Our press kits offer a look at the people, culture and core values that contribute to DigiCert's success:
Find the DigiCert photos, videos and images you're looking for - for media use:
Learn how new Top-Level Domains and CA/B Forum baseline requirements may affect your SSL Certificates.
The Wikimedia Foundation partners with DigiCert for strong securtiy and streamlined management using Enterprise Managed PKI Services
Media and analysts, contact:
- Jeff Chandler
- Director - Public Relations
We need cooperation to secure the Internet of Things
It's a common sentiment of internet-connected device owners and even some manufacturers that the security of an individual device isn't so important…Individual unsecured devices, especially consumer-facing ones, aren't so dangerous by themselves, but they become more dangerous as a swarm. We witnessed just such a swarm on October 21, with the Mirai botnet assault on a portion of the Internet's phone book (also known as a domain name server, or DNS) that shut down the internet on the East Coast.
When individual devices aren’' secure, hacking into a large number of devices becomes as easy as hacking into one device. But a large portion of the threat can be mitigated if companies and developers follow security best practices, many of which are well established and can be practiced today.
Dyn DDoS May Just be the Beginning!
It has been just over ten days since the massive Dyn Distributed Denial-of-Service (DDoS) attack that brought sites like Amazon and Twitter on their knees. The attack affected about 100,000 Internet of Things (IoT) devices and security firm Flashpoint has confirmed that some of the infrastructure responsible for the DDoS attacks against Dyn DNS were botnets compromised by Mirai malware. What is truly worrisome is that this could be sign of things to come.
We talk to Jason Sabin, Chief Security Officer at DigiCert on his thoughts on these attacks and what it means for the IoT devices sector. Jason frequently consults with device manufacturers on how to improve their security environment. He works closely with the DigiCert customers to develop innovative new platforms and features that simplify SaaS-based digital certificate management for the enterprise and IoT. He has filed more than 50 patents involving identity management and cloud security and many of Jason's innovations are in use by several Fortune 500 companies today.
Cisco Proves EST Interoperability with DigiCert
Interoperability for technology solutions is a top priority—standards used in these solutions become irrelevant when products operate in a silo. Thus, shifting to a new protocol in any solution takes careful consideration and collaboration by multiple parties in order to achieve a seamless operation.
One such protocol is Enrollment over Secure Transport (EST). EST provides secure digital certificate provisioning. Some of our products already support EST for digital certificates (e.g., Cisco IOS and IOS-XE), but EST endpoints don't just operate by themselves. EST involves a certificate consumer and a certificate provider, usually called a Certificate Authority (CA). We needed to ensure that our EST solutions are compatible with third parties such as CAs, authentication servers, and endpoints.
To achieve that, Cisco collaborated with DigiCert to make sure Cisco's EST implementations are interoperable with their CA. Today we want to share with you some lessons we learned from our testing.
Securing streaming media provides roadmap for IoT
...While some streaming services have taken precautionary steps toward protecting consumers using streaming devices and systems, unfortunately many have not. Some still view security as an afterthought...To gain consumer trust, responsible organizations should take initiative to protect their media streaming service...
Security solutions need to be simple enough — even transparent — for users to actually use them. Companies like Plex have found solutions by partnering with a trusted certificate authority to implement PKI technology into their systems and platforms. Likewise, PKI can help solve the scalability challenges of IoT implementations that involve millions of connected devices and their associated credentials.
How To Choose The Best SSL/TLS Certificate For Your Online Presence
Buying an Organization-Validated (OV) or Extended Validation (EV) SSL/TLS Certificate will enhance your website’s reputation, give customers the assurance they need to complete secure transactions with confidence, decrease cart abandonment rates, and build long-term customer loyalty…Establishing trust is mission critical…An SSL/TLS certificate provides the most basic level of trust—the padlock icon in the address bar of your customer’s browser…Not all SSL/TLS certificates are the same. Different kinds of certificates display different information. Some only show the domain name while others show more information about the company.
