Subscribe:

Thursday, 6 December 2012

Leverage Vulnerability Assessments within Symantec Website Security SSL Certificates

Our online world is rife with shadowy creatures; it’s riddled with crime organizations, activist groups, government entities, and lone hackers. Why they breach our data can boil down to a few things; greed, ideological dissent, and their desire to publicly embarrass their targets. In 2011, high-profile attacks on various Certificate Authorities threatened the systems that sustain trust in the internet itself.  These attacks highlighted the need for Symantec to continue to harden their defenses and develop even stronger security procedures and policies.

The Website Security Internet Threat Report, published in May 2012, reported that in 2011 the Symantec website security malware scanning service scanned over 8.2 Billion URLs for malware infection. Approximately 1 in 156 unique websites were found to contain malware. The struggle to preserve IT security for your client accounts is a 24/7 job, and your strategy needs to be comprehensive and focused. Where website malware scanning finds malware infection fast and helps you eliminate it, website vulnerability assessments are a proactive measure to prevent hacks in the first place. They enable you to proactively identify weaknesses in your website that bad actors are most likely to use to attack you. Vulnerability assessment services identify and guide resolutions to the most common and highest risk exposure points like SQL Injection and Cross Site Scripting (XSS). Symantec's vulnerability assessment identified critical vulnerabilities on 50% of websites scanned in a Symantec Assessment Preview Program conducted in August 2011.

In the 2012 Verizon Data Breach Investigation Report, 79% of victims were targets of opportunity. Of these, 96% of the attacks were simple, well known or published vulnerabilities. Meaning most of these businesses were attacked because they possessed easily exploitable weaknesses. Don’t leave your clients’ front door open.

Symantec Secure Site Pro with Extended Validation (EV), Secure Site with EV, and Secure Site Pro SSL Certificates carry the Norton™ Secured Seal, the most recognized trust mark on the Internet** and include vulnerability assessment at no cost for your clients. The targeted scan helps quickly identify and take action against the most common exploitable weaknesses that create the biggest risk to your customer’s business operations. Scans done automatically on a weekly basis can check for vulnerabilities on public-facing Web pages, Web-based applications, server software and network ports. Actionable reports identify both critical vulnerabilities that should be investigated immediately as well as informational items that pose a lower risk. You and your clients then have an option to rescan the websites to confirm that the vulnerabilities have been fixed. In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 47,662 recorded vulnerabilities (spanning more than two decades) from over 15,967 vendors representing over 40,006 products.

Neglecting to perform frequent vulnerability checks puts your customers’ websites, their clients, and their business at risk by leaving the door open to hackers. Studies show that the average cost per incident of a data breach in the United States is $7.2 million, with one of the largest breaches costing $35.3 million to resolve.*

The shadowy creatures that infiltrate security vulnerabilities are not going away; they will continue to refine their attacks against your customers. Your clients need tools that allow them to continue to do business safely online. They want answers and look to you, their trusted advisor, for the right solution. Symantec Secure Site Pro with Extended Validation (EV), Secure Site with EV, and Secure Site Pro SSL Certificates are the tools they need to stay protected. Symantec vulnerability assessment help reduces the cost and complexity of vulnerability management, and it’s a solid starting point for your clients’ organizations that want to quickly assess their security standing. Symantec SSL certificates vulnerability assessments are also ideal for your clients' organizations that already use a compliance vulnerability scanning solution such as those for PCI, and need a complementary solution to cross-check the results of their scan for an added layer of security. When used in combination with Symantec SSL Certificates and daily website malware scan, vulnerability assessments help you to secure your clients' websites and protect their consumers.

Source : Symantec.com

Thursday, 1 November 2012

SSL for Apps


SSL/TLS is technology that is critical for securing communications. The challenge facing the SSL ecosystem today is how it is being implemented and used. Several University researchers have recently published reports indicating errors and shortcomings in non-browser applications that act as the client of an SSL/TLS connection. These issues result from flawed implementations of SSL in the applications or in SDKs or APIs used by them. SSL Client non-browser applications should follow these best practices to ensure the high level of authentication, confidentiality and integrity promised by SSL remain intact.

A Developer must perform a number of checks, and the most important is to cryptographically validate that the end-entity certificate presented by the server is the expected certificate, or was signed by an expected certificate. In other words, the Developer must create a trusted and validated chain of certificates starting with the end-entity certificate and linking up to a trusted root or intermediate certificate. Certificates in the chain can be returned in random order, with instances of more or even fewer certificates necessary to build a chain. If a self-signed root certificate is returned by the server, it should be ignored. By building a certificate chain, the developer cryptographically verifies that the chain from end-entity certificate through intermediates to root certificate are valid and can be trusted.

Think carefully about which certificates you will trust. It is good to require the server to return a particular end-entity SSL certificate, however your application can break when the certificate is renewed or replaced. Alternatively, require that the end-entity SSL certificate chains up to a particular trusted root, and is signed by an intermediate certificate with a specific Common Name.

The SSL/TLS protocol, when properly implemented, provides strong confidentiality and integrity for communications, as well as authentication of one or both endpoint identities. But it must be used according to standards and best practices. SSL Certificate has been the key to trust on the Internet for more than a decade, and it will continue to provide excellent protection against evolving cyber security threats.

Monday, 22 October 2012

Some Android apps have serious SSL vulnerabilities, researchers say

A team of researchers from two German universities has released a study asserting that many of the most popular free apps available through the Google Play store may be vulnerable to man-in-the-middle attacks -- seriously threatening user privacy.

RELATED: The 10 most common mobile security problems and how you can fight them

The researchers, from the Universities of Hannover and Marburg, studied the 13,500 most popular free apps on the Play store for SSL and TLS vulnerabilities. They found that 1,074 of the applications "contain SSL specific code that either accepts all certificates or all hostnames for a certificate and thus are potentially vulnerable to MITM attacks," according to a summary posted online.

Additionally, the scientists performed a manual audit of 100 apps for a more definitive look at potential security issues, finding that 41 were open to man-in-the-middle attacks because of SSL vulnerabilities. They said that the vulnerable apps could be exploited, allowing an attacker to steal highly sensitive usernames and passwords for Facebook, WordPress, Twitter, Google, Yahoo and even online banking accounts, among others.

Similar vulnerabilities, the team added, could be used to manipulate antivirus software on the phone, changing definitions to include benign apps or ensure that malicious ones are ignored.

"The cumulative install base of the apps with confirmed vulnerabilities against MITM attacks lies between 39.5 million and 185 million users, according to Google's Play Market. Actually Google's Play Market does not give a precise number of installs, instead giving a range. The actual number is likely to be larger, since alternative app markets for Android also contribute to the install base," the researchers wrote.

According to the H-Online, the team plans to make the code analysis tool it developed for the research public "in the near future."

Source:networkworld.com

Monday, 1 October 2012

Adobe Revokes Certificates Following Server Compromise



Adobe is in the process of revoking certain digital certificates after discovering two malicious utilities signed by valid Adobe certs. 

