By kind permisson of our orginal Sponsor, VeriSign, whose sponsorship ended on 28 February 2007, we are starting, from the May 2006 edition, to gather VeriSign Security Reviews for Compliance and Privacy readers.
VeriSign Security Review - February 2007
While at RSA, stop by the VeriSign booth #1409 for more on our layered, systematic approach to mitigating threats to user confidence, network security, and growth of the digital economy. The exhibit features our new VeriSign Secure Site Pro with EV SSL Certificates and the VeriSign Identity Protection (VIP) suite of services. Experts in managed security, PKI, security consulting, and enterprise mobility will also be on hand to demonstrate VeriSign services.
In This Issue:
Hot Topics
Sclavos Makes Security Simple in RSA Keynote . Sclavos' Keynote address focuses on challenges and strategies in the “Any Era.”
HSBC to Implement VeriSign® Fraud Detection Service . VeriSign will help HSBC USA protect customers from identity theft and fraud.
Get the Green Light for Your Online Business . Now you can assure users that your site is secure.
Monthly Threat Summary
Though Microsoft's latest security bulletin included only three critical vulnerabilities, all of them are in widely used products, and hackers will doubtless launch concerted attempts to exploit them. All VeriSign customers are urged to read Microsoft's bulletins and download patches as appropriate.
News from VeriSign
VeriSign Powers NBX Video for Sports Fans
Adobe and VeriSign to Transform Distribution of Rich Media Online
Open Media Network Selects VeriSign to Bring Full Screen, DVD-Quality Television Programs from the Internet—Right to TV Screens
Security Events
February 5 - 9 RSA Conference, San Francisco, CA
February 12 – 15 3GSM World Conference, Barcelona, Spain
In this edition, learn about the 5 public blogs that VeriSign employees are using to facilitate communication and technology intelligence among customers, partners, and developers.VeriSign is responding to customer and industry needs every day and in November, VeriSign hosted several of their most influential customers at a Technical Advisory Council to discuss the state of security and the direction of future product offerings. On the international front, VeriSign participated in a keynote presentation at RSA Conference Europe on the topic of Internet Security and the importance of global industries sharing intelligence to better secure online transactions. Enjoy this last edition of 2006 and have a happy and safe holiday season.
In This Issue:
Hot Topics
F500 blogs more than double this year. The Fortune 500 has discovered the benefits of blogging—and VeriSign is no exception.
Third Annual TAC Helps Us Track Your Needs. We're always listening to our customers and prospects—especially during our technical advisory council (TAC).
VeriSign ' s Keynote on Identity Security at RSA Conference Europe 2006. A thought-provoking presentation, titled 'Identity Security: Time to Share' focused on the issues related to identity theft, online fraud, and phishing.
Monthly Threat Summary
Microsoft's security update for November addresses a number of critical vulnerabilities, most notably in Internet Explorer 6.0, XML, and the Workstation service. Security experts believe the flaw in Workstation to be significant, as it would allow an attacker to remotely download malicious code on a targeted computer. VeriSign urges all customers to download all applicable patches as soon as possible.
News from VeriSign
VeriSign to Acquire inCode Wireless
WestCom and VeriSign Announce Strategic Alliance
U.S. Department of Education Turns to VeriSign for Meeting HSPD-12 Deadline
Security Events
January 8-11, 2007, International CES, Las Vegas, NV
In October, Symantec Corp. and VeriSign, Inc. announced plans to deliver security solutions to combat the growing threat of consumer identity theft and fraud on the Internet. Symantec plans to offer support for the VeriSign Identity Protection (VIP) Authentication Service, which allows consumers to utilize one-time passwords to protect their online identity. The VIP Authentication Service is enhanced by the VIP Shared Authentication Network which enables consumers to use one credential across multiple member websites. In addition, the two companies intend to jointly market combined identity and security solutions to financial institutions, online retailers, and end users. Read more on this item here.
In this issue:
Hot Topics
VeriSign Introduces the First Fully-managed Service to Collect, Analyze, Store, and Alert on Logs. Leverage log data for broader compliance and more comprehensive security—at a lower cost than traditional solutions.
Take Charge of Compliance with VeriSign Solutions and Services . How many information security regulations apply to your business? What would it take to comply with them all?
Intelligent Infrastructure Enables and Protects Your Business. In today's challenging heterogeneous environments, VeriSign enables and protects digital interactions—billions of them a day.
Monthly Threat Summary
Microsoft Corp. released 10 bulletins on Tuesday, Oct. 10, covering 26 vulnerabilities, at least one of which impacts the Windows operating system and is rated as "Critical.”
Security Events
November 1 - 2 Secure World Expo, San Francisco, CA
November 7 - 9 ISPCon, Santa Clara, CA
November 12 – 14 ISF World Congress, Washington DC
November 13 – 14 BITS, Orlando, FL
November 29 – December 1 Gartner Identity, Las Vegas, NV
An eventful Microsoft patch week passed with no significant new exploits. Security managers, however, should remain vigilant as unpatched issues remain. Last month also saw the painful departure of spam warrior Blue Security who faced defeat of the money-hungry spam and phishing industry. VeriSign continues to monitor spam, phishing, and other malicious activities to help customers stave off costly attacks.
As phishing continues to mature, one of the last sanctities supposedly free of such malice has been under attack. The SSL/TLS encrypted Web page used for securely transmitting private information has seen increased abuse by phishers. They took advantage of loopholes in some SSL Certificate practices and obtained certificates that make them look legitimate.IE 7 will change that, and enterprise security managers should take notice: the advent of High Assurance Certificates will prove its long-term effectiveness against phishing.