PKI: The Security Solution for the Internet of Things
PKI is uniquely positioned to deliver on the necessary and critical security needs of the IoT. The Institute of Electrical and Electronics Engineers points out, "When you're looking at authenticating devices, the only real standards at the moment that offer any real interoperability tend to be Public Key Infra- structure (PKI)."
Securing Medical Devices – A Policy, not a Technical, Challenge
Progress is finally happening in healthcare cybersecurity. Traditionally, healthcare has lagged behind other industries in enabling security controls, but amid reports of breaches, medical device vulnerabilities and the attention of federal regulators, innovative companies are advancing positive change.
Yet, legacy mindsets still threaten healthcare's ability to stay ahead of evolving threats, especially as medical device manufacturers strive to innovate fast enough to address real security challenges. Medical industry boardrooms need to adopt policies that match today's security landscape before patient harm or regulatory intervention forces their hand.
DigiCert CEO Nick Hales Named EY 2016 Entrepreneur of the Year
Services Category Winner Nicholas Hales - CEO, DigiCert
There are plenty of companies selling digital certificates to websites. Where DigiCert stands out is its focus on helping customers beyond that sale–from obtaining a certificate and its installation to monitoring and fixing any hiccups. "We help them control the entire certificate lifecycle, not just purchasing the certificate," says DigiCert CEO Nicholas Hales.
The priority on service is true of DigiCert's entire philosophy, Hales says, through every department and every employee.
"A lot of people look at customer service as strictly a number you call and someone answers the phone. That is customer service. A lot of companies look at it as a necessary evil," he says. "We try to take the principles of the brick-and-mortar world in sales and marketing and bring them to the internet, where customer is king, and try to treat the customer as someone you're providing the service to, not solving a problem for. So it's not just the guy who answers the phone for support. It's not just a guy who answers an email or message. It's more than that: Every department within the company needs to be customer-centric and worry about what that customer experience is."
"One of the keys to success is surrounding yourself with people who are brighter than you, who have knowledge in areas you don't have."
DigiCert honored for leadership in online security
DigiCert has been named to the 2016 Online Trust Alliance (OTA) Honor Roll, marking the fifth consecutive year the company has been recognized for its leadership in online security and privacy.
"OTA commends DigiCert not only for achieving the Honor Roll for the fifth consecutive year, but more importantly, its commitment to collaboration in both the public and private sector," said Craig Spiezle, Online Trust Alliance CEO and executive director in a press release.
Securing the Internet of Vulnerable Things
Embedded device manufacturers have started focusing on devices that talk to each other — a car that knows when your musical choices based on your playlists on your mobile or a house that senses your mood based on your smartwatch notifications. Things are getting increasingly connected.
We are making our devices and our lives accessible but are we making them secure?...
The US Federal Trace Commission released guidelines for IoT manufacturers urges them to follow standards. Privacy Commissioner of Canada also seems to be taking note of the matter. Even though governments all over the world start to take cognizance of this threat, privacy experts warn users of trusting only certified and secure products from known vendors. The vendors need to increase their spending to get their IoT devices security audited and certified by trusted agencies. There are already IoT certifications being provided by companies like DigiCert that the vendors can aggressively use.
3 big IoT security fears, and how developers can tackle them
The Internet of Things (IoT) is poised to become the biggest technological breakthrough of this decade, similar to how the smartphone earned a spot as the greatest triumph of the prior one…However, there is a mounting fear that this promised IoT utopia is actually becoming a cybersecurity Wild West. A dense crowd of companies large and small is attempting to “disrupt” this trendy space, and this dissonant group sparks security concerns among many IT professionals and consumers.
"Many key security protections are missing as of now. These include strong authentication to devices and networks to make sure only authorized individuals can get data, as well as encryption of data at rest and in transit," Sabin said. "Similarly, many existing devices have not been built with firmware capable of being updated to meet evolving threats."
Guard Your Security When Filing Taxes Online
A recent Online Trust Alliance survey, sponsored in part by DigiCert, found that free e-file services may not be using best practices in security. The KSL-TV consumer team talks to DigiCert's Flavio Martins about the report's findings and what consumers can do to stay safe.
