New compatibility with Vista and Firefox makes Email certificates available to many new users and remains free of charge. These Email certificates allow users to encrypt and digitally sign Email and attachments, keeping them secure and confidential. Encryption ensures that only the intended recipient(s) have access to the material and verify the sender's identity. The message and any attachments can not be tampered with during the transmission of the Email.
Other Competing software providers charge as much as $20 for Email certificates, but Comodo, in its commitment to ensuring the availability of online security solutions to everyone, continues to offer Email certificates for free. These certificates are fully trusted by 99% of Email clients.
Click to download a free Secure Email certificate.
*Free for personal use
Tuesday, July 31, 2007
Thursday, July 05, 2007
The Future of Computer Security
Article by Comodo's President & CEO - Melih Abdulhayoglu
Source: http://forums.comodo.com/
The Future of Computer Security
People keep asking me:
Is AV dead? Is HIPS the ultimate solution? Are we going to need to have chips surgically implanted in our…”
Okay, let’s not degenerate this in the first fifty words. I’d like to start with some facts about the state of software security for PCs.
1. The world does not protect itself against Zero Day attacks. The majority thinks it does, but reality begs to differ.
2. People buy AV products because they don’t know any better. Ignorance is bliss, but not in security. Security checks have been bumped up since 9/11 – enough said.
3. People are lazy, myself leading that pack. We want things done, but we don’t want to lift a finger. It’s 2007, so we shouldn’t have to!
Let me expand on these points.
1. The world does not protect itself against Zero Day attacks.
Our primary protection is the use of software products called AV (antivirus). These products essentially create a signature for the malware, which functions much like a mug shot does for a criminal, but only after the crime has been committed. In PCland, AV can never be used as protection against Zero Day attacks because the virus signature (a.k.a. the mug shot) has not been created yet; hence, no protection. In an ideal, if not idiotic, world, virii authors would be kind enough to submit their malware to AV vendors, wait for them to create signatures and update their AV users, and then release their malware to the public so that we could catch zero day attacks. We can expect that about as much as we can expect the criminal to go to the police and say “hey, I’m going to commit a crime”, and the police to prevent the crime. My point: we just don’t protect ourselves against Zero Day attacks.
2. People buy AV products because they don’t know any better.
People buy a lot of AV, so it must be the best protection available, right? Wrong. This is not a good argument. People buy a lot of cigarettes, too. This is not to discredit AV; it does what it was designed to do, but it just isn’t enough by itself. Fraudsters and their toys are a force to be reckoned with, and AV alone isn’t up to the fight.
3. People are lazy.Look around you:
we built washing machines because we got tired of hauling our laundry and the washboard to the river and back. We built dishwashers so husbands wouldn’t have to wash dishes (and spot on, I say!). From cars to nappies, humans demand easy-to-use, painless solutions that give us more time for ourselves and deliver the desired outcome with minimal effort. We want the same from our internet security. We can clap our hands and turn on a lamp, so we should be able to “plug and protect” our PCs just as easily.
The future, from my point of view.
Our houses have doors, burglar alarms and insurance. Well, most do, at least. If you don’t have a door, a burglar can walk in and steal your PC; thus, the door prevents the burglar from entering.
But Melih, doors can be kicked in!
Yes, they can, so continuing to get stronger doors isn’t much of a solution. This is why we should never rely on just one layer of security. The door to the house isn’t enough, so we install a burglar alarm. If he can get in, at least we can detect him – prevention plus detection, two layers. Let’s say he cuts your electric wires or manages to turn off the burglar alarm in another way (They make it look so easy on TV, don’t they?). He walks away with not only your computer, but your priceless stamp collection, too. This is why we have insurance, to recover the value of stolen items. Thus, insurance is the cure, the third layer in our layered approach. Stacking up these layers, in order, to protect the PCs in our homes, we have:
1. A door for prevention
2. A burglar alarm for detection, and
3. Insurance for the cure.
I thought you were going to tell us how to secure our PCs, not our homes, Melih!