Adobe's senior director of security Brad Arkin, wrote in a blog post that attackers had compromised an Adobe build server (and not the certificates themselves) that was able to make code signing requests to Adobe's actual code signing service.

The breach occurred on July 10, so any certs signed with the impacted key from then until October 4 will be revoked, Arkin wrote.  

Adobe Downplays Impact
"This only affects the Adobe software signed with the impacted certificate that runs on the Windows platform and three Adobe AIR applications [Adobe Muse, Adobe Story AIR, and Acrobat.com] that run on both Windows and Macintosh. The revocation does not impact any other Adobe software for Macintosh or other platforms," he said. 

So far, Adobe has found only two malicious utilities, pwdump7 v7.1 and myGeeksmail.dll, bearing the certificates. Adobe told Securityweek that "the evidence indicates that the certificate was not used to sign widespread malware." 

The Story's Not Over, Security Experts Say
But although the current scope is small, some security experts warn that the impact could be huge.

Kaspersky's Roel Schouwenberg questioned why Adobe had backdated the cert revocation to July 10, when the two malicious files were signed two weeks later.

"Is Adobe 100 percent confident no other malicious files were signed?" he asked. "We should view this as along the same lines as the RSA attack."

Furthermore, he said, no one knows who the attackers are really targetting. "So far nothing suggests that Adobe was the real target."

F-Secure's Sean Sullivan agreed that although "there's definitely no need to panic at this point" about getting infected by a stolen Adobe signature, we shouldn't move on too quickly.

"Being the build server, it makes one wonder if any developer computers have been compromised to allow code to be injected into Adobe's apps. Injecting a backdoor into Adobe's apps would be so much more valuable than spoofing its cert," he said.

In a statement, Paul Zimski of Lumension said that with the right certificates an attacker "could theoretically impersonate a legitimate software update, and spread malware payloads through these mechanisms."

"The installed software is going to think its downloading a valid update, but it’s actually a false update signed with a fraudulent, but real certificate. I’m not saying that’s what was done here, but this is the Holy Grail of what could happen."

The issue now, Zimski said, is where the attackers are going next.

Similarly Wes Miller, research VP at Directions on Microsoft, said the fact that attackers now have code signing certificate for code "from one of the most pervasive companies on the planet, and one that is constantly patching" means it will take quite a bit of time for Adobe to revoke the certificates on a global level. And in the meantime, "how large of a threat vector does this pose"

Adobe posted the malicious utilities on the Microsoft Active Protection Program (MAPP) so security vendors could detect and block them. At the moment, using an up-to-date anti-virus is your best bet, Schouwenberg said. 

Source : securitywatch.pcmag.com

Monday, 17 September 2012

PRESIDENT OBAMA URGED TO ISSUE CYBERSECURITY ORDER

U.S. president Barack Obama has been called upon to issue an executive order to improve the nation's computer and website security practices. Senate Intelligence Chairwoman Dianne Feinstein of California wrote an open letter to the president that expressed concerns over cybersecurity legislation efforts, predicting that effective legislation is not likely to pass within the next year.

"Therefore, I believe the time has come for you to use your full authority to protect the U.S. economy and the networks we depend on from future cyber attack," Feinstein wrote. "While an Executive Order cannot convey protection from liability that private sector companies may face, your administration can issue cybersecurity standards and provide technical assistance to companies willing to take voluntary steps to improve their security. You can also direct the Intelligence Community and the Department of Homeland Security to provide as much information as possible to the private sector about cyber threats, including classified information."

A recent article from The New American pointed out this isn't the only time the Obama administration has been called to action. Senator Jay Rockefeller of West Virginia wrote a similar letter to the president earlier this month. White House representatives said that the administration considered issuing an executive order after the Cybersecurity Act of 2012 failed to pass in the Senate.

Although the U.S. government has made several attempts to pass legislation enhancing communication between the private and public sector, those efforts have come under heavy criticism from security experts. According to a CIO blog post written earlier this month, experts said previous cybersecurity bills did not address core issues.

The article highlighted comments from Jason Lewis, chief scientist at Lookingglass Cyber Solutions, who said the problem with the bill was accountability. Voluntary guidelines such as those outlined by CISPA are not enough to protect critical infrastructure, according to Lewis. An effective cybersecurity solution would be painful for everyone, legislators and businesses included.

"If the law stated that companies involved in security incidents had to shut down their business until they could prove they had addressed the issues, the number of breaches would be low and the level of security across all sectors would improve dramatically," Lewis said.

Lewis added that organizations responsible for managing critical infrastructure would need help upgrading their technology infrastructures and implementing best-practice solutions. Making improvements to these systems without hindering operations can be costly, but the first step would be to hold organizations accountable for security.

Source: thawte.com

Tuesday, 4 September 2012

New Ways to Force Browsers to be Safe


HTTPS is old (it was devised in 1994 by Netscape for Navigator), but it has always been seen as optional for most sites. That is changing, as the number of real-world abuses of users on the web increases. Using HTTPS makes safe browsing much easier. 2 developments in web technology make it easier to use HTTPS more often. One is a client-side technology, the other a new server-client standard.

Many sites support HTTPS but don't default to it. In order to help users invoke HTTPS on the site, the EFF (Electronic Frontier Foundation) and the Tor Project created HTTPS Everywhere, a Firefox add-on which reviews all HTTP requests from the browser to sites on a whitelist and changes them to appropriate HTTPS requests. HTTPS Everywhere maintains rules for over 1000 sites on the whitelist.

There are some downsides to HTTPS Everywhere, starting with the fact that it only works with Firefox. Other browsers, such as Google Chrome, don't support the features (mainly request rewriting) that HTTPS Everywhere needs. This may change in the future. The other problem with the HTTPS Everywhere approach is that the maintainers of it need to keep up with the zillions of sites on the Internet as opposed to having a generic solution.

HSTS (HTTP Strict Transport Security) goes at the problem in a different way. It is a standard through which web sites can tell clients (mainly browsers) that they will only support HTTPS communications.
If a client makes an HTTP request and HSTS is enabled on the server, the server responds with a special header 'Strict-Transport-Security' and a 'max-age' parameter specifying the number of seconds during which the client may only reconnect over HTTPS. While the initial HTTP request is unprotected, the client should know to use only secure communications thereafter.

HSTS has been supported in Google Chrome and Firefox since version 4 of each browser. Many web sites, including PayPal and a number of Google subdomains (chrome.google.com, checkout.google.com, etc.), support it.

In the long run, standards like HSTS are a better solution than hacks like HTTPS Everywhere. Currently Internet Explorer has no support for either and I see no indication that Microsoft plans to support them (or that the EFF is interested in supporting Internet Explorer for that matter).

Source: pcmag.com

Lessons Learnt From FinFisher Mobile Spyware


FinFisher, a controversial spyware toolkit being used by oppressive regimes to track activists, can also take over smartphones, researchers unveiled on Wednesday.  

