Posted New Infographic: Six things that can kill your website and how to stop them. on Blog
Your website is your window on the world – it’s your shop front, your brand on display and a key route to market and perhaps your most essential sales and marketing tool. And as such it critical to your business: and if something bad were to happen then it would be a disaster your shop could be closed, your reputation tarnished and visitors stopped coming. This is why website security is so important.
We’ve designed this infographic to help educate you and help you understand six threats to your website and what you can do to prevent them.
1. Website malware
Web servers can be attacked by malware, compromising legitimate websites and using them to infect visitors is an increasingly popular tactic for online criminals: in 2012, Symantec saw a three-fold increase in this type of web attack.
Criminals can also sneak malware infections onto legitimate ad-funded sites using malicious advertising or ‘malvertising’. Last year, more than 10 billion ad impressions were compromised in this way.
3. Search engine blacklisting
Google is reported to block 10,000 sites a day. Search engines scan websites for malware and, if they find any on your site, your site could be blacklisted. This means that they stop listing the site, stop sending traffic to it and, depending on a visitor’s browser, they may also display a warning about the infection before the visitor goes to your site, even if they enter the address directly.
Big names like TechCrunch and the New York Times have been blacklisted because they were found to be inadvertently running infected ads.
4. Security warnings and expired certificates
Imagine that you’re a consumer and you’re ready to buy something but as you click on the checkout button, your browser gives you a security warning because of an out of date SSL certificate. The odds that you will complete the transaction are pretty low. Indeed, you’d think twice about coming back to the site in future.
5. Brand impersonation (phishing)
Criminals use well-known names and brands to trick people into disclosing confidential information or installing malware. Often, they use fake websites to fool people. A more recent development has been the use of social media to lure people to fake websites where they disclose information, such as social media website passwords, in the hope of some reward such as free vouchers or a free phone.
6. Customer security concerns
With so much criminality and so many security concerns, it’s not surprising that people are wary when using websites and look for reassurance that they are safe. Trust marks, such as the Norton™ Secured Seal show people that you take security seriously. They also demonstrate that your site is scanned regularly for malware and other vulnerabilities.
Choose the right partner
With so much at stake, it has never been more important to choose a well-known, reputable security partner. Symantec already secures more than one million web servers worldwide. If you’re looking for trust, security and confidence for your website, Symantec is the right partner. Read more in our whitepaper.
 Symantec ISTR 18
 Online Trust Alliance, accessed 12 March 2013, https://otalliance.org/resources/malvertising.html
 ‘Google Flags Ad Network Isocket for Alleged Malware; chrome blocks TechCrunch, Cult of Mac, others (Updated)’, The Next Web, accessed 12 March 2013, http://thenextweb.com/google/2013/01/15/google-flags-ad-network-isocket-for-alleged-malware-chrome-blocks-techcrunch-cult-of-mac-others/
 Includes Symantec subsidiaries, affiliates, and resellers.
Mar 07 2018, 9:10 AM
Posted What you need to know to migrate from 1024-bit to 2048-bit encryption on Blog
I hope by now that you are aware that the Certificate Authority/Browser Forum has mandated that Certificate Authorities stop supporting 1024-bit key length RSA certificates for both SSL and code signing by the end of this year (2013). To learn more about these changes please read the CA/Browser Forum’s paper on the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates.
What do you need to do?
Any Symantec customers with certificates expiring this year (2013) will need to renew by generating a Certificate Signing Request (CSR) of 2048 bits or higher. Any Symantec customers with certificates expiring in 2014 or later will need to replace and upgrade all 1024-bit certificates with 2048-bit RSA/DSA or 256-bit ECC certificates by 1st October 2013. All existing 1024-bit certificates will be discontinued industry-wide in the new year (2014). This is in compliance with NIST Special Publication 800-131A you can read more about the changes here
To make this transition as easy as possible here are a few helpful resources:
How to generate a new CSR
We have several tutorials that show you how to generate a CSR:
You can check and validate your CSR using this tool
We have several tutorials that show you how to install a SSL Certificate:
If you have a Microsoft IIS 6.0 or 7.0 server running .NET 2.0 or higher, or a Red Hat servers our SSL Assistant will help you automatically generate your new 2048-bit CSR and later install it
Mar 07 2018, 9:10 AM