At DigiCert, Security is Mission Critical
Interview with Jason Sabin, Chief Security Officer of DigiCert:
Security is a very important yet often overlooked component to online safety, especially with how easy it is to access sensitive data over bits and bytes and through vulnerabilities that have been exposed through code leaks. Jason Sabin came into his role at DigiCert, a certificate provider offering SSL, TLS, and PKI expertise, through unconventional means, but he's passionate about what he's done. It's been great to learn about his business and DigiCert's core competencies.
"TLS and SSL are a critical backbone of Internet communications today. Without them, you’d be open to a lot of vulnerabilities and problems,” says Jason Sabin
"As a go-to provider of IoT security solutions, we feel very confident of our growth prospects and our ability to provide the best certificate-based security solutions. The smartest companies are coming to us, and we’re working with them."
E-filing taxes? Watch out for fraud.
If you're planning on filing your taxes online, caution is advised. An audit released this week by Internet security nonprofit the Online Trust Alliance found that 46 percent, or 6 out of 13 tax software websites in an IRS program, failed cybersecurity protocols. The websites are part of IRS Free File program, which lets anyone who made under $62,000 in 2015 file taxes electronically for free...Some of the websites had issues with lack of email authentication, according to the OTA, which lets cyber criminals send out phishing emails, fake emails purporting to be from a company. Other sites had vulnerabilities that could lead to personal information being stolen.
According to an independent survey by IDT911, a data security firm, some 63 percent of U.S. taxpayers polled believe that tax fraud "could never happen to me" — and aren't that concerned by the prospect. The study also found that nearly 20 percent of U.S. filers haven't ensured their wireless networks are secure when filing online.
"The sophistication of cybercriminals is a lot more advanced than a few years ago. It's hard for the average consumer to tell [if a website or email is legitimate]," said Jason Sabin, chief security officer at DigiCert, a technology security firm..."This is not like school. Everyone can and should be on honor roll," Sabin said in a phone interview.
To protect personal data when e-filing taxes, experts suggest users look for clues that the website you are using is encrypted. Most browsers display either green in the browser bar, or a closed lock symbol, that shows users the site is secure.
Six of 13 IRS-Approved Tax Preparers Fail Cybersecurity Test
Nearly half the firms that have agreements with the Internal Revenue Service to provide online tax-preparation and filing services are failing to protect customers' privacy and security, according to an audit scheduled to be released Wednesday.
The audit by the nonprofit OnlineTrust Alliance found that six out of 13 firms, including Jackson Hewitt and Free 1040TaxReturn.com, don't provide adequate security against cybercriminals. Seven firms, including Turbo Tax, H&R Block, TaxAct and TaxSlayer were praised for their practices and named to an "Honor Roll".
The group did the audit in early February. It was funded in part by grants from three cybersecurity firms, including DigiCert Inc.
Pressure grows to boost security of infusion pumps
Momentum is building toward finding a way to fix security vulnerabilities in wireless medical infusion pumps, which are widely used in the nation’s hospitals.
The National Institute of Standards and Technology (NIST) is mounting the charge, announcing in late January that it’s looking for technology companies to participate in a collaborative project to improve the security of wireless infusion pumps.
Manufacturers are aware of the concerns and have been working toward reducing the risks, says Mike Nelson, vice president of DigiCert, a company that provides security and identity solutions. "I do think the issue is very real, and there is a real risk of introducing a 'back door' into a hospital network. All these vulnerabilities need to be addressed."
Healthcare IoT security issues: Risks and what to do about them
With all the benefits of IoT in healthcare also come the risks. A group of experts discuss exactly what those dangers are and what to do about them: Mike Nelson, Karl West, and Scott Erven.
In healthcare, the Internet of Things offers many benefits, ranging from being able to monitor patients more closely to using generated data for analytics.
But that increased flow of information also brings risks that health IT professionals need to address.
