 |
The VeriSign Security Review
|
February 2007
While at RSA, stop by the VeriSign booth #1409 for more on our layered,
systematic approach to mitigating threats to user confidence, network
security, and growth of the digital economy. The exhibit features our
new VeriSign Secure Site Pro with EV SSL Certificates and the VeriSign
Identity Protection (VIP) suite of services. Experts in managed
security, PKI, security consulting, and enterprise mobility will also
be on hand to demonstrate VeriSign services.
In
This Issue:
Hot Topics
Monthly Threat
Summary
- Though Microsoft’s
latest security bulletin included only three critical vulnerabilities,
all of them are in widely used products, and hackers will doubtless
launch concerted attempts to exploit them. All VeriSign customers are
urged to read Microsoft’s bulletins and download patches as appropriate.
News from VeriSign
- VeriSign Powers
NBX Video for Sports Fans
- Adobe and VeriSign
to Transform Distribution of Rich Media Online
- Open Media Network
Selects VeriSign to Bring Full Screen, DVD-Quality Television Programs
from the Internet—Right to TV Screens
Security Events
- February 5 - 9 RSA
Conference, San Francisco, CA
- February 12 – 15
3GSM World Conference, Barcelona, Spain
- March 19 – 22 TelecomNext,
Las Vegas, NV
Hot Topics
Sclavos Makes Security Simple
in RSA Keynote
Stratton Sclavos, Chairman and CEO of VeriSign, will
give a keynote presentation entitled “Security Made Simple” at the RSA
2007 Conference, which takes place in San Francisco on February 5-9,
2007.
Sclavos’ theme is that this is the “Any Era,” when
millions of users interact via laptops, PDAs and cell phones anywhere,
anytime, across any network. They expect to choose how, when, and where
they communicate and conduct commerce. But along with digital freedom
comes new security threats. As enterprises rebuild architectures to
provide legitimate users with easier, more integrated access to data
of all kinds, criminals find new opportunities to attack networks, steal
identities, and damage corporate reputations. Now more than ever, organizations
need an interdependent approach to identity management as well as expert
assistance in enabling and protecting networked interactions.
In his keynote, Sclavos will describe “day
in the life” overviews of typical consumers and their everyday needs
for digital infrastructure to enable and protect their communications,
commerce, content, and information while at the same time making these
services simple and secure. He will also describe how VeriSign and others
are currently taking Internet security to the next level through Extended
Validation (EV) SSL, the biggest advancements to online security in
the past 10 years which will benefit consumers and businesses alike.
Although there is no single “magic bullet”
to resolve or prevent all digital security problems, a layered, systematic
approach is the best protection for an organization. Sclavos will speak
briefly about how the VeriSign approach helps protect users, enterprises,
and/or networks with a number of key product and service offerings.
These include VeriSign Managed Security Services (MSS), which have helped
hundreds of the largest organizations in the world reduce security risks
to reputation, operations, and compliance through better threat detection,
superior analysis, and prioritized response.
Register
for the conference.
Attend the following VeriSign presentations
while at RSA 2007:
Stratton
Sclavos ─ Security Made Simple; Feb. 8 at 2:00pm in Hall D
Tim Callan - Maximizing Trust on the Web: New Extended Validation SSL Certificates
and Internet Explorer 7.; Feb. 6 at 1:30pm- 2:40pm
Phillip Hallam-Baker - Extended Validation: A Renaissance for Digital Certificates?;
Feb. 7 at 10:40am – 11:50am (Rob Franco, Lead Program Manager, Microsoft
will also be presenting at this session)
Phillip Hallam-Baker - Unlinkable Identifiers: Privacy Protection in the Identity 2.0 World;
Feb. 9 at 11:10am – 12:00pm
Troy Kitch ─ Building Trust with Internet Explorer 7 and Extended Validation SSL;
Feb. 7 at 3:30 – 4:00pm (Markellos Diorinos from Microsoft will also
be presenting at this session)
Back
to Top
Get the Green Light for Your
Online Business
This year, consumers and businesses are going
to start looking for a green address bar on every Web site they visit.
When sites have Extended Validation (EV) SSL certificates, the Microsoft®
Internet Explorer 7 address bar turns green and displays the name of
the certificate owner and the verifying Certificate Authority─so
it’s more important than ever to go with the name customers prefer most.
VeriSign is the SSL Certificate provider of choice for more than 93%
of the Fortune 500 and the world’s 40 largest banks.
The security status bar shows that the transaction
is encrypted and the organization has been authenticated according to
the most rigorous industry standards. All VeriSign EV SSL Certificates
come with EV Upgrader™ (a $300 value), the first-ever technology that
automatically enables all visiting Microsoft Windows XP clients to see
the green bar on your site. Without EV Upgrader, only Microsoft Windows
Vista clients are sure to see the green address bar. (Find out more
about SSL
Security and Extended Validation.)
Millions of Internet users worldwide still
use browsers and operating systems that will not connect at the strongest
encryption level available to them unless there is an SGC-enabled certificate
on the server. VeriSign SGC-enabled
SSL Certificates enable 128- or 256-bit encryption for more than 99.9%
of Internet users.
