VeriSign Security Review - February 2007
While at RSA, stop by the VeriSign booth #1409 for more on our layered, systematic approach to mitigating threats to user confidence, network security, and growth of the digital economy. The exhibit features our new VeriSign Secure Site Pro with EV SSL Certificates and the VeriSign Identity Protection (VIP) suite of services. Experts in managed security, PKI, security consulting, and enterprise mobility will also be on hand to demonstrate VeriSign services.
In This Issue:
Hot Topics
Monthly Threat Summary
- Though Microsoft's latest security bulletin included only three critical vulnerabilities, all of them are in widely used products, and hackers will doubtless launch concerted attempts to exploit them. All VeriSign customers are urged to read Microsoft's bulletins and download patches as appropriate.
News from VeriSign
- VeriSign Powers NBX Video for Sports Fans
- Adobe and VeriSign to Transform Distribution of Rich Media Online
- Open Media Network Selects VeriSign to Bring Full Screen, DVD-Quality Television Programs from the Internet—Right to TV Screens
Security Events
- February 5 - 9 RSA Conference, San Francisco, CA
- February 12 – 15 3GSM World Conference, Barcelona, Spain
- March 19 – 22 TelecomNext, Las Vegas, NV
Hot Topics
Sclavos Makes Security Simple in RSA Keynote
Stratton Sclavos, Chairman and CEO of VeriSign, will give a keynote presentation entitled “Security Made Simple” at the RSA 2007 Conference, which takes place in San Francisco on February 5-9, 2007.
Sclavos' theme is that this is the “Any Era,” when millions of users interact via laptops, PDAs and cell phones anywhere, anytime, across any network. They expect to choose how, when, and where they communicate and conduct commerce. But along with digital freedom comes new security threats. As enterprises rebuild architectures to provide legitimate users with easier, more integrated access to data of all kinds, criminals find new opportunities to attack networks, steal identities, and damage corporate reputations. Now more than ever, organizations need an interdependent approach to identity management as well as expert assistance in enabling and protecting networked interactions.
In his keynote, Sclavos will describe “day in the life” overviews of typical consumers and their everyday needs for digital infrastructure to enable and protect their communications, commerce, content, and information while at the same time making these services simple and secure. He will also describe how VeriSign and others are currently taking Internet security to the next level through Extended Validation (EV) SSL, the biggest advancements to online security in the past 10 years which will benefit consumers and businesses alike.
Although there is no single “magic bullet” to resolve or prevent all digital security problems, a layered, systematic approach is the best protection for an organization. Sclavos will speak briefly about how the VeriSign approach helps protect users, enterprises, and/or networks with a number of key product and service offerings. These include VeriSign Managed Security Services (MSS), which have helped hundreds of the largest organizations in the world reduce security risks to reputation, operations, and compliance through better threat detection, superior analysis, and prioritized response.
Register for the conference .
Attend the following VeriSign presentations while at RSA 2007:
Stratton Sclavos - Security Made Simple ; Feb. 8 at 2:00pm in Hall D
Tim Callan - Maximizing Trust on the Web: New Extended Validation SSL Certificates and Internet Explorer 7 .; Feb. 6 at 1:30pm- 2:40pm
Phillip Hallam-Baker - Extended Validation: A Renaissance for Digital Certificates? ; Feb. 7 at 10:40am – 11:50am (Rob Franco, Lead Program Manager, Microsoft will also be presenting at this session)
Phillip Hallam-Baker - Unlinkable Identifiers: Privacy Protection in the Identity 2.0 World ; Feb. 9 at 11:10am – 12:00pm
Troy Kitch - Building Trust with Internet Explorer 7 and Extended Validation SSL ; Feb. 7 at 3:30 – 4:00pm (Markellos Diorinos from Microsoft will also be presenting at this session)
Back to Top
Get the Green Light for Your Online Business
This year, consumers and businesses are going to start looking for a green address bar on every Web site they visit. When sites have Extended Validation (EV) SSL certificates, the Microsoft® Internet Explorer 7 address bar turns green and displays the name of the certificate owner and the verifying Certificate Authority-so it's more important than ever to go with the name customers prefer most. VeriSign is the SSL Certificate provider of choice for more than 93% of the Fortune 500 and the world's 40 largest banks.
The security status bar shows that the transaction is encrypted and the organization has been authenticated according to the most rigorous industry standards. All VeriSign EV SSL Certificates come with EV Upgrader™ (a $300 value), the first-ever technology that automatically enables all visiting Microsoft Windows XP clients to see the green bar on your site. Without EV Upgrader, only Microsoft Windows Vista clients are sure to see the green address bar. (Find out more about SSL Security and Extended Validation. )
Millions of Internet users worldwide still use browsers and operating systems that will not connect at the strongest encryption level available to them unless there is an SGC-enabled certificate on the server. VeriSign SGC-enabled SSL Certificates enable 128- or 256-bit encryption for more than 99.9% of Internet users.