I just did. The layered approach can be just as easily applied to our PCs. We use AV as our main source of defense, but is AV prevention? No, it’s detection, the veritable burglar alarm for a PC, but it must have the malware signature – the burglar’s mug shot – or it won’t sound the alarm. A new burglar, however, has a free pass, and no alarm goes off. This, my friends, is the infamous Zero Day attack, which our AV allows to happen. Now relax, AV devotees. I’m not saying AV is crap; I’m just pointing out its weaknesses, so calm down. With AV, our PC “house” has a burglar alarm but no door. Ridiculous, right? But that’s how it is! Some of us employ Firewalls too, but that’s also a form of detection, with a little prevention thrown in, if it’s a decent Firewall that doesn’t leak. If a firewall does leak, it lets the burglar (malware) take something out of the house or, in firewallspeak, make a call to the Internet with your sensitive information. A good firewall sounds an alarm in the form of a popup when this happens, and a really good firewall gives you advice on what to do next. You need both the AV and the firewall to detect someone coming in and things going out. So now our PC house has a decent burglar alarm (detection), but no door. Yikes!
Dude, where’s my door?
This is where we are challenged and need to change the model altogether. We are backwards when it comes to our default settings, but we can overcome this. Today, it’s fair to say that PCs are running with the “default: allow” function, which means they are allowing everything to run and hoping to catch the bad stuff before it executes. It’s more of a swinging gate than a door, and can’t really provide the prevention we seek.
So we should run with the “deny all” function and only allow the good stuff, right?
Bingo. With the “default: allow” in place, we operate on a system of “blacklisting”, blocking only the things that we know ahead of time are destructive. By reversing that and only granting entry to those names on the “whitelist”, we save ourselves the hassle of trying to figure out who’s good and who’s bad. If you aren’t on the list, you’re not coming in, period. Thus, we have a door, it’s solid, and it’s locked.
But Melih, who wants to deal with all the popups asking us if we trust ‘this or that’?Frankly, no one, but why are we making the assumption that the whitelist database will be limited? It is feasible to create a very cogent whitelist security layer which will be virtually noise-free for the average user, and that is exactly what we are doing.
The days of going to bed without locking the front door are long past. PC security is, or should be, just as important as the security of our homes and personal belongings. We deserve to live our lives without the constant worry of burglary and vandalism, and only a layered approach will give us that peace of mind in regard to our computers.
Melih’s prediction: prevention will become the first line of defense!
thank you
Melih
Please fill out this form to help you serve better: Internet Security Feedback Form
Source: http://forums.comodo.com/
The Future of Computer Security
People keep asking me:
Is AV dead? Is HIPS the ultimate solution? Are we going to need to have chips surgically implanted in our…”
Okay, let’s not degenerate this in the first fifty words. I’d like to start with some facts about the state of software security for PCs.
1. The world does not protect itself against Zero Day attacks. The majority thinks it does, but reality begs to differ.
2. People buy AV products because they don’t know any better. Ignorance is bliss, but not in security. Security checks have been bumped up since 9/11 – enough said.
3. People are lazy, myself leading that pack. We want things done, but we don’t want to lift a finger. It’s 2007, so we shouldn’t have to!
Let me expand on these points.
1. The world does not protect itself against Zero Day attacks.
Our primary protection is the use of software products called AV (antivirus). These products essentially create a signature for the malware, which functions much like a mug shot does for a criminal, but only after the crime has been committed. In PCland, AV can never be used as protection against Zero Day attacks because the virus signature (a.k.a. the mug shot) has not been created yet; hence, no protection. In an ideal, if not idiotic, world, virii authors would be kind enough to submit their malware to AV vendors, wait for them to create signatures and update their AV users, and then release their malware to the public so that we could catch zero day attacks. We can expect that about as much as we can expect the criminal to go to the police and say “hey, I’m going to commit a crime”, and the police to prevent the crime. My point: we just don’t protect ourselves against Zero Day attacks.
2. People buy AV products because they don’t know any better.
People buy a lot of AV, so it must be the best protection available, right? Wrong. This is not a good argument. People buy a lot of cigarettes, too. This is not to discredit AV; it does what it was designed to do, but it just isn’t enough by itself. Fraudsters and their toys are a force to be reckoned with, and AV alone isn’t up to the fight.
