Posts by bwilson

What Kind of SSL/TLS Certificate do You Need?

Posted by on May 12, 2016 in Blog | 0 comments

In previous blog posts we have discussed the differences among the various types of SSL/TLS certificates available. In this blog post we introduce you to a new infographic that has a decision tree to help you select the right kind of certificate for your needs.  In most cases you will need a publicly trusted certificate, but the decision tree notes that one type of certificate is the private trust certificate, which can be obtained and used in situations where a publicly trusted certificate cannot be used. These types of private SSL/TLS certificates chain to a root certificate that is not...

Read More

Stay Safe This Tax Season by Looking for SSL/TLS Certificates

Posted by on March 30, 2016 in Blog | 0 comments

It’s tax filing season again, and you need to be aware of scams that tried to steal your sensitive information or even your tax refund.  During 2015 the IRS blocked over 4.3 million suspicious returns and more than 1.4 million confirmed identity theft returns. https://www.irs.gov/uac/Newsroom/IRS,-States-and-Tax-Industry-Combat-Identity-Theft-and-Refund-Fraud-on-Many-Fronts. Phishing emails, account compromise, identity theft, and fake websites are a few approaches used by cyber criminals this time of year.  Good computer security hygiene will usually protect you from someone else...

Read More

Moving to Always on HTTPS, Part 2 of 2; Upgrading to HTTP Strict Transport Security

Posted by on February 18, 2016 in Blog | 1 comment

Part 1 of this blog post discussed browser security indicators and how to avoid getting warnings about mixed content on your website.  (Mixed content leaves a door open that allows an attacker to snoop or inject malicious content during the browsing session.)  This Part 2 discusses other technical measures to implement Always on HTTPS.  As I noted previously, one of the difficulties with implementing Always on HTTPS is that content is often provided by third parties.  I suggested that you require HTTPS from them as well. However, until you are able to get them to do this you will need to...

Read More

Moving to Always on HTTPS, Part 1 of 2; Marking HTTP as Unsecure

Posted by on February 3, 2016 in Blog | 1 comment

Over the past several years there has been increased discussion about deprecating HTTP and making HTTPS the default protocol for the World Wide Web.  (HTTP stands for “HyperText Transfer Protocol” and the “S” in HTTPS is enabled with an SSL/TLS digital certificate properly installed and configured on a web server.)  These discussions have taken place in the context of browser security indications and technical improvements simplifying the global movement to “Always on HTTPS.”   Part 1 of this two-part blog post will address browser security indicators, while Part 2 discusses...

Read More

What Are “Application Reputation” and “Publisher Reputation”?

Posted by on August 26, 2015 in Blog | 0 comments

As one dog says to the other in Peter Steiner’s classic New Yorker cartoon– “On the Internet, nobody knows you’re a dog.” Software downloaded from the Internet is similar to people on the Internet–it is hard to tell which ones are dogs–without help, which is what “application reputation” technology provides.    “Application reputation” and “publisher reputation” are methods employed by Microsoft’s SmartScreen and other systems to distinguish good software from bad software as it is downloaded from the Internet. ...

Read More