Getting the Most Out of SSL Part 2: Configuration

Posted by on June 28, 2013 0 comments

They say the most complicated skill is to be simple; despite SSL and HTTPS having been around for a long time, they still are not as simple as they could be. One of the reasons for this is that the security industry is constantly learning more about how to design and build secure systems; as a result, the protocols and software used to secure online services need to continuously evolve to keep up with the latest risks. This situation creates a moving target for server administrators, creating a situation where this year’s “best practice” may not meet next year’s. So...

Read More

5 Tips for SMBs to Help Secure Their Online Presence

Posted by on June 17, 2013 0 comments

With National SMB Week upon us, the CASC has come up with its five tips for SMBs to help secure their online presence. By implementing these simple steps SMBs can build trust and loyalty by ensuring their website is safe to visit, search, enter personal information, or complete a transaction. Create unbreakable passwords – Strong passwords are essential on any account related to your online presence (domain registrar, hosting account, SSL provider, social media, PayPal, etc.). Brute-force attacks where a computer is used to rapidly guess your password are surprisingly common and...

Read More

Some Comments on Web Security

Posted by on June 4, 2013 1 comment

Steve Johnson of the Mercury News posted an article on Web security and highlighted some of the issues. The posted issues help to explain why we created the Certificate Authority Security Council. We want to determine the issues, have them addressed and provide awareness and education on the solutions. The CAs also work with the browsers and other experts in the industry to develop standards for all CAs to be audited against through the CA/Browser Forum. Here are some comments on the issues posted in the article. Attacking CAs to issue fake certificates — The industry is working on...

Read More