superseded, is known as “CRL (Certificate Revocation List).”

OCSP overcomes the chief limitation of CRL: the fact that updates must be frequently downloaded to keep the list current at the client end. When a user attempts to access a server, the OCSP sends a request for certificate status information. The server sends back a response of “Success”, “Unauthorized”, “Malformed Request” or “Try Later”. The protocol specifies the syntax for communication between the server (which contains the certificate status) and the client application (which is informed of that status. OCSP responses contain less information than a CRL so it puts less burden on the network and the calling resources.

An OCSP request is a signed message.  It consists mainly of two components: a request body, and an optional signature block.  The request body contains one or multiple certificate status requests.  The body consists of the following fields:
 
Version – OCSP Request version number.  It is default to v1.
Requestor name – optional field
One or more requests – web server only include one certificate status request per OCSP request message.
Extensions – This optional field to include extra information which may be communicated between the client and the OCSP server, such as the expected OCSP response message type from the client, nonce, or archive cutoff date, etc. 
 
Of all these components, the most important component is the certificate status request structure.  It consists of the following:
 
HashAlgorithm – this field specifies the digest algorithm, which is used to digest the CA, subject DN or CA key.
IssuerNameHash – digest of the EE’s CA subject DN
IssuerKeyHash – digest of the EE’s CA public key or a unique key identifier
SerialNumber – EE certificate serial number
The combination of the SerialNumber and the IssuerNameHash or the SerialNumber and the IssuerKeyHash uniquely identifier the EE certificate signed by the CA.

How did Symantec improve OCSP Performance?

Origin Server:  Symantec built a highly efficient and responsive OCSP infrastructure.

CDN: Symantec worked with a CDN to make their EdgeServer OCSP aware and able to read the ASN.1 request and response package.

  • Handle the OCSP traffic intelligently:
    • Use the nextUpdate timestamp to determine the expiration time in cache
    • Use the CertID sequence from the OCSP Request to determine the cache key.  Specifically issueNameHash + issueKeyHash + serialNumber.
    • Check for the presence of the nonce extension (id-pkix-ocsp-nonce) and handle appropriately.
    • Provide the ability to invalidate the CDN cache based on the OCSP URI and OCSP Key for revoke case.
    • Provide reporting on overall traffic and request plus the top 50 requested URIs.
    • Provide the ability to limit the size of the edge for ACLs.
    • Provide the ability to handle OCSP requests without HTTP Host headers.

If the response for a requested cert is found in CDN cache, it’ll be returned from the cache.

If a response can’t be found in cache, a request will be sent to origin server (Symantec OCSP responder) to retrieve the response and stored in cache for later lookup.

Symantec built an OCSP responder to handle any cache miss requests.

What is the Net Result?

The result of our work is that we have become the fastest within the industry. When one adds together the average speeds of our competitors you can see how fast Symantec really is.  The other thing to note is not only is there a massive difference in speed but also a difference in regularity.  Certain days will have more or less demand on the OCSP infrastructure than others, but ultimately, Symantec’s speed is far more consistent that the wild ups and downs of other CAs trying to keep pace with the demands of a modern internet.

OCSP_Performance_Chart_Jan2015_r2_1.jpg

Do you want to go faster?

If speed is important to your organization then why not consider using ECC SSL certificates?  The majority of SSL certificates used today are based on RSA, an aging algorithm.  ECC is the next generation; it uses tighter math and therefore runs more efficiently than RSA.  This allows a server to run more sessions with one company reporting a 46% drop in CPU utilization and a 7% improvement in server response times.  

Please let us know what you think or if you have any questions.  You can reach out on Twitter or follow us on Facebook.