AlexLee.eu

Part one – how to protect yourself.

Recently I have had the unenviable task of trying to reach a compromise between security and marketing in relation to emails.

It has not been an easy one as is often the case with these kinds of situations. The more secure something is, the less attractive or friendly it becomes which is not something brand/ marketing like to hear. Add to this the fact that often what brand and marketing think is great isn’t always the most accessible let alone secure, particularly when it comes to emails.

However with the increase in attacks coming via email, the need to be secure in our electronic communications is ever increasing. As these attacks increase, the need for companies to not only be secure in everything they do but to try and educate the consumer in how to be secure in the electronic age also increases.

I have often told friends and colleagues that the best way to be secure online is not necessarily by building a fortress around yourself of both hardware based and software based firewalls as well as routers and anti virus/ spyware/ malware or rootkit/ adware hunters etc, but through changing the way they behave online.

continue reading…

Bookmark to:

Hide Sites

EV certs or Extended Validation SSL certificate became available some time ago but have been quite slow to take off and are not widely known about or appreciated, but their adoption by organisations is increasing.

To the layman, a certificate is used to validate a secure area of a website. When you are browsing such a website, as part of the process of setting up a secure connection with your computer, you will request information from the website. One of these details will be a certificate which is basically the servers identification. This will contain the server name, the trusted certificate authority (CA), and the servers public encryption key used to encrypt and decrypt the information you are about to communicate to each other.

The only difference between the EV certificates and ordinary SSL certificates is as the name implies some extended validation by the certificate authority and surprise, surprise a higher price tag and this is what is supposed to make them special and harder for the bad guys to get their hands on them.

Because of the extra security measures IE 7 released a patch to change the behaviour of its browser to display these certificates differently.

Firefox also has a plug-in created by VeriSign which you can get here.

This will also change the behaviour of the browser for these new certificates and it doesn’t look that dissimilar from Microsoft’s, now I don’t know which one came first but to be honest I don’t care either.

Security is one of those topics where consistency across platforms can only help spread the word on security and help to make people more aware and in the end more secure.

My only concern with these new certificates is that with the increase in price tag (£489/year for a regular certificate versus £767/year currently at VeriSign), only the very large organisations will be able to afford them and looking around UK organisations, not many have them with Egg being the only bank at the time of writing.

Bookmark to:

Hide Sites