3. People are lazy.Look around you:
we built washing machines because we got tired of hauling our laundry and the washboard to the river and back. We built dishwashers so husbands wouldn’t have to wash dishes (and spot on, I say!). From cars to nappies, humans demand easy-to-use, painless solutions that give us more time for ourselves and deliver the desired outcome with minimal effort. We want the same from our internet security. We can clap our hands and turn on a lamp, so we should be able to “plug and protect” our PCs just as easily.
The future, from my point of view.
Our houses have doors, burglar alarms and insurance. Well, most do, at least. If you don’t have a door, a burglar can walk in and steal your PC; thus, the door prevents the burglar from entering.
But Melih, doors can be kicked in!
Yes, they can, so continuing to get stronger doors isn’t much of a solution. This is why we should never rely on just one layer of security. The door to the house isn’t enough, so we install a burglar alarm. If he can get in, at least we can detect him – prevention plus detection, two layers. Let’s say he cuts your electric wires or manages to turn off the burglar alarm in another way (They make it look so easy on TV, don’t they?). He walks away with not only your computer, but your priceless stamp collection, too. This is why we have insurance, to recover the value of stolen items. Thus, insurance is the cure, the third layer in our layered approach. Stacking up these layers, in order, to protect the PCs in our homes, we have:
1. A door for prevention
2. A burglar alarm for detection, and
3. Insurance for the cure.
I thought you were going to tell us how to secure our PCs, not our homes, Melih!
I just did. The layered approach can be just as easily applied to our PCs. We use AV as our main source of defense, but is AV prevention? No, it’s detection, the veritable burglar alarm for a PC, but it must have the malware signature – the burglar’s mug shot – or it won’t sound the alarm. A new burglar, however, has a free pass, and no alarm goes off. This, my friends, is the infamous Zero Day attack, which our AV allows to happen. Now relax, AV devotees. I’m not saying AV is crap; I’m just pointing out its weaknesses, so calm down. With AV, our PC “house” has a burglar alarm but no door. Ridiculous, right? But that’s how it is! Some of us employ Firewalls too, but that’s also a form of detection, with a little prevention thrown in, if it’s a decent Firewall that doesn’t leak. If a firewall does leak, it lets the burglar (malware) take something out of the house or, in firewallspeak, make a call to the Internet with your sensitive information. A good firewall sounds an alarm in the form of a popup when this happens, and a really good firewall gives you advice on what to do next. You need both the AV and the firewall to detect someone coming in and things going out. So now our PC house has a decent burglar alarm (detection), but no door. Yikes!
Dude, where’s my door?
This is where we are challenged and need to change the model altogether. We are backwards when it comes to our default settings, but we can overcome this. Today, it’s fair to say that PCs are running with the “default: allow” function, which means they are allowing everything to run and hoping to catch the bad stuff before it executes. It’s more of a swinging gate than a door, and can’t really provide the prevention we seek.
So we should run with the “deny all” function and only allow the good stuff, right?
Bingo. With the “default: allow” in place, we operate on a system of “blacklisting”, blocking only the things that we know ahead of time are destructive. By reversing that and only granting entry to those names on the “whitelist”, we save ourselves the hassle of trying to figure out who’s good and who’s bad. If you aren’t on the list, you’re not coming in, period. Thus, we have a door, it’s solid, and it’s locked.
But Melih, who wants to deal with all the popups asking us if we trust ‘this or that’?Frankly, no one, but why are we making the assumption that the whitelist database will be limited? It is feasible to create a very cogent whitelist security layer which will be virtually noise-free for the average user, and that is exactly what we are doing.
The days of going to bed without locking the front door are long past. PC security is, or should be, just as important as the security of our homes and personal belongings. We deserve to live our lives without the constant worry of burglary and vandalism, and only a layered approach will give us that peace of mind in regard to our computers.
Melih’s prediction: prevention will become the first line of defense!
thank you
Melih
Please fill out this form to help you serve better: Internet Security Feedback Form
Wednesday, June 27, 2007
Origination of Names of Great Companies.........(Just for a Change)
Comodo –Well, it started with what we have in common with the Komodo dragon. It's the largest dragon in the species, the most powerful and adaptable. Then the K was changed as C to show our powerful commitment to commerce, communications, even, .com. We're back to the internet.
I was wondering what would have made some famous companies select their name…………. Got a forwarded mail like this........
Mercedes: This was actually financier's daughter's name.