Combine the highest authentication available
(EV) with the highest encryption available (SGC) and get VeriSign Secure
Site Pro with EV. When you protect your site with Secure Site Pro with
EV and display the VeriSign
Secured™ Seal, your customers know that their transactions
are secure and you are who you say you are.
Back
to Top
HSBC to Implement VeriSign
Fraud Detection Service to Enhance Customer Protection
HSBC USA Inc., the U.S. banking unit of one
of the world’s largest financial services companies, and VeriSign announced
an agreement for HSBC USA to deploy the VeriSign Identity Protection
(VIP) Fraud Detection Service (FDS) to enhance the protection it provides
to customers to prevent identity theft and fraud.
“The VeriSign Fraud Detection Service provides
additional online authentication and fraud monitoring, which will enhance
the measures the bank already employs to safeguard customer information
and assets when banking over the Internet,” said Martin Hayes, senior
vice president and head of e-business, HSBC USA. “Protecting customers’
accounts and identities is of paramount importance.”
VeriSign VIP FDS includes a state-of-the-art
risk engine that offers layered, risk-based authentication and fraud
prevention capabilities. VeriSign VIP FDS runs behind the scenes, utilizing
advanced anomaly detection technology which flags potentially fraudulent
activity while continuing to ensure a favorable user experience and
timely delivery of services.
Back
to Top
Monthly Threat Summary
Though Microsoft’s latest security bulletin
included only three critical vulnerabilities, all of them are in widely
used products, and hackers will doubtless launch concerted attempts
to exploit them. All VeriSign customers are urged to read Microsoft’s
bulletins and download patches as appropriate.
The last few months of 2006 saw a widespread
“professionalization” of cyber crime, and this trend is likely to continue.
Hackers are creating ever-more-sophisticated phishing tools and virus
authors are increasingly employing complex techniques to evade anti-virus
software. Unfortunately, it is all too likely that the attacks and techniques
launched in 2007 will make much of the cyber crime activity from the
past year seem amateurish by comparison.
For example, over the past few weeks, several
news articles have reported on a new, extremely sophisticated phishing
kit that apparently is gaining widespread popularity in the underground.
Rather than generating a new phishing Web site, the “Universal Man-in-the-Middle
Phishing Kit” reportedly enables an attacker to establish a conduit
between the victim and a legitimate Web site, and use it to steal information
transmitted by the victim to the legitimate site. This is a very sophisticated
attack technique, but the kit (with a simple, user-friendly interface)
makes it available to even relatively unskilled cyber criminals. Perhaps
the most worrisome feature of this phishing kit is that it can reportedly
be used against any phishing Web site and intercept any sort of sensitive
information.
Hackers have also come up with a new
technique to make their computer viruses and other malicious
code more difficult for anti-virus software to block. The technique,
known as “dynamic code obfuscation,” involves automatically altering
(“obfuscating”) a malicious code to make it undetectable by anti-virus
filters, which look for specific strings of code when deciding what
files to block. Two victims of the same code, in other words, would
get two different versions of the code, each of them unrecognizable
by anti-virus software.
Back
to Top
News from VeriSign
VeriSign Powers NBX Video for Sports Fans
NBX, an online sports entertainment company, will
use the new VeriSign® Intelligent Content Delivery Network (CDN) to
help it deliver high-quality, secure podcasts and videocasts to sports
fans via the Internet.
Read
the press release.
VeriSign and Adobe to Transform Distribution of Rich Media Online
VeriSign and Adobe Systems Incorporated will collaborate
on integrating Adobe® Flash technologies with VeriSign’s peer assisted
content distribution. The combined services will allow companies to
deliver customized interactive Flash Video experiences, including movies,
TV shows, broadcast media, and user interface technologies.
Read
the press release.
Open Media Network Selects VeriSign to Bring Full Screen, DVD-Quality
Television Programs
from the Internet—Right to TV Screens
Open Media Network (OMN) has selected VeriSign CDN
to enable consumers to watch shows downloaded from omn.org on their
television sets. Consumers can watch programs in DVD or HDTV quality
on intelligent TVs using set top boxes.
Read
the press release.
Back
to Top
Security Events
February
5 - 9 RSA Conference, San Francisco, CA
The annual RSA Conference is the leading electronic/data
security conference worldwide, and VeriSign is a Platinum sponsor. This
year, come hear Stratton Sclavos, Chairman and CEO of VeriSign, give
a keynote presentation entitled “Security
Made Simple,” and check out the session by Tim Callan, VeriSign
Director of Product Marketing, on “Maximizing
Trust on the Web: New Extended Validation SSL Certificates and Internet
Explorer 7.”
February
12 – 15 3GSM World Conference, Barcelona, Spain
The world's largest exhibition for the mobile
industry is also a cutting-edge congress featuring the most prominent
chief executives representing mobile operators, vendors, and content
owners from across the world. Stratton Sclavos, Chairman and CEO of
VeriSign, will be participating in two sessions: “Clash of cultures:
who wins when entertainment and communications converge?” and “CEO strategies
for growth: Can the mobile Web experience be anything but second best?”
March
19 – 22 TelecomNext, Las Vegas, NV
TelecomNEXT, the communications and entertainment
industry’s collection of cutting-edge products and technologies, provides
an exciting preview of the next revolutions in communications and entertainment
Back
to Top
|
Worldwide Sites