Earlier this year, Bahraini activists sent U.S.-based researchers samples of computer spyware that was being delivered through spoofed emails. When downloaded onto Windows systems, the spyware would record Skype calls, copy emails, take screenshots, capture keystrokes, and send the data to remote servers (command and control centers, or C&C). So far, with the help of Rapid7, C&Cs have been found in 15 countries across five continents, including the United States, Australia, Singapore, and Bahrain. For most cases it's unclear if the governments of these countries are manning the servers or if they're just intermediaries. 

The researchers, led by Citizen Lab, identified the spyware as part of the FinFisher toolkit sold by UK-based Gamma International. Gamma markets the products as software to help governments and law enforcement agencies capture criminals, but advocates say it is being used by oppressive governments to clamp down on activists without criminal records. 

"You're Carrying a Potential Wire Tap"
Shortly after Bloomberg broke the story about the PC version of Finfisher, samples of Gamma's mobile spyware, called FinSpy Mobile, were sent to researchers.

FinSpy Mobile has even more functionality: it monitors calls, texts, WhatsApp messages, and emails, captures keystrokes, steals contact lists, turns on the device microphone to record ambient sounds, and tracks owners by GPS. Citizen Lab posted a pretty thorough overview of how the Trojan works on iPhones, Androids, BlackBerries, Windows Mobiles, and Symbian devices. 

Like the PC variant, FinSpy Mobile requires some sort of human interaction to infect devices. Although Citizen Lab hasn't confirmed seeing actual delivery methods, most likely they are being distributed through Trojanized, legitimate-looking apps attached to text messages and emails. 

Bill Marczak, a computer science doctoral candidate at the University of California Berkeley who has been co-leading the research into Finfisher, is more worried about the mobile than the PC spyware. 

"What scares me more is the possibility of mobile phone Trojans," Marczak told Security Watch. "Sure I've got my computer in my room, but my mobile phone follows me everywhere I go. It always knows my location, it has my contacts, email addresses, texts, Whatsapp conversations. It has a mic," he said. "You carry your phone everywhere and don’t even realize you're carrying a potential wire tap."

The Takeaway For You and Me
For now, FinSpy Mobile isn't your every day consumer security concern, as it only appears to be used in highly-targeted attacks on activists living in oppressive regimes.

In a blog post on Thursday, ESET researcher Cameron Camp wrote that Finfisher hasn't been seen in large-scale industrial attacks, but rather, in limited, highly targeted attacks. "Obviously, if your company is doing business in the Middle East you are already on high alert for attacks of this type," he wrote. Bigger picture repercussions, like the potential spread of FinSpy Mobile to the masses, or who Gamma International should be allowed to sell its products to, are another discussion altogether. 

That said, the research does present some useful lessons for consumers. 

The first one is dead obvious for most security-conscious smartphone owners: don't install apps from untrusted sources.

Will installing an antivirus app help? Sort of. According to Marczak, "As we saw with respect to the desktop version of Finfisher, antivirus alone isn't enough, as it bypassed antivirus scans." By now most leading antivirus providers have updated their signatures to include FinSpy, but that wouldn't have helped you, say, last week. 

That's why Marczak advises taking a few additional precautions:
  1. Don't click on unknown links or download attachments if you aren't confident in the sender
  2. Don't give your device to untrusted people who might secretly install the malware on yor device
  3. For the same reason, password-protect your phone
  4. Keep your OSes and apps patched (yes, that's a problem for Android) 
  5. For Android owners, activate the built-in encryption, which requires a password to decrypt every time you turn on your device. 
Encrypted communication protocols are a good idea, but Marczak said they wouldn't protect you from this type of threat, since Finfisher infects devices before an encrypted call or text even leaves the device. "Skype likes to talk about how it encrypts communications, but Finspy intercepts calls before they even go out," he said.

Source:Pcmag.com


Wednesday, 22 August 2012

Norton Offers To Change Top Google Result For Your Name for Free

Norton appears to be branching out from standard security into reputation management. The company has introduced a new tool called Norton Top Search that lets you control the top search result for your name, for free.

To change your top search result, all you need to do is pick a URL that you would like to pop up first when people search your name. The form to do so, found here looks like this:


After inputting your desired URL, Norton then shows you how the search result will eventually look:


Then the site asks you to verify your identity via Facebook. After that, you receive the following message: “Congratulations! Your online reputation is now protected. You will receive an email in a couple of days when your Top Search Result has been approved and published.” Whether that will be the case remains to be seen. The program appears to use Google’s AdWords to change the search results at no cost to the user.

Norton isn’t the only firm offering online reputation management tools, though. Google introduced another free tool called “Me on the Web” last year that claims to do the same thing.

What do you think? Are you eager to control the search results for your name? Sound off in the comments.

Source:mashable.com

Protect And Secure Your Website By Using Symantec SSL Certificates

Symantec is a one of the best and leading SSL Certificates provider and you want to Protect Your Website and Grow Your Business, then Use Symantec SSL Certificates. Symantec Website Security Solutions include industry-leading SSL, certificate management, vulnerability assessment and malware scanning. If you are looking for the best online business solutions then “Norton Secured Seal” and “Symantec Seal-in-Search” assure your customers that they are safe from search, to browse to buy your product or transactions. Symantec website security solutions and SSL protection protect and secure your visitors to trust your website.


Detail of All Symantec SSL Certificates:
  • Secure Site Pro with EV give you 128-bit minimum to 256-bit encryption with green address bar.
  • Secure Site with EV can give you , up to 256-bit encryption with green address bar.
  • Secure Site Pro can give you 128-bit minimum to 256-bit encryption.
  • Secure Site can give you up to 256-bit encryption.
More detail and buy Symantec SSL Certificates from its Platinum Partner website
https://www.thesslstore.com/symantec.aspx

Source: itechsoul.com

Wednesday, 15 August 2012

Symantec Continues to Grow Market Share in SSL

Last week Netcraft released its monthly report on global SSL certificate issuance and market share. The report states that Symantec experienced another banner month of growth.  According to the August 2012 Netcraft report, Symantec saw the largest overall gain in net new SSL certificates. We continue to remain the overall SSL market leader with a market share of 38.4% (Netcraft, August 2012).  Our internal Symantec model actually reflects that Symantec has a much larger market share as many large Enterprises use our SSL certificates behind their firewalls where Netcraft is unable to explore.

Symantec also continues to dominate the Extended Validation (EV) SSL market segment, outpacing the competition in terms of growth while issuing 64.5% of all active EV SSL certificates today. EV SSL certificates offer the highest level of validation, and provide consumers the absolute highest level of trust in the websites they are sharing data with. It’s important to highlight that almost two-thirds of all websites worldwide that use EV SSL trust Symantec to validate their organizations and protect their data in transit over a HTTPS connection.

Thanks to all of our customers and partners who continue to prefer our Symantec, GeoTrust and Thawte branded certificates and our value proposition over the competition.

When you’re proud of your successes you should share it, and I am certainly proud of how Symantec continues to demonstrate leadership in the Certificate Authority industry through our market performance as well as through our actions. We signed the CA/B Forum Intellectual Property Rights Agreement (IPR), working collaboratively with other CA’s to drive innovation in SSL security; last month we were the first CA to publicly announce our commitment to the CA/B Forum Baseline Requirements; and we continue to provide significant value to our customers and to Internet users around the world.