Adobe: This came from the name of the river Adobe Creek that ran behind the house of founder John Warnock.
Apple Computers: It was the favourite fruit of founder Steve Jobbs.He was three months late for filing a name for the business, and he threatened to call his company Apple Computers if the other colleagues didn't suggest a better name by 5 0'clock. CISCO: It is not an acronym as popuraily believed.Its short for San Francisco.
Compaq: This name was formed by using COMp, for computer and PAQ to denote a small integral object.
Corel: The name was derived from the founder's name Dr. Michael Cowpland. It stands for COwpland Research Laboratory.
Google: The name started as a joke boasting about the amount of information the search-engine would be able to search. It was originally named 'Googol', a word for the number represented by 1 followed by 100 zeros. After founders - Stanford graduate students Sergey Brin and Larry Page presented their project to an angel investor; they received a cheque made out to 'Google'.
Hotmail: Founder Jack Smith got the idea of accessing e-mail via the web from a computer anywhere in the world. When Sabeer Bhatia came up with the business plan for the mail service, he tried all kinds of names ending in 'mail' and finally settled for hotmail as it included the letters "html" - the programming language used to write web pages. It was initially referred to as HoTMaiL with selective uppercasing.
HP: Bill Hewlett and Dave Packard tossed a coin to decide whether the company they founded would be called Hewlett-Packard or Packard-Hewlett.
Intel: Bob Noyce and Gordon Moore wanted to name their new company 'Moore Noyce' but that was already trademarked by a hotel chain so they had to settle for an acronym of INTegrated ELectronics.
Lotus (Notes) : Mitch Kapor got the name for his company from 'The Lotus Position' or 'Padmasana'. Kapor used to be a teacher of ranscendental Meditation of Maharishi Mahesh Yogi.
Microsoft: Coined by Bill Gates to represent the company that was devoted to MICROcomputer SOFTware. Originally christened Micro-Soft, the '-' was removed later on. Motorola: Founder Paul Galvin came up with this name when his company started manufacturing radios for cars. The popular radio company at the time was called Victrola.
ORACLE: Larry Ellison and Bob Oats were working on a consulting project for the CIA (Central Intelligence Agency). The code name for the project was called Oracle (the CIA saw this as the system to give answers to all questions or something such). The project was designed to help use the newly written SQL code by IBM. The project eventually was terminated but Larry and Bob decided to finish what they started and bring it to the world. They kept the name Oracle and created the RDBMS engine. Later they kept the same name for the company. Do you know why they named this project 'Oracle'? ORACLE :One Real A**hole Called Larry Ellison
Sony: It originated from the Latin word 'sonus' meaning sound, and 'sonny' a slang used by Americans to refer to a bright youngster.
SUN: Founded by 4 Stanford University buddies, SUN is the acronym for Stanford University Network. Andreas Bechtolsheim built a microcomputer; Vinod Khosla recruited him and Scott McNealy to manufacture computers based on it, and Bill Joy to develop a UNIX-based OS for the computer.
Apache: It got its name because its founders got started by applying patches to code written for NCSA's httpd daemon. The result was 'A PAtCHy'server -- thus, the name Apache Jakarta (project from Apache): A project constituted by SUN and Apache to create a web server handling servlets and JSPs. Jakarta was name of the conference room at SUN where most of the meetings between SUN and Apache took place.
Tomcat: The servlet part of the Jakarta project. Tomcat was the code name for the JSDK 2.1 project inside SUN.
C: Dennis Ritchie improved on the B programming language and called it 'New B'.He later called it C. Earlier B was created by Ken Thompson as a revision of the Bon programming language (named after his wife Bonnie).
C++: Bjarne Stroustrup called his new language 'C with Classes' and then 'new C'. Because of which the original C began to be called 'old C' which was considered insulting to the C community. At this time Rick Mascittisuggested the name C++ as a successor to C.
GNU: A species of African antelope. Founder of the GNU project Richard Stallman liked the name because of the humor associated with its pronunciation and was also influenced by the children's song 'The Gnu Song' which is a song sung by a gnu. Also it fitted into the recursive acronym culture with 'GNU's Not Unix'.
