Blogs

    Publish
     
      • Raising the Bar for Security and Trust on the Web

        Sep 11 2015, 7:38 PM

        by Brook Chelmo 1

        Recently, Symantec updated its certificate issuance controls to pay special attention to domains flagged for excessive abuse, malware, spam, and other suspicious activity.  We recently received intelligence that .PW domains had a history of suspicious and abusive behavior.  After further analysis, we decided to place a hold on issuing minimally-authenticated Domain Validated SSL/TLS certificates and are instituting a policy of only offering the stronger authenticated Organization and Extended Validation SSL/TLS certificates to .PW domains.  Part of this change included the revocation of a small number of domain validated SSL/TLS certificates previously issued for these domains.  Additionally, we have engaged with the registry that controls .PW to identify ways that can improve the safety of this top level domain for consumers.  Several other country-code and generic top level domains are also special targets for attackers, which we will continue to evaluate on an on-going basis as well.

        In contrast, forward looking, security minded registries, such as fTLD Registry Services, the owner of the .bank and .insurance top level domains are raising the bar for security for all of its customers. Considered a best practice, before authorizing a domain sale, these registries ensure that only valid, qualified entities operate on these domains and thereby protect the reputation of these spaces. As the original Certification Authority and the market leader for website security solutions, Symantec believes that verifying identity is critical for establishing trust and for ensuring the security of both consumers and the organizations they connect with online.

        Symantec works with the general public to help identify fraudulent websites.  If you would like to report SSL/TLS misuse, please log it here

        • domains
        • DigiCert Code Signing
        • certificate
        • Products
        • TLS
        • website security solutions
        • issue
        • Symantec Website Security
        • .pw
        • SSL
        • revoke
        • Products and Solutions
        • Security
      • Superfish

        Feb 24 2015, 11:26 PM

        by Unknown 3

        A security flaw was discovered in software that was pre-installed on some Lenovo laptops. Lenovo has issued the following Press Release.  The story has been reported on multiple sites (for example, here and here). We applaud Lenovo for quickly publishing details on affected models and instructions for removing the flaw. The problem lies in the software from a company called Superfish that was pre-installed by Lenovo on certain computers. The main function of the software was to intervene when the user performed web searches in IE or Chrome browsers, and insert Superfish’s content into the search result page. Lenovo enabled this software to “help users find and discover products visually”, by incorporating relevant search results not offered by the search engine.

        Interjecting content in web pages is not new (for example, via browser add-ons), but Superfish’s approach was novel, and didn’t use a browser add-on. Instead, the software intercepted all traffic between the browser and the network external to the computer. But since most large search engines (such as, Google, Bing, and Yahoo) now serve all content over https, the Superfish software couldn’t read (and more importantly, modify) any of that encrypted traffic. To get around this, an SSL Man-in-the-Middle (MITM) was set up in the computer itself, creating fake SSL certificates with the domain name of the intended web site. These certificates were signed by or chained up to Superfish’s private root certificate. Ordinarily, browsers would display a prominent warning that such a certificate wasn’t trusted, so that was addressed that by injecting Superfish’s root certificate into the Windows trusted root store during manufacture. To make all this work, of course, the private key corresponding to that root certificate had to be pre-installed on all of these computers. Superfish took steps to encrypt that private key, but the encryption was trivial and quickly broken.

        The result is that attackers now have the private key corresponding to a root certificate that is trusted in these Lenovo computers, and that can be abused in too many ways to describe here.

        In some ways, this is similar to the recent incident with Gogo inflight wifi service. Both make use of an SSL MITM technique to insert themselves into the otherwise secure connection between a browser user and the websites they visit. See our recent blog post to learn how SSL MITM attacks work. In Gogo’s case, the MITM (the actor generating certificates on the fly) was in Gogo’s network; in Superfish’s case, the MITM is in the computer itself.

        As we’ve said before, SSL Man-in-the-Middle solutions can be justified within an enterprise, for example, to monitor employees’ web traffic. But the well-intentioned inclusion of Superfish had unintended consequences far beyond web searching, and created a potential for malicious MITM attacks. Pre-installing any root that does not belong to an audited Certificate Authority and marking it as trusted undermines the trust model created and maintained by platform vendors, browser vendors, and Certificate Authorities. Platform and browser vendors go to great lengths to validate the Certificate Authorities whose roots they include in their trusted root store. Microsoft provided the ability for an enterprise to add additional roots to the Windows trusted root store, and Google Chrome explicitly avoids performing public-key pinning checks for such added roots. As a result, Chrome users receive no warning of the MITM, as they did in the Gogo incident.