Making sure that everyone’s safe on the web is certainly something to be proud of – being the world leader at it is just confirmation that we’re committed and driven to be the best at something that everyone benefits from.

source:symantec

Monday, 13 August 2012

Fire Fox Changes to Identify Website Uniqueness When Website Carry SSL Certificates



You know how Firefox adds that tiny favicon site-identifier within the address bar? Firefox is on the point of creating some changes to that to form websites safer for users.

Firefox has continually included the small lock favicon on the way left of the address bar to notice that an internet web site employing a secure association. This can be particularly necessary when it involves using websites that collect data like Credit cards numbers for purchases.

But within the past some websites set their favicon to be a padlock to trick users into thinking that they're employing a secure affiliation. That’s not cool and with the newest nightly update to Firefox, Mozilla is removing favicon from the address bar.

In their place are going to be three visual notifies that denote the safety of the net web site in question. The primary notifier takes on the form of a green padlock next to certificate owner’s organization name to symbolize a Web site that uses Extended Validation SSL Certificate.


The second is for Web sites that use SSL certificates without Extended Validation. It uses a gray padlock without the effective host name like below.


The acquainted globe icon can currently be used for internet sites that don’t use SSL certificates or have mixed content.


Source:itmashable.com

Monday, 6 August 2012

6 Important Tips to secure your credential data on Social Media Platform

  1. Look for the padlock, ‘https,’ or the color green in the address bar. The “s” in ‘https’ stands for secure.
  2. Look for the Norton Secured Seal the most recognized trust mark on the Internet  
  3. Be wary of shortened URLs even if they come from “friends.”
  4. Check and review all of your privacy and security settings. Make sure that the “Always use https” option is turned on.
  5. Avoid unsecure public WiFi networks. “Free” WiFi can come at a price.
  6. Change your passwords regularly and make sure they’re strong.

Hackers Increasingly Target Small Businesses, Symantec Warns

The percentage of targeted attacks aimed at small businesses doubled in the first half of 2012, an indication that hackers are dedicating more resources to what they see as the most vulnerable marks, a major security vendor said.

In the first six months of the year, more than a third of targeted attacks on businesses were pointed toward companies with fewer than 250 employees. That was twice the percentage of attacks aimed at similar sized companies at the end of 2011, Symantec said in its mid-year Intelligence Report.

A targeted attack is one that's tailored to a specific company. Cybercriminals customize malware to particular vulnerabilities and use information gathered publicly -- or stolen from other companies -- to create emails with malicious attachements that have a higher chance of being opened by employees. That type of social engineering has proved successful despite corporate efforts to bolster security training and warn workers away from opening potentially dangerous emails.

Companies in the defense industry are the top targets of such attacks, followed by chemical and pharmaceutical firms and manufacturing companies, respectively. Large companies with more than 2500 employees remain the most popular targets, however, accounting for 44 percent of all targeted attacks in the first half of the year, Symantec says.

Hackers are shifting resources toward small companies because they often partner with large businesses in fulfilling major contracts. Because smaller companies can be the weakest link in the chain, cybercriminals use them to gain information they can use to penetrate the defenses of their larger partners.

"They (small businesses) are not as prepared, because they don't think they have to be, and that's left them vulnerable," Kevin Haley, director of Symantec's Security Response unit, said Friday.
Smaller Budgets, But Not Defenseless

Smaller Budgets, But Not Defenseless

Small businesses also lack the money of larger companies to buy expensive technology that can bolster defenses. "SMBs (small and medium-sized businesses) tend not to have the resources to implement the same types of security programs large enterprises do," Eric Maiwald, an analyst for Gartner, said in an interview via email.

Small businesses can greatly improve their chances of fending off attacks by just following basic best practices, such as having a process in place to ensure all software is up-to-date and patched. In general, hackers go after known vulnerabilities, so having the latest version of an application goes a long way towards protecting company data.

"They don't have to be genius hackers, because the basic steps to protect themselves are not being taken by a lot of small businesses," Haley said.

In terms of the number of targeted attacks, Symantec blocked an average of 58 a day aimed at small businesses in the first half of the year. Overall, the number of daily attacks on all businesses increased about 24% to around 154.

Source:pcworld.com

Sunday, 5 August 2012

If you don’t Gain your Website Users Trust, You Won’t Get Their Money

Buyers are viewing their cash more carefully in this economic climate, and one factor they pay interest to is whether an online e-commerce store or shop website is trustworthy for making payment or for sharing them credential details.

The current economic climate has tightly bind consumers to not open their wallet strings easily, All online users always thinks twice for making online payment or before sharing their credential details online. To get online users to open their wallets, online business must be instill this sense of trust.

Extended Validation Certificates are one of the best solutions to gain web customers trust. EV SSL helps you to providing security mechanism with authentication, encryption and validation. Any Website which carry EV SSL then website will look like below in web browsers.


As, online phishing attacks are increasing day by day trust indicator, like “Green Address Bar” helps to gain online customers trust. An online survey proven that 97% of online shoppers are likely to share their credit card details with the websites which are carries “Green Address Bar” which shows that consumers are not won’t share their banking details with non trustable websites and they are knowing that green equal to safe for online shopping.

In uncertain times, online shoppers always want to be certain for where they can spend their money. And for giving same type of trust more and more ecommerce website owners are likely to decorate their website URLs with “Green EV Bar” by purchasing Extended Validation SSL for their websites.

Web authentication and real time certificate checking, these two factors makes EV SSL as a first choice for online ecommerce stores.

Extended Validation Certificates Features:

1.       Offering Green Address Bar for your website.
2.      EV SSL Certificate has carry 99.9% Browser compatibility and also extended validation certificate are compatible with mobile browsers like Microsoft Pocket Internet Explorer, Apple Iphone, Ipad Safari, Netfront 3.0+ and many more.
3.      Encryption Strength Up to 40-bit minimum, 256-bit maximum which mean your website data is fully secured.
4.      Extensive Business and Domain Validation.
5.      Symantec EV SSL Certificates carry Norton Secured Seal and website Vulnerability Assessment totally free which makes your website more trustable and secured.

Source:http://www.techmaish.com/if-you-dont-gain-your-website-users-trust-you-wont-get-their-money/

Tuesday, 24 July 2012

Symantec Wildcard SSL: Single SSL Certificate Securing Unlimited Sub Domains with High Encryption Strength

Selecting SSL Certificate for your online Multi Sub domains is always ask you to choose best SSL Certificate which reduce cost and time for managing same certificate. If you have multi sub domains and you want to secure all your multi sub domains with single SSL and at one place only then Symantec Wildcard SSL is one of the best option to securing unlimited sub domain which are sharing the same base domain name.

Symantec the Highest SSL Certificates Selling Company in the world offering Symantec Secure Site Wildcard SSL Certificate for securing unlimited sub domains on single SSL Platform. Symantec Wildcard SSL Certificate allows highest level of SSL encryption level for multi sub domains using sing SSL Certificate. For Example if you are choosing Symantec Wildcard SSL Certificate for Company ABC which is using multiple sub domains which end with **.ABC.com then you can secure following types of sub domains like:
  • Login.abc.com
  • Payment.abc.com
  • Support.abc.com
And many more same like above.