Combine the highest authentication available (EV) with the highest encryption available (SGC) and get VeriSign Secure Site Pro with EV. When you protect your site with Secure Site Pro with EV and display the VeriSign Secured™ Seal , your customers know that their transactions are secure and you are who you say you are.
Back to Top
HSBC to Implement VeriSign Fraud Detection Service to Enhance Customer Protection
HSBC USA Inc., the U.S. banking unit of one of the world's largest financial services companies, and VeriSign announced an agreement for HSBC USA to deploy the VeriSign Identity Protection (VIP) Fraud Detection Service (FDS) to enhance the protection it provides to customers to prevent identity theft and fraud.
“The VeriSign Fraud Detection Service provides additional online authentication and fraud monitoring, which will enhance the measures the bank already employs to safeguard customer information and assets when banking over the Internet,” said Martin Hayes, senior vice president and head of e-business, HSBC USA. “Protecting customers' accounts and identities is of paramount importance.”
VeriSign VIP FDS includes a state-of-the-art risk engine that offers layered, risk-based authentication and fraud prevention capabilities. VeriSign VIP FDS runs behind the scenes, utilizing advanced anomaly detection technology which flags potentially fraudulent activity while continuing to ensure a favorable user experience and timely delivery of services.
Back to Top
Monthly Threat Summary
Though Microsoft's latest security bulletin included only three critical vulnerabilities, all of them are in widely used products, and hackers will doubtless launch concerted attempts to exploit them. All VeriSign customers are urged to read Microsoft's bulletins and download patches as appropriate.
The last few months of 2006 saw a widespread “professionalization” of cyber crime, and this trend is likely to continue. Hackers are creating ever-more-sophisticated phishing tools and virus authors are increasingly employing complex techniques to evade anti-virus software. Unfortunately, it is all too likely that the attacks and techniques launched in 2007 will make much of the cyber crime activity from the past year seem amateurish by comparison.
For example, over the past few weeks, several news articles have reported on a new, extremely sophisticated phishing kit that apparently is gaining widespread popularity in the underground. Rather than generating a new phishing Web site, the “Universal Man-in-the-Middle Phishing Kit” reportedly enables an attacker to establish a conduit between the victim and a legitimate Web site, and use it to steal information transmitted by the victim to the legitimate site. This is a very sophisticated attack technique, but the kit (with a simple, user-friendly interface) makes it available to even relatively unskilled cyber criminals. Perhaps the most worrisome feature of this phishing kit is that it can reportedly be used against any phishing Web site and intercept any sort of sensitive information.
Hackers have also come up with a new technique to make their computer viruses and other malicious code more difficult for anti-virus software to block. The technique, known as “dynamic code obfuscation,” involves automatically altering (“obfuscating”) a malicious code to make it undetectable by anti-virus filters, which look for specific strings of code when deciding what files to block. Two victims of the same code, in other words, would get two different versions of the code, each of them unrecognizable by anti-virus software.
Back to Top
News from VeriSign
VeriSign Powers NBX Video for Sports Fans
NBX, an online sports entertainment company, will use the new VeriSign® Intelligent Content Delivery Network (CDN) to help it deliver high-quality, secure podcasts and videocasts to sports fans via the Internet.
Read the press release .
VeriSign and Adobe to Transform Distribution of Rich Media Online
VeriSign and Adobe Systems Incorporated will collaborate on integrating Adobe® Flash technologies with VeriSign's peer assisted content distribution. The combined services will allow companies to deliver customized interactive Flash Video experiences, including movies, TV shows, broadcast media, and user interface technologies.
Read the press release.
Open Media Network Selects VeriSign to Bring Full Screen, DVD-Quality Television Programs from the Internet—Right to TV Screens
Open Media Network (OMN) has selected VeriSign CDN to enable consumers to watch shows downloaded from omn.org on their television sets. Consumers can watch programs in DVD or HDTV quality on intelligent TVs using set top boxes.
Read the press release .
Back to Top
Security Events
February 5 - 9 RSA Conference, San Francisco, CA
The annual RSA Conference is the leading electronic/data security conference worldwide, and VeriSign is a Platinum sponsor. This year, come hear Stratton Sclavos, Chairman and CEO of VeriSign, give a keynote presentation entitled “ Security Made Simple ,” and check out the session by Tim Callan, VeriSign Director of Product Marketing, on “ Maximizing Trust on the Web: New Extended Validation SSL Certificates and Internet Explorer 7 .”
February 12 – 15 3GSM World Conference, Barcelona, Spain
The world's largest exhibition for the mobile industry is also a cutting-edge congress featuring the most prominent chief executives representing mobile operators, vendors, and content owners from across the world. Stratton Sclavos, Chairman and CEO of VeriSign, will be participating in two sessions: “Clash of cultures: who wins when entertainment and communications converge?” and “CEO strategies for growth: Can the mobile Web experience be anything but second best?”
March 19 – 22 TelecomNext, Las Vegas, NV
TelecomNEXT, the communications and entertainment industry's collection of cutting-edge products and technologies, provides an exciting preview of the next revolutions in communications and entertainment
Back to Top