Java: Originally called Oak by creator James Gosling, from the tree that stood outside his window, the programming team had to look for a substitute as there was no other language with the same name. Java was selected from a list of suggestions. It came from the name of the coffee that the programmers drank.
LG: Combination of two popular Korean brands Lucky and Goldstar.
Linux: Linus Torvalds originally used the Minix OS on his system which he replaced by his OS. Hence the working name was Linux (Linus' Minix). He thought the name to be too egotistical and planned to name it Freax(free + freak + x).His friend Ari Lemmke encouraged Linus to upload it to a network so it could be easily downloaded. Ari gave Linus a directory called linux on his FTP server, as he did not like the name Freax.(Linus' parents named himafter two-time Nobel Prize winner Linus Pauling) .
Mozilla: When Marc Andreesen, founder of Netscape, created a browser to replace Mosaic (also developed by him), it was named Mozilla (Mosaic-Killer, Godzilla).The marketing guys didn't like the name however and it was re-christened Netscape Navigator.
Red Hat: Company founder Marc Ewing was given the Cornell lacrosse team cap (with red and white stripes) while at college by his grandfather. He lost it and had to search for it desperately. The manual of the beta version of Red Hat Linux had an appeal to readers to return his Red Hat if found by anyone!
SAP: "Systems, Applications, Products in Data Processing", formed by 4 ex-IBM employees who used to work in the 'Systems/Applications/Projects' group of IBM. SCO (UNIX): >From Santa Cruz Operation. The company's office was in Santa Cruz.
UNIX: When Bell Labs pulled out of MULTICS (MULTiplexed Information and Computing System), which was originally a joint Bell/GE/MIT project, Ken Thompson and Dennis Ritchie of Bell Labs wrote a simpler version of the OS.They needed the OS to run the game Space War which was compiled under MULTICS.It was called UNICS - UNIplexed operating and Computing System by Brian Kernighan. It was later shortened to UNIX.
Xerox: The inventor, Chestor Carlson, named his product trying to say `dry' (as it was dry copying, markedly different from the then prevailing wet copying).The Greek root `xer' means dry.
Yahoo!: The word was invented by Jonathan Swift and used in his book 'Gulliver's Travels'. It represents a person who is repulsive in appearance and action and is barely human. Yahoo! founders Jerry Yang and David Filo selected the name because they considered themselves yahoos.
I was wondering what would have made some famous companies select their name…………. Got a forwarded mail like this........
Mercedes: This was actually financier's daughter's name.
Adobe: This came from the name of the river Adobe Creek that ran behind the house of founder John Warnock.
Apple Computers: It was the favourite fruit of founder Steve Jobbs.He was three months late for filing a name for the business, and he threatened to call his company Apple Computers if the other colleagues didn't suggest a better name by 5 0'clock. CISCO: It is not an acronym as popuraily believed.Its short for San Francisco.
Compaq: This name was formed by using COMp, for computer and PAQ to denote a small integral object.
Corel: The name was derived from the founder's name Dr. Michael Cowpland. It stands for COwpland Research Laboratory.
Google: The name started as a joke boasting about the amount of information the search-engine would be able to search. It was originally named 'Googol', a word for the number represented by 1 followed by 100 zeros. After founders - Stanford graduate students Sergey Brin and Larry Page presented their project to an angel investor; they received a cheque made out to 'Google'.
Hotmail: Founder Jack Smith got the idea of accessing e-mail via the web from a computer anywhere in the world. When Sabeer Bhatia came up with the business plan for the mail service, he tried all kinds of names ending in 'mail' and finally settled for hotmail as it included the letters "html" - the programming language used to write web pages. It was initially referred to as HoTMaiL with selective uppercasing.
HP: Bill Hewlett and Dave Packard tossed a coin to decide whether the company they founded would be called Hewlett-Packard or Packard-Hewlett.
Intel: Bob Noyce and Gordon Moore wanted to name their new company 'Moore Noyce' but that was already trademarked by a hotel chain so they had to settle for an acronym of INTegrated ELectronics.
Lotus (Notes) : Mitch Kapor got the name for his company from 'The Lotus Position' or 'Padmasana'. Kapor used to be a teacher of ranscendental Meditation of Maharishi Mahesh Yogi.