Symantec Secure Site Wildcard SSL is a premium Wildcard SSL Solution from Symantec which can reduce your cost, hassles and more importantly your time while still delivering the utmost security and trust the web can provide. Symantec Wildcard SSL makes you SSL management simple and easier.

You also get the dynamically date stamped Norton Secured Seal to display so your web site visitors will know instantly that your security is current. When a customer clicks on the True Site Smart Seal, the server automatically performs a domain look-up to verify they are visiting a legitimate site. The result is greater customer confidence with assurances, more e-commerce activity and a significant increase in online revenue.

Symantec Wildcard SSL Certificates Features and Benefits:
  • Secure UNLIMITED Sub Domains!
  • Full business validation
  • Enables 256-bit encryption
  • FREE lifetime, self-service reissues
  • Includes a True Site identity assurance Smart Seal - embedded organization name /date/time stamp
  • Compatible with 99.9%+ of all browsers
  • AICPA Web Trust compliant
  • Optional - Installation Support Available!
  • $125,000 Warranty

Thursday, 19 July 2012

10 features make “True BusinessID EV Multi Domain” as a first choice for securing Multi Domain with Single SSL Certificate


When you have multiple domain for your business or for services and when you are deciding to secure your all domain with “Green Address Bar” with EV SSL Certificate (Extended Validation Certificate). And at the same time if you are searching best EV SSL which is secured your multi domain with green address bar then “True BusinessID EV Multi Domain” is the best choice for securing your multi domain with single SSL certificate.

Now you think why “GeoTrust True BusinessID EV Multi Domain SSL” is the best for securing multi domains? Don’t worry here is the best 10 features which makes True BusinessID EV Multi Domain SSL as a first choice for most of websites owners.

1.Secure both NON-WWW and WWW Domain:  GeoTrust True BusinessID EV Multi Domain is helping you to secure both www and non www domain name with high encryption strength on single SSL. Which means you can reduce your cost by installing only one SSL Certificate for your multi domain rather than purchasing and maintaining separate SSL Certificates for all domain names.

2.Offering Green Address Bar: When you are purchasing “GeoTrust True BusinessID EV Multi Domain SSL” you can get “Green Address Bar for website. Green Address Bar helps you to increase customer confidence to maximize online sales potential.

3.256-bit SSL encryption Strength: it’s providing up to 256-bit SSL encryption strength which mean your website confidential data is fully secured with high encryption strength.

4.Unlimited server licenses at no extra cost: you can get unlimited server licenses and unlimited free reissues for certificate lifetime. You can install on any number of servers

5.Domain Validation:  True BusinessID EV Multi Domain SSL validates your domain names and your domain name will display in certificate.

6.99% Browser Compatibility: GeoTrust True BusinessID EV Multi Domain SSL has 99% of web browser compatibility means your certificate will not face browser compatibility issue even in smart phone or in mobile browsers. Also its Enables EV interface for IE7 on Windows XP clients with EV Upgrader.

7.Multiplicity: SAN / Multi-Domain / UCC options are available for True BusinessID EV Multi Domain SSL.

8,Free GeoTrust Site Seal: True BusinessID EV Multi Domain SSL includes “Free GeoTrust Site Seal” which help you to increase online trust. It’s includes a True Site Seal identity verification - embedded organization name/date/time stamp.

9.Convenience: GeoTrust True BusinessID EV Multi Domain SSL will be issued in 1-10 business days. And also 1-2 year validity options are available for same certificates.

10.Assurance: “GeoTrust True BusinessID EV Multi Domain” SSL Certificate carries $150k warranty. Which means you and your websites are fully secured with high level of warranty.

source:itmashable.com

Tuesday, 17 July 2012

Symantec achieves highest number of SSL Certificates Issued Globally

Industry security leader surpasses all Certificate Authorities in SSL technology history

Symantec Corp. (Nasdaq: SYMC) today announced that it has issued the largest number of active SSL certificates worldwide, according to the April 2012 Netcraft Survey. With 811,511 installed SSL certificates, Symantec beats its nearest competitor by more than 200,000 active SSL certificates, demonstrating clear leadership in the global SSL certificate market. Symantec experienced the largest growth of net new SSL certificates, an increase of 14,768 certificates, according to the April Netcraft SSL Survey.

Current Netcraft data also shows a significant 41.3 percent year over year growth of installed Symantec EV SSL certificates. This growth demonstrates the deepening trust organizations have on EV SSL certificates, while positioning Symantec SSL as the committed leader of the EV SSL market with a staggering 65.1 percent total market share. The EV SSL market will continue to thrive as EV SSL certificates provide organizations with the reassurance needed to protect online transactions and communications.
The April 2012 Netcraft SSL Survey reports that Symantec led the industry in net new SSL certificates across all three recognized segments, Extended Validation SSL (EV SSL), Organization Validated SSL (OV SSL), and Domain Validated SSL (DV SSL).

"The Electronic Frontier Foundation reports that over 650 third party Certificate Authorities currently exist," said Fran Rosch, vice president, Identity and Authentication Services. "The Netcraft report for April confirms that, website owners need to put their trust in a CA that provides top notch protection against growing cyber security threats. At Symantec, we continue to invest in both our own security infrastructure and in the relationships we've built with website owners and Internet users around the world. When it comes to the value of dedicated website security, consumer trust and a sustainable business partner, not all Certificate Authorities are created equal."

Source:nationmultimedia.com

How to Recover from Google Penguin Penalty?

April 24, 2012 was a nasty day for millions of SEO Experts and for Website Owners as on that day, Google has announced its first update called as “Google Penguin” for decreasing ranking for over optimization websites. Many small online business websites come at the ground zero level from Google Penguin update.


Before Google, Penguin updates, Many small-business people get the pleasant revenue from them online website by achieving excellent ranking in Google for them targeted keywords. However, this entire story just now reversed after “Google Penguin” update. So many websites which have good values suddenly all they are come to zero level from Google update. As per survey, many small business websites losing 50-60% online revenue after “Google Penguin” update.

Among all pros and cons, the positive sign for SEO professionals and for website, owner is your website can come out from Google Penguin If you work with old link data of your website. So I am just sharing with you the best and easy process to come out from “Google Penguin Penalty”


1. Check your website Status In Google: Very first step is just check out how many pages are indexed in Google you can check same by writing site:www.example.com in Google Search bar.

2. Collect Internal Link Data: Collect the Internal link data from Google Webmaster account.

3. Flter Internal Link Data: Filter the internal link data and collecting the URLS of your website pages which carries more than 100 links and pages, which carry external links.

4. Remove Internal links: Now works on pages which carry more than 100 links just try to reduce internal links because as per “Google Bot” like up to 100 links per page. In addition, add tags for external links so link juice factors will not be affected to internal pages.

5. Collect Link to Your Site Data (Back link Data): Just Collect the Link to your site data from Google Webmaster account and filter all the data with unique domain. Now identify the links which are not relevant to your website and also filtering multiples links from one website.

