Posts Tagged ‘CMS’

Security Focus: It’s What’s Behind the Seal That Matters

Tuesday, April 24th, 2012 | Dave Rockvam

In my last post, I briefly discussed a survey Entrust commissioned to understand the effect trust seals have on online transaction behavior. Coincidentally, I discovered an article in IEEE Security & Privacy magazine about a similar survey the magazine conducted.

Security-related items were one of eight different factors the survey identified that affected the participants’ buying choices. Trust logos and certifications, as they referred to them, were not an important determining factor. The most familiar trust seal was recognized by only 17 percent of those surveyed. This trust seal was recognized only due to a previous online experience and not due to familiarity with the brand. More compelling is the fact that not one participant knew why this seal meant a site was secure.

(more…)

Tags: , ,
Posted in Certificate Management, Document Signing, Secure Browsing | Add Comment | No Comments »

Security Considerations of Wildcard Certificates

Friday, December 11th, 2009 | Steve Duncan

On the surface, wildcard certificate might make sense: they allow you to secure multiple subdomains belonging to the same organization with the same domain name.  For example, if a company owned the domain for anycompany.com, a wildcard certificate could be used to secure the subdomains of *.anycompany.com. Now that company could use that single wildcard to secure vpn.anycompany.com, contracts.anycompany.com and payment.anycompany.com.

The potential cost savings of wildcards have to be weighed against the security weaknesses of them:

  • If one server or sub-domain gets compromised, all sub-domains and servers would be compromised. That’s just not a good security practice
  • There is no way to revoke the SSL digital certificate for one sub-domain without having to revoke the digital certificate for all of the other sub-domains.
  • Not all applications may be compatible with wildcard certificates. In particular, many mobile applications will not work with wildcards.

If the reason for going for a wildcard certificate is to reduce the complexity of managing multiple certificates, then customers are better off buying certificate within free certificate management services such as Entrust’s CMS.  It’s lower risk than a wildcard certificate and a better way of managing certificates.

Tags: ,
Posted in SSL Deployment | Add Comment | No Comments »