Microsoft: Coined by Bill Gates to represent the company that was devoted to MICROcomputer SOFTware. Originally christened Micro-Soft, the '-' was removed later on. Motorola: Founder Paul Galvin came up with this name when his company started manufacturing radios for cars. The popular radio company at the time was called Victrola.
ORACLE: Larry Ellison and Bob Oats were working on a consulting project for the CIA (Central Intelligence Agency). The code name for the project was called Oracle (the CIA saw this as the system to give answers to all questions or something such). The project was designed to help use the newly written SQL code by IBM. The project eventually was terminated but Larry and Bob decided to finish what they started and bring it to the world. They kept the name Oracle and created the RDBMS engine. Later they kept the same name for the company. Do you know why they named this project 'Oracle'? ORACLE :One Real A**hole Called Larry Ellison
Sony: It originated from the Latin word 'sonus' meaning sound, and 'sonny' a slang used by Americans to refer to a bright youngster.
SUN: Founded by 4 Stanford University buddies, SUN is the acronym for Stanford University Network. Andreas Bechtolsheim built a microcomputer; Vinod Khosla recruited him and Scott McNealy to manufacture computers based on it, and Bill Joy to develop a UNIX-based OS for the computer.
Apache: It got its name because its founders got started by applying patches to code written for NCSA's httpd daemon. The result was 'A PAtCHy'server -- thus, the name Apache Jakarta (project from Apache): A project constituted by SUN and Apache to create a web server handling servlets and JSPs. Jakarta was name of the conference room at SUN where most of the meetings between SUN and Apache took place.
Tomcat: The servlet part of the Jakarta project. Tomcat was the code name for the JSDK 2.1 project inside SUN.
C: Dennis Ritchie improved on the B programming language and called it 'New B'.He later called it C. Earlier B was created by Ken Thompson as a revision of the Bon programming language (named after his wife Bonnie).
C++: Bjarne Stroustrup called his new language 'C with Classes' and then 'new C'. Because of which the original C began to be called 'old C' which was considered insulting to the C community. At this time Rick Mascittisuggested the name C++ as a successor to C.
GNU: A species of African antelope. Founder of the GNU project Richard Stallman liked the name because of the humor associated with its pronunciation and was also influenced by the children's song 'The Gnu Song' which is a song sung by a gnu. Also it fitted into the recursive acronym culture with 'GNU's Not Unix'.
Java: Originally called Oak by creator James Gosling, from the tree that stood outside his window, the programming team had to look for a substitute as there was no other language with the same name. Java was selected from a list of suggestions. It came from the name of the coffee that the programmers drank.
LG: Combination of two popular Korean brands Lucky and Goldstar.
Linux: Linus Torvalds originally used the Minix OS on his system which he replaced by his OS. Hence the working name was Linux (Linus' Minix). He thought the name to be too egotistical and planned to name it Freax(free + freak + x).His friend Ari Lemmke encouraged Linus to upload it to a network so it could be easily downloaded. Ari gave Linus a directory called linux on his FTP server, as he did not like the name Freax.(Linus' parents named himafter two-time Nobel Prize winner Linus Pauling) .
Mozilla: When Marc Andreesen, founder of Netscape, created a browser to replace Mosaic (also developed by him), it was named Mozilla (Mosaic-Killer, Godzilla).The marketing guys didn't like the name however and it was re-christened Netscape Navigator.
Red Hat: Company founder Marc Ewing was given the Cornell lacrosse team cap (with red and white stripes) while at college by his grandfather. He lost it and had to search for it desperately. The manual of the beta version of Red Hat Linux had an appeal to readers to return his Red Hat if found by anyone!
SAP: "Systems, Applications, Products in Data Processing", formed by 4 ex-IBM employees who used to work in the 'Systems/Applications/Projects' group of IBM. SCO (UNIX): >From Santa Cruz Operation. The company's office was in Santa Cruz.
UNIX: When Bell Labs pulled out of MULTICS (MULTiplexed Information and Computing System), which was originally a joint Bell/GE/MIT project, Ken Thompson and Dennis Ritchie of Bell Labs wrote a simpler version of the OS.They needed the OS to run the game Space War which was compiled under MULTICS.It was called UNICS - UNIplexed operating and Computing System by Brian Kernighan. It was later shortened to UNIX.