"There are so many benefits that come with these new connected devices," said Mike Nelson, vice president of healthcare solutions at DigiCert..."But they also present some new risks and vulnerabilities that as an industry we haven't, I would say, firmly dealt with to this point."
Nearly 40 Million People Might Not Be Able To Safely Browse The Web On Jan. 1
On the morning of Jan. 1, 2016, anyone with a cell phone more than five years old will be unable to access the encrypted web – which includes sites like Facebook, Google, and Twitter – according to a new plan to upgrade the way those sites are verified.
It might not be a big deal in New York or San Francisco, where a 5-year-old phone is treated as an antique, but in some parts of the developing world up to 7% of internet users could find themselves suddenly cut off from the world’s most popular sites, according to research recently published by Facebook and CloudFlare.
Jeremy Rowley, a CA/Browser Forum representative for DigiCert, a major certificate-issuing authority, told BuzzFeed News that while the group sees the move to SHA-2 as necessary from a security standpoint, it sees the points raised by Facebook and CloudFlare as valid.
"We support Facebook's recommendation that there should be something to do rather than cutting out all these people at the same time," said Rowley. He said Facebook was expected to submit a timeline for its proposal by the end of the working day Monday, but by 5 p.m. PST, it was unclear if Facebook's proposal has been finished.
Expert explains potential security risks of wearable tech
While fitness trackers, smartwatches and even smart clothing can make for fun presents, experts say consumers should keep the devices' potential security weaknesses in mind while shopping. Most wearable devices connect to the Internet or are Bluetooth enabled, meaning they could be vulnerable without safeguards like data encryption and authentication.
Jason Sabin is the chief security officer at Utah-based DigiCert, which provides SSL certificates – recognizable as the padlock that shows up on secure websites — for organizations that include Facebook, PayPal and NASA. He said that as an avid runner he likes the idea of a lot of wearable devices, but that as a security expert the lack of protection scares him.
Better Internet of Things security needed
The predominant theme at the DigiCert Security Summit Nov. 12–13 in Las Vegas was improving the usability of security solutions for the Internet of Things, (IoT), enterprises and end-users.
Many of the discussions at the Security Summit focused on protecting data in the era of the IoT, as the number of connected objects and devices is expected to increase exponentially in the next five years.
"The IoT introduces a new scale for security, one that we're prepared to help organizations efficiently implement," said Jason Sabin, DigiCert chief security officer. "Express, automated installation and real-time certificate monitoring and inspection provide organizations the scalabilities, efficiencies and real-time insights into their systems that make strong security of devices and data in motion feasible. Leading organizations know that device authentication and data encryption are must-haves for the IoT era."
IoT requires strong authentication, paired with encryption, to succeed
Think back to the height of the Cold War. As the US and the Soviet Union amassed huge stockpiles of weapons, the real battle was waged with information…Flash forward to today, and we see a battle of information and identity between organizations and attackers trying to steal personal information that they can turn around and sell. Nowhere is the risk greater than with the exploding Internet of Things (IoT) market. The threat vector is expanding…Encrypting all data is vitally important, but we have to make sure that the encrypted data ends up in the right hands. Hence, the importance of high-assurance identity binding to accompany security credentials online.
Why Medical Device Security Needs a Comprehensive Approach
Medical device security is quickly becoming one of the top issues in the healthcare industry, especially as more healthcare providers implement connected devices. Organizations must ensure that everything from an X-ray machine to MRIs and even pace makers have the necessary security solutions in place to prevent unauthorized access.
General best practices for security devices, vulnerability testing, and the responsibility of medical device security are three main issues, according to DigiCert VP of Healthcare Solutions Mike Nelson. DigiCert is hosting a Security Summit November 12 and 13, with Nelson moderating a panel discussing medical device security. "An issue right now not just with devices being manufactured, but also with Legacy devices that exist within hospitals right now," Nelson said in an interview with HealthITSecurity.com. "The question is, 'Whose responsibility is it to secure those devices?'"
