April 2012 - Entrust, Inc. 1-8 of 8

If You Don’t Like Your CA’s Practices, Find One More Sympatico

April 24, 2012 by Jon Callas
The following Mozilla bug came my way via the Cryptography mailing list. The gist of it is that a Norton (né VeriSign) customer asked for a certificate with two-year certificate, and got one with six-year validity. I don’t precisely understand why the customer is complaining to Mozilla, but they didn’t get satisfaction with Norton, who [Read More...]

Security Focus: It’s What’s Behind the Seal That Matters

April 24, 2012 by Dave Rockvam
In my last post, I briefly discussed a survey Entrust commissioned to understand the effect trust seals have on online transaction behavior. Coincidentally, I discovered an article in IEEE Security & Privacy magazine about a similar survey the magazine conducted. Security-related items were one of eight different factors the survey identified that affected the participants’ [Read More...]

Disappointment Over Speeding up SSL

April 23, 2012 by Jon Callas
A year and a half ago, Google started an experiment to speed up SSL by 30% by using an improvement called False Start. Our own Bruce Morton wrote about it not once but twice, and most of the world has been hopeful about the experiment. What’s not to like about a 30% speed improvement? Sadly, [Read More...]

APWG Counter eCrime Operations Summit

April 23, 2012 by Jon Callas
The APWG started as the Anti-Phishing Working Group in 2003. In the past nine years, it has grown and expanded to be an association of technical organizations, financial organizations, treaty organizations, and others to fight eCrime and identity theft. It provides coordination and assistance for just about anyone who needs it. I have worked with [Read More...]

Digital Certificate Revocation – What the Future Holds

April 19, 2012 by Tim Moses
When you tell people that revocation doesn’t work, they tend to look at you incredulously: “You’ve got all these solutions: full CRLs, CRL distribution points, delta-CRLs, indirect CRLs, OCSP, stapled OCSP. Surely one of those will work.” That’s the problem, right there. There are so many protocol and configuration choices that no two products or [Read More...]

Security Hardening iPhones and iPads

April 12, 2012 by Jon Callas
Blogmaster Note: This was originally posted on April 12,  2012 to ComputerWorld UK’s Security Spotlight Blog. BYOD, or “Bring Your Own Device” is one of the IT trends that I’m sure you know about, if not by that name. Driven by the users themselves, who go out and get cool new kit — iOS, Android, their [Read More...]

Survey: Site Seals vs Reliable Security – Which is Most Important?

April 10, 2012 by Dave Rockvam
There is a lot of hype right now about a major player in the SSL security space “rebranding” itself as the go-to SSL provider. But hype and big brand names alone shouldn’t influence security buying decisions. While this sounds logical, too many companies and organizations pay a premium for an over-marketed SSL trust seal. Entrust [Read More...]

Sophos Breach Tied to Partner Portal

April 6, 2012 by Jon Callas
Security Week reports in, “Sophos Kills Partner Portal After Suffering Breach” that the security firm Sophos has disabled its partner portal after discovering a breach. They aren’t saying much yet — kudos to them for their disclosure and response — but they think that the breach came from an older part of their portal, and [Read More...]