Xerox: The inventor, Chestor Carlson, named his product trying to say `dry' (as it was dry copying, markedly different from the then prevailing wet copying).The Greek root `xer' means dry.
Yahoo!: The word was invented by Jonathan Swift and used in his book 'Gulliver's Travels'. It represents a person who is repulsive in appearance and action and is barely human. Yahoo! founders Jerry Yang and David Filo selected the name because they considered themselves yahoos.
Thursday, June 14, 2007
EV SSL Certificates - Authentication for Sole proprietor and Small Businesses
CA/B Forum Ratifies Extended Validation (EV) SSL Certificate Guidelines to Provide Improved Online Authentication to More Businesses For Safer Online Transactions.Comodo instrumental in enabling all verifiable businesses - including sole proprietorships - to better authenticate their identities for improved customer trust and profitability
EV SSL certificates to sole proprietorships in light of the recent ratification of the EV SSL Guidelines by the CA/Browser Forum. This first ratification, two years in the making, is a milestone in the accessibility of authentication solutions for a wider range of businesses.
EV, until now, was not available to sole proprietorships and non-corporations, as the validation process only extended to corporations registered with government agencies. This put the sole proprietors at a disadvantage, as they did not have the budgets to create consumer trust through extensive brand building programs involving advertising or running "brick and mortar" retail outlets. Comodo, initiator of the CA/Brower Forum, was one of the key advocates for the extension of EV to sole proprietors, recognizing the greater level of trust they would get from EV certificates.
Background information on EV
EV SSL builds on the trust that the marketplace has in traditional SSL protection by adding an additional layer which enables the address bar in the browser to turn green, delivering visual authentication of a site's identity. Site visitors are increasingly demanding this level of identity authentication and are apt to abandon sites that do not provide it. Since EV protects users from doing business with sites that are not authentic, these EV-protected sites can be more trusted offering greater potential conversions rates, revenue and lifetime customer value.
Because of the stringent EV validation process, verifiable businesses will be able to obtain EV, while fraudsters will find it more difficult. Only a Certification Authority can issue EV SSL certificate, and before doing so, must:
1.) Verify the legal, physical and operational existence of the entity
2.) Verify that the identity of the entity matches official records
3.) Verify that the entity has the exclusive right to use the domain specified in the EV certificate, and
4.) Verify that the entity has properly authorized the issuance of the EV certificate
The standards also include rigorous auditing criteria which Certification Authorities must meet to ensure their compliance and be allowed to issue EV certificates.
For more information, visit http://www.instantssl.com/.
Source: http://www.comodo.com/
This new initiative will increase the Business/Sale of proprietorships and Small Business. Avail your EV SSL from Comodo - The Initiators of Trust to non-corporations.
To avail EV SSL contact sales (at) comodo (dot) com or yuvarajr (at) comodo (dot) com
Tuesday, May 29, 2007
Future of IT Security | Web Security
Believe it or not, today’s security products are the features of tomorrow.
In the future from now on there would be a dramatic change primarily in the area of technologies and applications that use Internet, productively in all aspects of the business and life everyday. In order to have a Secure Technology Generation (STG) it’s a must to shape the future of the WWW net.
In relation to the growing Consumer Issues over the internet such as Phishing, Privacy Disclosures, Identity Fraud etc,Online Financial & Merchant businesses and Services really Require Stronger Authentication Methods more than that of Simple PINs and Passwords to have an increased e-Commerce Security Environment.
Information Technology practices are upgraded and improved, still the attackers, phishers and business requirements keep raising the bar and are in the look out for new technologies every second due to the increased security threat. This is because not only the e-Commerce is in danger but also the business doer. As they want to protect themselves from these kinds of threats the security practitioners are having scheduled for so many proactive levels, predicting the future threats.
When it comes to security of Internet, the experts who analyze the online business themselves have got so many questions, such as
1.) What kind of the Security measure is globally suitable?
In the future from now on there would be a dramatic change primarily in the area of technologies and applications that use Internet, productively in all aspects of the business and life everyday. In order to have a Secure Technology Generation (STG) it’s a must to shape the future of the WWW net.
In relation to the growing Consumer Issues over the internet such as Phishing, Privacy Disclosures, Identity Fraud etc,Online Financial & Merchant businesses and Services really Require Stronger Authentication Methods more than that of Simple PINs and Passwords to have an increased e-Commerce Security Environment.