Facebook helps Tor project get official recognition for .onion hidden sites
With the efforts from Facebook and the Tor project, it should become easier to browse securely via SSL on the so-called Darknet. It's not clear, in practice, if obtaining an SSL certificate for a .onion site will now be as standard as doing the same for a .com or .net. But DigiCert, the certificate authority that worked with Facebook on its .onion SSL certificate last year, expects to see more requests. Obtaining an SSL certificate for a .onion site also isn't as simple as it is for a regular site. ".Onion sites may only obtain EV certificates. EV Certificates require a high-level of identity validation that ties an existing, registered, entity to the certificate’s public key," Rowley said. "This is a far greater level of scrutiny than what most .com and .net sites go through to obtain a certificate."
How to prep your ecommerce store for holiday shoppers
Even though it's only early October, if your online retail business isn't already gearing up for the holiday season, you may miss out on revenue. So what should you and your staff be doing now to ensure your ecommerce store is able to handle the extra holiday-related traffic? Following are 16 tips from ecommerce, security, and digital marketing pros on how to make sure your online store is prepared for the Hanukkah/Christmas/Kwanzaa shopping season.
Security is top of mind for many online shoppers these days. So "installing a high-assurance SSL/TLS certificate on your website is a must," says Flavio Martins, vice president of Operations, DigiCert.
Direct messaging can reduce Medicare fraud and waste
Article by Scott Rea vice president of government and education relations and senior PKI architect at DigiCert:
Our healthcare system is often too wasteful and inefficient, placing a strain on patient outcomes and the federal budget. The Center for Medicare & Medicaid Services alone is burdened with $50 billion a year just in wrong payments. We're in need of a major step forward using modern technology to provide efficiencies, and Direct messaging is the solution.
Direct messaging continues to grow because of its simplicity of use and interoperability via a standardized framework put in place by DirectTrust. The benefit of "Direct" is that it supports whatever data formats are already being used by provider EHRs. The focus is on securing the transport method, irrespective of what the message content is. Direct messaging, as prescribed by DirectTrust, utilizes military grade public key infrastructure to give providers, payers, clinics, and all healthcare parties a secure channel to communicate via simple e-mail protocols.
AdvaMed 2015: Cybersecurity of Medical Devices a Real Concern
During the AdvaMed 2015 panel on cybersecurity, enticingly titled "The Hidden Life of Medical Devices," Vice President of Government/Education Relations and Senior PKI Architect for DigiCert Inc. Scott Rea reminded attendees not to forget these threats. "We shouldn't lose sight of how the health industry has traditionally been slow on the best ways to serve patients because of perceptions of cybersecurity," Rea, an expert in and an advocate for advancing healthcare IT security, said. "As healthcare begins to embrace these things, we mustn’t lose sight of the fact that there are malicious groups out there ready and waiting to take advantage."
Thoma Bravo Invests in Security Firm DigiCert
Private equity firm Thoma Bravo is once again wading into the security arena, this time picking up a majority interest stake in security vendor DigiCert. As part of the deal, in which financial terms have not been publicly disclosed, Thoma Bravo is acquiring the majority interest in DigiCert, with existing shareholder TA Associates remaining on-board as a minority shareholder. Current management at DigiCert will remain in place to oversee day-to-day operations. "We look forward to adding Thoma Bravo's strategic insight and influence as we embark on our next phase of growth," Nicholas Hales, CEO at DigiCert, said in a statement.
Tales from the Crypt: Hardware vs Software
With the use of mobile devices booming, and attacks against government networks and business databases escalating, data security has become a hot topic for IT system managers and users alike. Today’s technology advances have spurred a number of solutions to meet the requirements and the pockets of everybody who needs to secure a machine, from a simple home computer, to the most sophisticated networks. Sorting through so many different solutions, however, can be overwhelming. "Recent security breaches in multiple industries – including entertainment, retail, and healthcare — tell us that large enterprises are not paying enough attention to security best practices," says Dan Timpson, CTO at certificate authority DigiCert.