Example: If you have a website, and you have opened up multiple accounts in Social Bookmarking website and submitting one URL with different urls which mean you are doing spamming activities for your web page as per “Google Penguin updates”. So just collect the link data and short out with domain names and remove the multiple listings from same websites.

As per “Google Penguin” update irrelevant profile links is badly harm your website ranking. So precisely collect your old link building data and remove the unnatural forum profile links from irrelevant forum platforms.

6. Resolve Duplicate Content Issue: As your website carries to duplicate content then also you will slap out from Google through “Google Penguin” update. So just check out your website content and check with www.copyscape.com and if its display the original source of content then replaced your duplicate content with unique content. Remember Google also find out spinning content easily so don’t tried to use spinning content of other websites.

Resolve Internal Link Structure Issue: As in past many website owners or SEO experts just use the targeted keyword as an “Anchor Text” many times in internal link structures by giving links in the footer. However, all these tactics now not work anymore. So if your website carried multiple pages for same services and your website footer is filled up with links on “Anchor Texts” then just try to remove from the footer put unique links in the footer. Additionally, just try to cover numerous keywords in one page only rather than creating numerous pages for same services. And if you have already then just given priority to any one page and apply 301 redirections on remaining pages, which carry a similar type of content.


7.Send the Reconsideration Request to Google: After checking all above points send the reconsideration request to Google from Google Webmaster and also send the data of removing anomalous links, so they precisely believe that you are really work out on removing unnatural links.

Source:http://reviewsontech.com/seo-blogging/google-penguin-affect-small-online-business-and-how-to-come-out-from-google-penguin-penalty.html

Friday, 13 July 2012

Phishing attacks on Indian businesses grow by 187%

CHENNAI: The number of phishing attacks on Indian companies and brands have seen a sharp increase recently. According to Symantec, in May 2012, it was observed that a whopping 187% rise over the previous month in phishing attacks on Indian brands, all of which were in the banking sector. While these attacks originated around the world, Hyderabad hosted the second highest number of phishing attacks on Indian brands.

Hyderabad also topped the list of cities for May that hosted phishing sites in India of non-Indian brands followed by Nashik, New Delhi and Bangalore in the 3rd and 4th place respectively. Hyderabad was at 7th place in April and Thanjavur has been featured in this list for the first time.

India is not only positioned higher than the global average as a target for spammers but is also the top source of spam globally.

The Symantec report also observed that globally the Defense industry has been the targeted industry of choice in the first half of the year, with an average of 7.3 attacks per day.

According to Computer Emergency Response Team India (CERT-In), some hacker groups launched Distributed Denial of Service attacks on websites of Government and private organizations in India. The attacks are being launched through popular DDoS tools.

Intellectual property intensive industries such as chemical/pharmaceutical and manufacturing are the top industries that experienced targeted attacks. Given the potential for monetary gain from compromised corporate intellectual property (IP), cyber criminals aim to collect intellectual property such as design documents, formulas, and manufacturing processes. The attackers first research desired targets and then send an email specifically to the target. The purpose of the attacks appears to be industrial espionage for competitive advantage.

Nitro attack which focused on chemical sector and Stuxnet which attacked industrial systems inside a nuclear reactor are two high profile examples. Not only were they designed to precisely attack only specific industrial systems, they also had monitoring modules which sent information about these systems back to attackers. It is worth noting that India was home to the third highest Stuxnet infections.

Source:timesofindia.indiatimes.com

Wednesday, 11 July 2012

Symantec to Adopt CA Browser Forum Baseline Requirements for SSL

Symantec, who bought their way to the top of the SSL market with the purchase of VeriSign in a $1.28 billion deal announced in May 2010, has said they will adopt the Certification Authority Browser (CA/B) Forum Baseline Requirements, which were drafted late last year.

Last December, SecurityWeek reported that a string of SSL-based breaches and other security concerns had undermined the faith the IT world had in CAs.

"SSL/TLS certificates are a critical part of the Internet's security infrastructure, combining proven technical standards with the capability to scale to handle millions of websites and the wide array of user software," said Tim Moses, chairman of the CA/Browser Forum, in a statement at the time. "The new Baseline Requirements will improve the reliability and accountability of SSL/TLS issuance for relying parties by establishing baseline standards for all types of SSL/TLS certificates from all publicly-trusted CAs."

By agreeing to follow the baseline, Symantec will enforce (internally throughout all of their SSL brands) more stringent verification of identity and guidelines on certificate content and profiles, CA security, revocation mechanisms, use of algorithms and key sizes, audit requirements, liability, privacy and confidentiality, and delegation (including external sub-CAs and registration authorities).

The hope is that the CAs following the baseline (and all of them will eventually) will gain stronger trust and consumer confidence. Unfortunately, it’s too early to tell if this will make a difference at all when it comes to confidence, or overall security.

Source:securityweek.com

Thursday, 5 July 2012

GeoTrust SSL Is an Affordable Web Security Solution for E-Commerce & Merchant Websites

As Web Security is the major part of online business people are more looking for best web security solution at affordable cost.  As SSL Certificate is one of the best solutions for secured your website users data and information.As most Web people know the words leading SSL Brands name likes Symantec, Thawte, Comodo, and RapidSSL & GeoTrust. Among them GeoTrust Inc is a leading certificate authority, than any other SSL certificate provider.


GeoTrust has lead the low cost, high security segment of SSL market over major competitors likes Go Daddy and Digicerts. GeoTrust secure more than thousands of unique domains and serve the best SSL Certificate solution all over the world. GeoTrust SSL is most popular just because of its offer easy acquisition and fast delivery at very affordable pricing. GeoTrust serve the SSL Solution over 150 countries around the world at cost effective pricing. GeoTrust SSL Certificates are highly recommend with 256 bit encryption strength and its include GeoTrust Site seal which help you to increase your website trust and traffic.


GeoTrust includes following SSL Certificates for Web Security Solution:

1.GeoTrust QuickSSL Premium:  One of best Ecommerce Solution, which include 256-bit SSL encryption, Automated validation process, 99% browser compatibility, unlimited server licenses and free dynamic site seal.

2.GeoTrust True BusinessID:  If you have real merchant website then GeoTrust True BusinessID is one of best SSL Certificate option for your website. True BusinessId has strong encryption strength up to 256 bit and its carry $250,000 Warranty including with free site seal

3.GeoTrust True BusinessID with EV: GeoTrust offer True BusinessID EV SSL certificate for banking and finance website which are carries people credit card data and other information. GeoTrust True BusinessID EV includes 2048 bit encryption length, $500,000 warranty with free site seal and Green Address bar for your website look like below.

4.GeoTrust True BusinessID Multi Domain: If you want to secure multiple domain with single SSL Certificate than True BusinessID MDC is best solution for you because its carry 256-bit SSL encryption strength, business validation, 99% web and mobile browser compatibility, unlimited server licenses and you can secure up to 25 domain name with single SAN Certificate. It’s also Include $100k Warranty.

