to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
 
 
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID


You Tell Us:
S
S
L

T
E
C
H
N
O
L
O
G
Y
We use SSL Technology for web data entry points:

Always
Sometimes
Never
What is SSL?

News
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies
Trust is not about SSL, It's about Domains - ComplianceAndPrivacy Survey
Centralised UTM - a Wick Hill White Paper
Mobile & Remote Working - Is it secure? Wick Hill

news archives
:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

Newsletters
23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Reports
Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from Stopbadware.org
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for the 21st Century
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
    legislation
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

Tim Callan's SSL Blog

compliance and privacy

Current News Updates

Tim Callan

Tim Callan's SSL Blog


As Tim says on his blog: "Tim Callan is a product manager for VeriSign's SSL business unit. He is a longtime marketer of Internet and software solutions, a sometime entrepreneur, and a frequent writer and publisher of this and that. The opinions expressed in this blog are strictly his own."

Compliance and Privacy carries the top two or three paragraphs of the latest of Tim Callan's blogs, updated automatically, as they happen. Click a headline and you can jump directly to the article in his blog.



[CaRP] php_network_getaddresses: getaddrinfo failed: Name or service not known (0)
  • Upcoming VeriSign speaking at eTail East and HostingCon

    If you're in the greater Washington D.C. area, make sure you drop by to see these two speaking opportunities from VeriSign representatives.


    I will be speaking on using security indicators to increase online sales at eTail East in Baltimore on August 4. If you're going to eTail, make sure you come up after the speech and say hello.


    Fellow VeriSign blogger Bob Angus will be presenting how to sell premium services to cost-sensitive customers at HostinCon in Washington D.C. on August 11. I'll be at HostingCon as well, so once again, if you're an SSL Blog reader, stop by the VeriSign table.


  • EV SSL and iFrame attacks

    We're seeing active discussion online about the possibility of hijacking a single frame in a production site to steal logins or PII. The scenario is that a criminal gang would redirect this frame (through DNS poisoning, let's say) and populate it with its own content from servers under its control. Presumably this content would involve form fields asking for information the criminals want to receive and which you would be willing to share in this context (such as your bank account login or social security number).


    Now, the recent dialog is around the scenario where this proposed attack happens on a site with an Extended Validation SSL Certificate. The certificate identifies the controller of the top-level frame and does not report on the sources of any internal frames in that page. That is in keeping with near-ubiquitous practices in consumer Web applications. Sites that offer complex and varied services in large production environments (such as a popular bank, portal, or e-commerce site) have no other practical choice if they want to offer the applications, performance, and uptime their customers demand. Often the sources of content for these frames originate outside the company operating the actual site. Many of these businesses mash up content from partners and specialized service providers in order to meet their product online needs. By way of example, any site using an ad network or content acceleration service is accepting content from another party.


    So what should we do with EV SSL? The answer is we should do exactly what we are doing. It's still an incredibly valuable piece of information to know whether or not the operator of this site is who you think it is. This information is indispensible for consumers to protect themselves against the classic phishing attack. This attack is still the most widespread and damaging social engineering attack in history, and it still represents the greatest risk to consumers engaged in transactions online.


    At the same time, we need to address the vulnerabilities that make these iFrame attacks possible. We need to lock down DNS security and beat malware and provide tools for laptop users to distinguish between rogue and benign wireless networks. These are the ways the security of the ecosystem is compromised. These are the weak points that this attack exploits. Think of SSL as a secure lock on the front door of your house. If the front door is secure but it turns out the back door is wide open, you might still find a stranger in your living room. So let's go put a lock on the back door, too.


  • The Cart Whisperer wins a Telly award

    You may remember the Cart Whisperer, VeriSign's viral marketing campaign promoting Extended Validation SSL. You may remember that this campaign gained widespread recognition such as Marketing Sherpa's Top 10 Viral Campaigns, a Cannes screening, and the IAC Award for Outstanding Achievement in Internet Advertising.


    Well, the list keeps growing. The latest addition to Liberty Fillmore's credits is the Silver Telly Award for best Internet/online business-to-business campaign. The Telly Award is the most prestigious advertising award focused on the film and video media, and a Silver award is the highest honor. The Cart Whisperer emerged from over 13,000 entries to win this award.


  • EV certificate compatibility and Firefox 3.5

    Hi folks. Sorry for the lack of posts lately. I've been slammed.


    Writing today because Firefox 3.5 has broken the download record for a new browser version with over 8 million downloads in a single day. One subject that has been the source online discussion is the fact that the EV certificates for a series of SSL brands (four that I know of) have stopped showing up green in Firefox 3.5.


    You can be assured that this problem does not happen with the EV SSL Certificates from VeriSign, thawte, or GeoTrust.


  • I'm back !