Cloud security sector leads cybersecurity mergers and acquisition report
The cyber sector is white hot. According to IDC, the hot areas for growth are security analytics/SIEM, threat intelligence, mobile security, and cloud security. Corporations are investing heavily in these areas to combat cybercrime. Here's some noteworthy mergers and acquisition activity to report over the recent quarter (Q2 2015): DigiCert, a global Certificate Authority and leader of trusted identity solutions, acquires the CyberTrust Enterprise SSL business from Verizon Enterprise Solutions. Financial terms of the deal were not disclosed. The acquisition makes DigiCert the second-largest Certificate Authority (CA) for high-assurance SSL certificates.
Forget Your Smartwatch, Because Smart Clothing is Where It's At
Smart clothes are increasingly where it's at and where the industry is headed – a growing universe of garments made from fabric that's wireless, washable and that integrates computing fibers into the integrity of the fabric. As just one indicator of how big this market may soon be, Google announced a partnership recently with the iconic clothing maker Levi's. With such progress however, comes security issues and concerns. "A lot of this stuff is being done insecurely. Now we're connecting millions of devices, such as smart clothing and wearables, and a lot of it is insecure," says DigiCert CSO Jason Sabin, whose company is discussing security solutions with many IoT companies.
Security needs to be a top priority for healthcare leaders
Back in the old days – say, a whole 10 years ago – thieves had to be physically inside a healthcare facility to steal patient information. How times have changed.
Now, with the Internet and the seeming lack of consistent implementation of online security best practices when it comes to patient information, we’re making things much easier for attackers. The proof is in the data. Gartner research conservatively estimates close to 40 million health care records have been breached to date. That’s likely a conservative figure, given that breaches of fewer than 500 records are not required to be reported.
Avivah Litan, cybersecurity analyst at Gartner, told the Associated Press after the Anthem hack, "The healthcare industry is generally about 10 years behind the financial services sector in terms of protecting consumer information."
It's Time to Change How We Think About SSL/TLS
Logjam reminds us of the new reality we face in needing to continuously monitor and manage our SSL/TLS deployment. While many may wish it weren’t so, it’s critical that we pay more attention to digital certificates and secure server configuration and apply updates immediately. Recent reports show that a large number of Fortune 2000 companies still have not taken every step to remediate Heartbleed threats to their servers.
We’ve seen a rising tide of hacks in recent years, occurring in part because most businesses have no clue how to smartly manage their certificate landscape. With Google’s Certificate Transparency (CT) and new tools to continuously monitor certificate deployment, we can do better. There’s no reason not to know about vulnerable deployments and fix them. It’s time to stem the tide.
IoT is the password killer we've been waiting for
IoT, with its tiny screens & headless devices, will drive an authentication revolution. It's a short leap from the kind of two-factor authentication used on the Apple Watch to proximity-based authentication that does away with any user interaction. Passwords are just the canary in the coalmine. "Maybe authentication becomes the way you walk as a person, or how you interact with the environment around you," Jason Sabin said. "My shoes, my phone, my watch, my clothing – those could be another form of identification to prove that I am 'Jason.'"
Banks are skimping on website security
Capital One, JPMorgan Chase, Suntrust, Wells Fargo -- none of them use what's commonly referred to as the "best practice" in the industry when it comes to Web security. The worst offenders are HSBC and TD Bank. Their homepages don't even secure private connections with customers, who might be unwittingly logging into fake websites run by cyberthieves. The only banks that do it right? BNY Mellon (BK) and PNC (PNC). DigiCert CSO Jason Sabin said banks "should be using https throughout their site. It doesn't cost any more."
DigiCert Grows SSL/TLS Business Via Verizon Enterprise SSL Deal
DigiCert today announced that it is acquiring the CyberTrust Enterprise SSL business from Verizon Enterprise Solutions. The acquisition, the financial terms of which are not being publicly disclosed at this time, will further bolster DigiCert's customer ranks, while providing new security certificate options to Verizon's customers.