        If you think you may have an affected Lenovo computer, visit this web site to check. Uninstalling the Superfish software isn’t enough to remove the vulnerability – you must also remove the Superfish root from the Windows trust store. The instructions provided by Lenovo achieve both objectives.

        • Products
        • website security solutions
        • Symantec Website Security
        • DigiCert Code Signing
        • vulnerability
        • Products and Solutions
        • adware
        • Security
      • New Infographic: Six things that can kill your website and how to stop them.

        Mar 29 2018, 11:06 PM

        by Andrew Horbury 2

        14717-Symantec-UMB-header-660x200.jpg

        Your website is your window on the world – it’s your shop front, your brand on display and a key route to market and perhaps your most essential sales and marketing tool. And as such it critical to your business: and if something bad were to happen then it would be a disaster your shop could be closed, your reputation tarnished and visitors stopped coming. This is why website security is so important.

        We’ve designed this infographic to help educate you and help you understand six threats to your website and what you can do to prevent them.

        1. Website malware

        Web servers can be attacked by malware, compromising legitimate websites and using them to infect visitors is an increasingly popular tactic for online criminals: in 2012, Symantec saw a three-fold increase in this type of web attack[1].

        2. Malvertising

        Criminals can also sneak malware infections onto legitimate ad-funded sites using malicious advertising or ‘malvertising’. Last year, more than 10 billion ad impressions were compromised in this way[2].

        3. Search engine blacklisting

        Google is reported to block 10,000 sites a day[3]. Search engines scan websites for malware and, if they find any on your site, your site could be blacklisted. This means that they stop listing the site, stop sending traffic to it and, depending on a visitor’s browser, they may also display a warning about the infection before the visitor goes to your site, even if they enter the address directly.

        Big names like TechCrunch and the New York Times have been blacklisted because they were found to be inadvertently running infected ads.[4]

        14717-Symantec-UMB-panel-660x270.jpg

        4. Security warnings and expired certificates

        Imagine that you’re a consumer and you’re ready to buy something but as you click on the checkout button, your browser gives you a security warning because of an out of date SSL certificate. The odds that you will complete the transaction are pretty low. Indeed, you’d think twice about coming back to the site in future.

        5. Brand impersonation (phishing)

        Criminals use well-known names and brands to trick people into disclosing confidential information or installing malware. Often, they use fake websites to fool people. A more recent development has been the use of social media to lure people to fake websites where they disclose information, such as social media website passwords, in the hope of some reward such as free vouchers or a free phone.

        6. Customer security concerns

        With so much criminality and so many security concerns, it’s not surprising that people are wary when using websites and look for reassurance that they are safe. Trust marks, such as the Norton™ Secured Seal show people that you take security seriously. They also demonstrate that your site is scanned regularly for malware and other vulnerabilities.

        Choose the right partner

        With so much at stake, it has never been more important to choose a well-known, reputable security partner. Symantec already secures more than one million web servers worldwide[5]. If you’re looking for trust, security and confidence for your website, Symantec is the right partner. Read more in our whitepaper.

        [1] Symantec ISTR 18

        [2] Online Trust Alliance, accessed 12 March 2013, https://otalliance.org/resources/malvertising.html

        [4] ‘Google Flags Ad Network Isocket for Alleged Malware; chrome blocks TechCrunch, Cult of Mac, others (Updated)’, The Next Web, accessed 12 March 2013, http://thenextweb.com/google/2013/01/15/google-flags-ad-network-isocket-for-alleged-malware-chrome-blocks-techcrunch-cult-of-mac-others/

        [5] Includes Symantec subsidiaries, affiliates, and resellers.

        • Products
        • website security solutions
        • Norton Secured Seal
        • SSL
        • @nortonsecured
        • DigiCert Complete Website Security
        • Symantec SSL
        • SSL Certificates
        • Products and Solutions
        • ev ssl certificate
        • Security