5.GeoTrust True BusinessID Wildcard: True BusinessID Wildcard Certificate is highly recommended for business website which having multiple sub domain. Its secure www.exmaple.com, xyz.example.com, download.example.com with 256 bit encryption strength and 99% web and mobile browser compatibility. GeoTrust Wildcard Include $125K warranty and free site seal which secure you with one more extra layer.

6.GeoTrust True BusinessID EV Multi Domain: True BusinessID EV Multi Domain Secure your main domain and 24 additional DNS Names, Its provide 256-bit SSL encryption length, Green Address bar and assure you with $150k warranty and GeoTrust dynamic True Site Seal.


As per your website requirements choose any GeoTrust SSL Certificates from above listed certificates and secure your website with GeoTrust SSL Certificate.

Source:http://reviewsontech.com/tech-updates/geotrust-ssl-is-an-affordable-web-security-solution-for-e-commerce-merchant-websites.html

Sunday, 1 July 2012

Symantec Secure Site Pro with EV work as a Magic Jack for Small Business Websites

As online business is covering the major part for products as well services selling market every small business needs website and online present to increasing sells and visibility in highly competitive market. Current analysis of internet  highlight that  60-70% of people would like to use online shopping and bill payment services through trusted website or through secure payment gateways like as  PayPal, 2checkout and etc.

But one of the biggest risk factor of online trading is phishing. Day by Day online phishing scams are growing as lake of data security for millions of website. The hackers are always trying to decode the e commerce websites user’s credentials. They just simply hack the data system of ecommerce website and gathering the credit card details or personal info. Of customers who are visited that website and sharing them information for buying something from same website.


So if you are buyers then you always check that your information or credit card details must be safe by ecommerce website where you share the credit card details. And if you do not believe on website which you visit then you just simply browsing the other websites on the internet who has great security features. As a buyer you are on right way but as a seller you are losing the business as well as your website trust factors on internet.

Now as a seller you need to find out ways to increase website trust factor for your visitor’s right? Don’t worry Symantec SSL Certificate is the best solution for developing users trust for your website.

Symantec is one of the most trustable brands in internet world Symantec™ is the leading Certification Authority (CA) .They just offer the encrypted SSL Certificates for website which secured your website from phishers.


Among all Symantec SSL Certificates, Symantec Secure Site Pro with EV is best choice for business leading websites. Symantec Secure Site Pro with EV SSL Carry more than 40-bit encryption strength to all site visitors, including those with nonstandard or older browsers and Oss. In more benefits if you buy Symantec Secure Site Pro with EV you will get Norton™ Secured Seal totally free which help you to increasing search engine traffic by displaying, Norton™ Secured Seal at the right side of your website result in SERPS like as below.

Extended Validation Certificate (EV SSL) enables the “Green Address Bar” like as below



In major browsers, and 128-bit EV SSL Certificates which permit visitors to occurrence the strongest SSL encryption on the market.

So, just grab the opportunities of increasing online visibility and trust for your website by purchasing Symantec Secure Site Pro with EV SSL Certificate Now. You can buy same certificate from Symantec Authorized SSL Certificates Resellers at low price compare to Symantec Website price.

Source: http://reviewsontech.com/software/symantec-secure-site-pro-with-ev-work-as-a-magic-jack-for-small-business-websites.html

Secure Multiple Sub Domain Name with Single SAN Certificate

SAN Certificate allows multiple server or domain names using the same secure SSL Certificate. A normal SSL Certificate protects only one Fully Qualified Domain Name. In a SAN Certificate several alternatives of common names can be placed in the ‘Alternative Name field.

Subject Alternative Name certificates are also known as UCC – Unified Communication Certificates. Along with single SAN certificate you can secure multiple private and public domain names, server host names, IP addresses as well gateway and firewall devices host names. UCC certificates are good for the organization requiring SSL for development center, testing environments, network security products and having multiple intranet and internet websites.

SAN SSL is recommended for securing Microsoft Exchange 2007, Exchange 2010, Share Point servers, and Communication servers as well firewall and gateway devices.

Types of SAN Certificates:

GeoTrust True BusinessID Multi-Domain (SAN/UCC)
With a True BusinessID Multi-Domain certificate, you can add, edit, or delete up to 25 domain names over the lifetime of the certificate

GeoTrust True BusinessID with EV Multi Domain (SAN/UCC)
Make a strong security statement with the green address bar. GeoTrust® True BusinessID with EV (Extended Validation) Multi-Domain is our premium business-class SSL security product, visually confirming the highest level of authentication available among SSL certificates.

Symantec™ Secure Site Pro with EV (SGC)
Symantec Secure Site Pro with EV SSL Certificate provides minimum of 128-bit and up to 256-bit encryption and more than 99% browser recognition.

Symantec™ Secure Site with EV
Symantec Secure Site with EV SSL Certificate provides minimum of 40-bit and up to 256-bit encryption and more than 99% browser recognition.

Symantec™ Secure Site Pro (SGC)
Symantec Secure Site Pro SSL Certificate provides 128-bit encryption. Secure Site Pro is enabled by Server Gated Cryptography (SGC) to help ensure strong encryption site visitors. It also includes a $250,000 warranty and the Norton™ Secured Seal.

Symantec™ Secure Site
Symantec Secure Site SSL Certificate provides minimum of 40-bit and up to 256-bit encryption and more than 99% browser recognition.

Comodo EV Multi-Domain SSL
Multi-Domain EV SSL certificates (EV MDC) allow you to secure up to 100 different domains or sub-domains with a single SSL certificate.

Tuesday, 26 June 2012

How to get a new SSL certificate for your website

The tutorial below on obtaining SSL Certificates will walk you through something Support Specialists like Terri will regularly perform for our Windows Cloud Server and Dedicated Windows Server clients that are set up on on our Complete Care Managed Services (CCMS).

I am asked quite often how to request an SSL certificate for a website. I decided to blog about this as a way to help the new web administrator get started with obtaining an SSL certificate when that functionality is requested.

There are multiple steps required to request, obtain and install a new SSL certificate on your website. For this walkthrough, I will cover the steps necessary to complete this process in IIS7.

The first step is to generate a Certificate Signing Request (CSR). This is done via Internet Information Services (IIS) Manager. The second step is to submit the CSR to a Certificate Authority. There are quite a few companies that perform this service including Symantec, Thawte, and GeoTrust. The last step is the completion of the request within IIS Manager that installs the certificate on your server. Once each of these steps is completed, you are set to configure your website using SSL to protect yourself and your customers.

The first step requires you to generate a CSR. This file is an encrypted document that contains information about the SSL certificate that you would like to obtain. To start this process, open IIS Manager and select your server name from the Connections Window. This will open the features available on your IIS instance in the Features View window on the right.


Double click on Server Certificates which will open another window within the Features View frame. Click on Create Certificate Request in the Actions menu on the right side of the application. This will open a wizard that is used to gather the information for the request. For simplicity sake, you should always enter the domain name that you would like to generate the CSR for as the Common name. All of the fields must be completed before you can continue within the wizard. The one that stumps most people is the Organizational unit. This can be anything. OrcsWeb usually specifies Internet as seen below.