Continue reading at
|IT Briefcase||GovCon Wire||Web Host Industry Review|
DigiCert Acquires Verizon Enterprise SSL Business
Global Certificate Authority (CA) DigiCert announced on Tuesday that it has acquired the CyberTrust Enterprise SSL business from Verizon Enterprise Solutions. The acquisition will help DigiCert become the second-largest CA for high-assurance SSL Certificates, behind industry leader Symantec. As part of the deal, Lehi, Utah-based DigiCert will assume management of the CyberTrust trusted roots and intermediate certificates.
Plex Mounts Huge DigiCert Encryption Install for Media Streaming
DigiCert’s SSL/TLS Internet of Things (IoT) solution will address tens of millions of Plex media servers and clients—making it one of the largest implementations of publicly trusted certificates to date. From now on, every Plex video and music streaming packet leaving and entering a user’s network is encrypted, and its recipient verified.
Continue reading at
|PC World||The Next Web||Digital Trends|
|Android Headlines||CIO Asia||NextPowerUp|
|Enterprise Security Today|
How DigiCert's CSO Looks at SSL/TLS Security
eWeek's Sean Kerner sits down for a video interview with DigiCert CSO Jason Sabin to discuss SSL/TLS security and DigiCert's efforts to improve security operations and standards for all. He also discusses DigiCert's work to simplify certificate management for the enterprise.
What Happens When Health Data Is Transferred, How to Protect It
When it comes to medical records, there is no lack of people with bad intentions trying to get their hands on that information. Unless healthcare organizations use available technology to protect this data flowing over the Internet, we are bound to witness more attacks like those that struck Anthem and Premera.
Security Issues at the HP Online Store
Digital certificates are a large part of what makes a secure web page/site secure. A certificate is a file that the website provides the browser. Certificate files serve two main functions, encryption and authentication…Domain Validation certificates are cheap, issued quickly and come with no practical trust. Extended Validation certificates cost more, take time to issue and are far more trustworthy.
NFC Tags Get Much Needed Security Upgrade
DigiCert is one of just two providers approved to provide digital certificates to verify signatures in NFC tags. This greatly enhances security. Learn more about the technical specification that DigiCert helped create and how it benefits consumers.
DigiCert Rolls Out Certificate Monitoring; Express Install automates SSL deployment
DigiCert, a leader in SSL Certificate trust, today is announcing new ways to automate SSL certificate installation and server configuration while helping enterprises detect certificate fraud. Certificate Monitoring parses data from Google Certificate Transparency (CT) logs and proprietary DigiCert systems to give enterprises unparalleled insight into certificates issued for their domains, along with phishing detection. Express Install, unlike any other utility available, simplifies and automates SSL installation and server configuration for Windows servers and top Linux distributions.
DigiCert Offers Continuous Monitoring of Digital Certificates to Defeat Fraud
CAs hold the security and trust of the Web in their hands, and issues like an intermediate CA associated with Chinese certificate authority CNNIC mis-issuing certificates for Google domains haven’t helped reinforce that trust. To help address the problems, CA DigiCert is introducing a new platform that enables continuous monitoring of all of an organization's certificates to protect against fraudulent certificate issuance, theft and other abuses of the system. The platform is based on DigiCert's participation in Google’s certificate transparency scheme, which creates public logs of issued certificates.
Google's Certificate Transparency Project Gains New Backers
Making sure that Secure Sockets Layer (SSL) certificates are authentic and have not been improperly issued is a challenge the Google-led Certificate Transparency effort is aiming to help solve. Multiple vendors now supporting the Certificate Transparency effort include certificate management vendor Venafi and certificate authority (CA) DigiCert. The Certificate Transparency initiative requires CAs to publish certificate information to a minimum of three log servers. CAs are the trusted authorities that can sell and manage SSL certificates.
What You Need to Know About Google Certificate Transparency
Over the past few years, there have been several fake SSL wildcard certificates created, due to lapses at certificate authorities (CAs) and sometimes through compromised server infrastructure. These fake SSL certificates can be utilized to masquerade as legitimate, secure websites, appearing to be verified and authentic, fooling web browsers, so users can't tell that a site they're visiting is not secure.
Certificate Transparency Moves Forward With First Independent Log
The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicator in