 |
|
The VeriSign Security Review
|
December 2006
In this edition,
learn about the 5 public blogs that VeriSign employees are using to
facilitate communication and technology intelligence among customers,
partners, and developers.VeriSign is responding to customer and industry
needs every day and in November, VeriSign hosted several of their most
influential customers at a Technical Advisory Council to discuss the
state of security and the direction of future product offerings. On
the international front, VeriSign participated in a keynote presentation
at RSA Conference Europe on the topic of Internet Security and the importance
of global industries sharing intelligence to better secure online transactions.
Enjoy this last edition of 2006 and have a happy and safe holiday season.
In This Issue:
Hot Topics
Monthly Threat
Summary
- Microsoft’s security update for November addresses
a number of critical vulnerabilities, most notably in Internet Explorer
6.0, XML, and the Workstation service. Security experts believe the
flaw in Workstation to be significant, as it would allow an attacker
to remotely download malicious code on a targeted computer. VeriSign
urges all customers to download all applicable patches as soon as possible.
News from VeriSign
- VeriSign to Acquire
inCode Wireless
- WestCom and VeriSign
Announce Strategic Alliance
- U.S. Department
of Education Turns to VeriSign for Meeting HSPD-12 Deadline
Security Events
- January 8-11, 2007,
International CES, Las Vegas, NV
- January 14-17, PTC
'07, Honolulu, HI
- February 5-9, RSA
Conference, San Francisco, CA
Hot Topics
F500 blogs more than double
this year
Technorati’s latest “State
of the Blogosphere” report showed that of the total 57 million
blogs that it is tracking, nearly 3 million were launched from July
through September—an average of 100,000 new sites every day. Although
traditional media sites continue to dominate the top 100 Web sites,
blogs have mostly taken over the rest of the top 500 list. Corporations
are realizing that blogging offers a viable, focused, and cost-efficient
channel for corporate messaging. As of October 2006, 40 (or 8%) of the
Fortune 500 companies were blogging, more than double the number in
January 2006.
VeriSign is among the frontrunners with five public blogs,
featuring thought leaders in the field of IT and engineering. Phillip
Hallam-Baker, who has his own blog
on the VeriSign site, explains that blogs are an ideal channel for a
certain type of technical information. “When you discover, for example,
a loophole in a cryptography function, the last thing you want to do
is create a press release to draw attention to it,” he explains. “Responding
to those issues in a blog enables us to put out the information in a
form that customers, prospects, and salespeople can access, without
drawing unwelcome attention to the matter.”
Hallam-Baker sees blogs as a good way to communicate
other types of information as well. “They’re useful when we have a position
or a stake in an issue, but don’t have an immediate product or follow-through
announcement. They’re also a more efficient way of delivering conference
presentation materials, without the time and expense of travel.” Like
newsletters, blogs can add value for customers by updating them on the
latest developments in standards and protocols, or decoding some new
marketing term.
In his VeriSign blog, Hallam-Baker promotes a different
way of looking at security, based on accountability. “Traditionally,
organizations had only a few assets to protect. Now, they have many
more, but no single asset is worth much,” he says. “It no longer makes
sense to prioritize asset protection, but to focus on authentication.
I want to get readers thinking about stronger authentication, by building
the case for accountability.”
As for Hallam-Baker himself, his Web reading focuses
on technical blogs and current affairs. “Technical blogs keep me up
to date on what’s going on in the field of security,” he explains. “Current
events blogs help me anticipate and understand the pressures and opportunities
that could impact the business environment. Both types of blogs help
me stay on top of the latest developments, so I don’t get blindsided.”
Back
to Top
Third Annual TAC Helps Us Track
Customers’ Needs
At VeriSign, we believe the best leaders are
often the best listeners. We’re always listening to our customers and
prospects, and once a year, we host an annual technical advisory council
(TAC). This year, our third TAC took place in November with 16
of our most influential customers from some of the world’s top technology,
security, financial, and retail companies.
In a series of intense, highly interactive
working sessions, we probed for more information about their evolving
needs. We told them our plans and our ideas, and they helped us set
the direction for current and future security products and services.
By the time the sessions concluded, we had validation for our short-term
product roadmap, a wish list for longer-term enterprise security solutions,
and some great ideas for new product offerings and partnerships.
Now we’re eagerly planning to leverage what
we’ve learned. Last year’s TAC was the inspiration for the development
of our Security Risk Profiling product. This year’s TAC—well, watch
this space. And meanwhile, keep telling us what you think of our products,
our services, and the challenges you face. We’re listening—and with
your help, we’re leading.
Back
to Top
VeriSign’s Keynote on Identity
Security at RSA Conference Europe 2006
When Nico Popp, Vice President for VeriSign
Security Services, gave a keynote presentation on identity security
at the RSA conference Europe 2006, more than 500 people packed the Nice
Acropolis Exhibition Centre.
This thought-provoking presentation, titled
'Identity Security: Time to Share' focused on the issues related to
identity theft, online fraud, and phishing. Through presentation and
demonstration, Popp provided insight into the concept of an identity network
and the notion that the 'good guys' should be working on global and intelligent
infrastructures that facilitate sharing of intelligence.
One of the most powerful parts of the presentation
was a demo scenario, acted out by Andrew Horbury and Mike Davies. One
played the part of 'Mr Goodguy,' an ordinary person who uses the Internet
to gather information and make personal transactions, including purchases.
The other played the part of ‘Mr Badguy,’ intent on stealing Mr Goodguy’s identity
by launching a botnet attack. The scenario included demonstrations of
the new High Assurance certificates on the Website of a bank account,
the functionality of the VeriSign Identity Protection (VIP) fraud detection
services behavioral engine, and the protection provided by using SMS
challenge response over an OTP cell phone.
Learn more about the VeriSign
Identity Protection (VIP) suite of products.
Back
to Top
Monthly Threat Summary
Microsoft’s security update for November addresses
a number of critical vulnerabilities in Microsoft products, most notably
Internet Explorer 6.0, in XML and in the Workstation service. Security
experts believe the flaw in Workstation to be significant, as it would
allow an attacker to remotely download malicious code on a targeted
computer. VeriSign urges all customers to download all applicable patches
as soon as possible.
With recent high-profile mass arrests of prominent
individuals in the online credit card fraud community, the FBI has succeeded
in forcing many popular carding forums offline. However, carding forums
have been disrupted by similar events over the past years and have staged
dramatic comebacks.
The Stration worm (aka Warezov) continues to
spread in massive numbers. It avoids anti-virus software by constantly
downloading new variants of itself. Six hours after the worm downloads
a Trojan horse program to an infected computer, the Trojan downloads
a “spambot” that sends out massive amounts of advertisements.
A new study by
Gartner Inc. claims that the number of people who have received phishing
e-mails has almost doubled to 109 million, and financial losses due
to phishing have risen to $2.8 billion. While fewer people are falling
victim to phishing attacks than in 2005, the average reported loss per
attack has nearly quintupled. Anti-phishing Web browsers are having
some impact, but educating users remains the best way to combat phishing.
In other phishing-related news, PhishTank (http://www.phishtank.com),
an open-source repository for phishing attacks and related information,
has released its first statistics
analyzing its content. Companies seeking better protection
from phishing attacks may also be interested in a recent report by SmartWare,
a software testing company, claiming that the newest version of Mozilla’s
Firefox is more effective than Internet Explorer7.0 in protecting users
from phishing attacks. For a useful news article about this report,
see Brian Krebs’ article
in The Washington Post.
Also, Google has admitted that three recent
posts to its Google Video blog contained copies of the Kama Sutra worm.
All subscribers should run anti-virus checks on their computers.
Back
to Top
News from VeriSign
VeriSign to Acquire inCode Wireless
VeriSign has signed a definitive agreement to acquire inCode
Wireless, a global business and technology consulting firm. By combining
inCode’s strategic consulting services with VeriSign’s market-leading
portfolio of managed communications and content offerings, VeriSign
plans to offer end-to-end solutions that enable customers to launch
compelling services that drive new revenue streams and improve customer
loyalty. Read
the press release.
WestCom and VeriSign Announce Strategic Alliance
WestCom Corp. and VeriSign announced a strategic alliance agreement
to jointly market and deliver a suite of next-generation converged IP
services to the global financial community. The alliance brings together
one of the world’s largest providers of trader voice services with the
leading global provider of intelligent infrastructure services. Read
the press release.
U.S. Department of Education Turns to VeriSign for Meeting HSPD-12
Deadline
The U.S. Department of Education has chosen VeriSign’s integrated
authentication services to comply with Homeland Security Presidential
Directive 12 (HSPD-12), the federal government’s secure identity credentialing
mandate. VeriSign will provide the government agency with an integrated,
managed solution for rapid deployment and prompt compliance with the
mandate. Read
the press release.
Back
to Top
Web Seminar
Managed Security Services Panel Discussion
The managed security services marketplace is a confusing beast,
because it includes so many diverse vendors. In this panel discussion,
Paul Stamp, senior analyst from Forrester Research, poses questions
and discusses issues surrounding managed security services with Scott
Magrath, VeriSign director of product marketing, and colleagues from
BT, Unisys, and Symantec. This is a great opportunity to gain insight
into these services, across the IT spectrum.
Click
here to register to download this podcast.
Back
to Top
Security Events
January
8-11, 2007 International CES, Las Vegas, NV
VeriSign will be exhibiting its Kontiki product at CES, the world's
largest annual tradeshow for consumer technology. VeriSign Kontiki offers
the industry’s most secure and scalable digital media delivery solution,
enabling enterprises and content providers to securely publish, deliver,
and track digital media to employees, partners, and customers.
January
14-17, PTC '07, Honolulu, HI
PTC is the #1 Asia-Pacific international conference for telecommunications
and ICT professionals. Hard-hitting informative sessions will help prepare
you to leverage new partnerships and remain competitive in an ever-changing
marketplace. Don’t miss the presentation by Sean Kent of VeriSign, Carrier-to-Carrier
Enterprise Peering Made Easier, January 15, 1:30 p.m..
February
5-9, RSA Conference, San Francisco, CA
The RSA Conference is the unbiased resource thousands of information
security professionals rely on for networking and knowledge sharing.
It offers targeted classroom sessions, keynotes by industry luminaries,
and a world-class exposition. If you’re attending this year’s show,
please stop by VeriSign booth #1409.
Back
to Top
|
|
Worldwide Sites