After clicking Next, you are prompted for the Cryptographic service provider and bit length information. The provider should be left as Microsoft RSA SChannel Cryptographic Provider and the bit length should be changed to 2048 for most implementations. There are some Certificate Authorities that are no longer issuing certificates using 1024 bit length which is the default. Click on Next and lastly specify a filename for the request and click Finish.

You are now ready to submit your request for a CSR to the Certificate Authority of your choice. When the request has been processed, the Certificate authority will provide you with the file necessary to complete the request on your server.

Once you have received the response file from the Certificate Authority, it is time to complete the request process. Log back on to the server where you generated the CSR. Open IIS Manager and click on the server name in the Connections box on the left. In the right hand window, double click on Server Certificates. Click on Complete Certificate Request…


Navigate to the folder where you saved the response from the Certificate authority. Enter the requested domain name in the Friendly name: input box.


Click OK and the request will be completed and the certificate will be installed. You are now ready to bind your website to the SSL port 443 and assign your new certificate.

Click on the [+] sign by Sites to expand the website on your server. Select your site name by clicking on it. Click on Bindings in the Actions pane.


Click on Add in the Site Bindings window. Change the Type: to https and click on the dropdown arrow in the SSL certificate box. Select your domain name and click OK.


Your website is now ready to serve SSL encrypted data via the Internet to your customers. This process is slightly different if you are using a different web server but the general concepts are still the same.

Source:orcsweb.com

How to install an SSL certificate for Apache, from start to finish

  1. Create an SSL key to use to generate the certificate signing request

    (Save this, you’ll need it to install the certificate). To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt:

    openssl genrsa -des3 -out server.key 1024
    Generating RSA private key, 1024 bit long modulus
    .....................++++++
    .................++++++
    unable to write 'random state'
    e is 65537 (0x10001)
    Enter pass phrase for server.key:
     
    Enter a passphrase.

    Now we’ll remove the passphrase from the key, so that you don’t have to enter this passphrase whenever you restart Apache:

    openssl rsa -in server.key -out server.key.insecure
    mv server.key server.key.secure
    mv server.key.insecure server.key
  2. Generate a certificate signing request

    openssl req -new -key server.key -out server.csr
     
    It will prompt you to enter Company Name, Site Name, Email Id, etc. Once you enter all these details, your CSR will be created and it will be stored in the server.csr file.
    You can now submit this CSR file to a Certificate Authority (CA) for processing. The CA will use this CSR file and issue the certificate.
  3. Purchase an SSL certificate

    You will be asked to supply the CSR that you generated in #2.
  4. Install the SSL key from #1, the SSL certificate from #3, and the SSL issuer root certificates (aka “bundle” or “chain”).

    On an Ubuntu server, I usually upload the files here:

    /etc/apache2/ssl/domain.com.key
    /etc/apache2/ssl/domain.com.crt
    /etc/apache2/ssl/domain.com.bundle
  5. Modify your Apache vhost

    Note: Apache only supports one SSL vhost per IP address.
    Replace {ip_address} with the public IP address of the server:

    <VirtualHost {ip_address}:443>
        DocumentRoot /var/www/vhosts/domain.com
    
        SSLEngine on
        SSLVerifyClient none
        SSLCertificateFile /etc/apache2/ssl/domain.com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/domain.com.key
        SSLCertificateChainFile /etc/apache2/ssl/domain.com.bundle
    
        <Directory /var/www/vhosts/domain.com>
            AllowOverride All
            order allow,deny
            allow from all
            Options -Includes -ExecCGI
            AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml application/x-javascript
        </Directory>
    </VirtualHost>
  6. Restart Apache

    /etc/init.d/apache2 restart
Source:jonathonhill

Thursday, 14 June 2012

Facebook to Let Advertisers Bid on Ads Using Your Browser Data

For a company less than ten years old, Facebook has developed some surprisingly sophisticated ways to sell your information to advertisers.

Each time you Like a band, book, restaurant or service, Facebook uses that information to tailor ads that would appeal to you. Now the company is helping its advertisers tune into your external Internet behavior as well.

According to a Bloomberg report Wednesday, a new service called Facebook Exchange will allow advertisers to target users based on their browsing history.

Your computer already remembers your history via cookies. The Facebook Exchange program will place cookies on third-party sites, usually when a user has shown an intent to buy.

After that, the Facebook ads you see may be based on that cookie. So if you’re in the market for a car and peruse car reviews online, your computer will remember — and thanks to Facebook Exchange, this will increase the likelihood that you’ll see ads for cars on the social network.

Up to this point, Facebook ads – while targeted based on your interests – have not been linked to your history outside the site.

The Exchange program should give advertisers a better idea of whether you really intend to buy something or not — and will let them bid to place an ad on your profile. The ads you see will depend on who won that bid. To fully opt out, you’re going to have to go through the messy process of disabling those third-party cookies.

Source:mashable.com

Wednesday, 13 June 2012

Install Trusted SSL Certificate in Cisco UCS Manager

One of the tasks you should complete during the installation of the Cisco UCS Manager is configuring the Fabric Interconnects with a trusted SSL certificate. The procedure is straight forward, and only needs to be completed once, since the two Fabric Interconnects are clustered and the configuration is replicated between the two devices. In my example I'm using a Windows Server 2008 R2 Certificate Authority, but any CA should work, but the steps will vary a bit.

1. Login to your Windows CA web services site (https://yourCA/certsrv) and click on Download a CA certificate, certificate chain, or CRL.

2. On the next screen select the current root certificate, Base 64 encoding, and then click on Download CA certificate chain.

3. Save the P7B certificate file and open it in a text editor such as Notepad. Paste the contents of the file to the clipboard.

4. Login to the Cisco UCSM and click on the Admin tab. Right click on Key Management and select Create Trusted Point. Enter a name for this trust point, such as the name of your CA. Then paste the contents of the clipboard into the certificate chain window. Click OK.

5. Right click on Key Management and select  Create Key Ring. Enter a keyring name, and select the modulus (I'd pick 2048). Left click on the new keyring and then click on Create Certificate Request. In the certificate request fill out the information appropriate. Use the FQDN for the "DNS" field and for the "Subject" name use the short hostname. The IP address should be the UCSM VIP (cluster) IP address. Click OK.

6. In the next window copy the request text to the clipboard. Login to your Windows CA then click on Request a certificate, advanced certificate request, then submit a certificate request by using a base-64 encoded CMC of PKCS#10 file. Paste the certificate request into the window provided, and select the appropriate certificate template, such as web server.

7. Download the certificate as Base 64 encoded, open it in notepad, then copy the contents to the clipboard. Back in UCSM under the certificate request expand Certificate and select the appropriate trust point, then paste the certificate into the window. Click Save Changes. 

8. In the Admin tab under Communication Management click on Communication Services. Change the HTTPS configuration to use the new keyring that you configured.

9. If you now log out of UCSM and connect to the URL with your web browser your browser should now show a trusted certificate for the management interface.

And there you go! Your UCS Fabric Interconnects are now using a trusted SSL certificate.

Source:derek858.blogspot.in