    Greece was phenomenal. I want to move there.


  • Tim on vacation

    Hey everybody,

    We're disappearing to an obscure corner of the world for a couple of weeks, and I don't think I'll be blogging. I'll let you know when I'm back in contact.


  • Protecting against brand damage from online crime

    Here's a cool Advertising Age article about how businesses view online crime and brand damage and what they do about it.


  • Sigh

    Well, I didn't win the Best Corporate Security Blog at the Security Blogger Meetup. The winner in my category was Sunbelt Security's corporate blog. I want to personally thank all of you who voted for me. It is a great compliment that you, the readers, view this blog as worthy of such an award. And you're the people whose opinion matters the most.


  • The Cart Whisperer wins IAC Internet marketing award

    Remember the Cart Whisperer, VeriSign's award-winning viral marketing campaign launched last year to educate businesses about the dangers of abandoned shopping carts and what they could do about them? The Cart Whisperer previously has been honored as one of Marketing Sherpa's top ten campaigns of 2008 and screened at the Cannes film festival. Now it has been honored by The Web Marketing Association with an Internet Advertising Competition Award for Outstanding Achievement in Internet Advertising.


  • Over 100 Japanese banks using EV SSL

    Here's today's press release about the near-ubiquity of Extended Validation SSL among Japanese banking institutions.


  • Gartner reports 40% increase in phishing, over 5 million affected in US in 2008

    A new report from Gartner states that the number of phishing incidents rose 39.8% with an average loss per incident of $351. This article summarizes Gartner's recommended response for online businesses,

    Gartner recommends that enterprises continue to deploy and improve security solutions that protect accounts and customers against attacks. Enterprises that are custodians of customer accounts should also consider site authentication or assurance to confirm to a customer that he or she is on a legitimate Web site and not a spoof site.

    Gartner analyst Avivah Latan goes on to suggest a layered security approach as the best response to phishing.


  • Speaking next week at Net.Finance

    If you're going to Net.Finance in Las Vegas next week, I'm speaking in the main session on Tuesday morning with Jason Dufner of Flagstar Bank. The title of my presentation is Reputation Management: Consumer Trust Is More Than Just Security. I'll be tweeting on how it went.


  • Introducing Tim Callan's SSL Vlog

    I've been doing Tim Callan's SSL Blog for just over three years and have put up over 300 posts. For a while I've been itching to branch out into some other media. Therefore I'm pleased to introduce you to Tim Callan's SSL Vlog. The purpose for the vlog is to better match the medium to the message. Blogs are great for linking and for in-depth discussion of matters the readers already understand. Vlogs allow verbal explanations, which for many people is an easier way to digest concepts that are new to them. Therefore at least at the beginning I intend to use this vlog to lay groundwork about how our e-commerce security infrastructure works and what the big trends are in the ecosystem. Just as I figured out the ins and outs of how I could best use my blog to contribute to the public dialog, I expect to go through a similar process with vlogging.


    I'm also tweeting, so follow me there. Again, I have a different vision for this medium. I often have immediate observations I want to make but don't have time to write up a full blog post or am not at a computer or both. I'm tweeting from my phone, so I can capture those immediate opportunities as they arrive. Again, I reserve the right to change my vision for this medium as time progresses.


  • Thanks for voting for me

    Readers of The SSL Blog, you have spoken. Today the Security Bloggers Meetup announced the finalists for its Social Security Awards for best security blog in a variety of categories. I am a finalist in the Best Corporate Blog category, and my fellow VeriSign blogger Branden Williams is a finalist in the Most Entertaining Security Blog category for his Security Convergence blog.


  • iPhone supports Extended Validation SSL

    I've been waiting for it to happen, and here we are. Apple officially wins the smartphone race for Extended Validation SSL support. That's because Mobile Safari now has Extended Validation SSL support. On the heels of Internet Explorer's adoption of EV support in January 2007, the desktop saw a wave of browsers adding in support. With over 60% of mobile browser usage, iPhone is the pacesetter in this market. I hope Apple has broken the ice for mobile devices to do the same thing.



Complete list of Bloggers featured by Compliance and Privacy:


Please note: Blogs contain items that are the responsibility of the author and are presented "as is" with no endorsement from, nor editing by, nor approval from complianceandprivacy.com. The copyright owner for the blog items is that of the originator of the item. Each blog item is reproduced from the relevant feed from the originating blog, either in full or in part as that feed itself determines. All blog item header links lead directly to those items on the original blog. Blogs are dynamic. We offer them in good faith, but, where the content is outside our control we cannot be responsible for their errors, omissions or other conduct. Some of the links on this page remain on this site, others go to other sites; that is the nature of a blog. When you leave this site you are encouraged to be aware of the privacy policy of the new site before leaving personal data there.


 


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.