Information Technology practices are upgraded and improved, still the attackers, phishers and business requirements keep raising the bar and are in the look out for new technologies every second due to the increased security threat. This is because not only the e-Commerce is in danger but also the business doer. As they want to protect themselves from these kinds of threats the security practitioners are having scheduled for so many proactive levels, predicting the future threats.
When it comes to security of Internet, the experts who analyze the online business themselves have got so many questions, such as
1.) What kind of the Security measure is globally suitable?
2.) Will the Secure Sockets Layer (SSL) certificate be standard security in future or an upgrade of some online security appliances is needed?
3.) Will the SSL & PKI alone would solve the authentication requirements?
4.) Would the firewall be made transparent?
5.) And what level is the Vulnerability going to be in the future?
And so on………. While there is not going to be significant increase in the level of threat for the corporatism, still there is going to be threat to the external element of the enterprise, which is going affect the corporate. As discussed already “Today’s Security Products are Features of Tomorrow”, nowadays firewall comes with antivirus, anti-spyware detection tools. Also the upgrade in the SSL to EV (Extended Validation) SSL shows the increased trend in technology and security. No sooner in 2010, Internet Security Package is going to have all the threat fighters, such as EV SSL, Hacker Prevention Tool – Vulnerability Scanner, Firewalls, Antivirus, Anti-Spy ware, Anti-Malware, Site monitors plus the other secure tools which would be found based on the present and future threat.
Let’s Hope for a Better Future………. : -)
I wish you would go through this blog to know more about Internet security and Online marketing http://trenchwars.wordpress.com/
Monday, March 12, 2007
UTI Bank – Be alert and be safe from online fraud
Recently got an email to my yahoo account from a phisher who meant that the mail is from UTI bank stating that the SSL certificate has been upgraded, and it requested for us to sign in for the UTI Banks Secure Internet Banking, providing an link.
When I clicked the link it went to some other site, which is exactly designed like the UTI Banks website. No SSL certificate found in that site.
So be alert that these kind of mails may be we get from the phishers. By chance if you happen to give your details, it would be stored in the phishers / hacker’s system, and its easy for the phishers / hacker’s to log in to your account and get the money. So make sure not to provide your contact details until you are sure that the email is from the UTI Bank and is a genuine one and also HAS GOT A PADLOCK ICON in the browser, which meets the criteria as well including the https:// in the link. Also UTI Bank account holders please do check if the link points out exactly to http://www.utibank.com/ and then got the banking session from there. Its up to us, whether to get fooled or not.
When I clicked the link it went to some other site, which is exactly designed like the UTI Banks website. No SSL certificate found in that site.
So be alert that these kind of mails may be we get from the phishers. By chance if you happen to give your details, it would be stored in the phishers / hacker’s system, and its easy for the phishers / hacker’s to log in to your account and get the money. So make sure not to provide your contact details until you are sure that the email is from the UTI Bank and is a genuine one and also HAS GOT A PADLOCK ICON in the browser, which meets the criteria as well including the https:// in the link. Also UTI Bank account holders please do check if the link points out exactly to http://www.utibank.com/ and then got the banking session from there. Its up to us, whether to get fooled or not.
Thursday, December 28, 2006
What Users Do On The Internet - Why Internet Security Needed?
Increased No. of Users + Increased Internet Security = Increased Sales/Business.
Source : http://www.internetworldstats.com/top20.htm (Click Image to Enlarge)Hope now you will understand why Internet Security is Important - Here's the Statistics for........ Click on the Image to Enlarge
Source: http://www.stanford.edu/group/siqss/Press_Release/Chart9.gif
Subscribe to:
Posts (Atom)
Is taking a Bank Loan Good or Bad?
Definitely taking a bank loan shouldn't be a choice for you and should be the last resource if you need to. You may be wondering, why am...
-
Definitely taking a bank loan shouldn't be a choice for you and should be the last resource if you need to. You may be wondering, why am... -
Computer security threats have been increasing along with the technology growth, and high usage of World Wide Web. Though there are Interne... -
It is common now, you can access wifi from anywhere. But you should be aware that when you access internet over a unsecured network, you con...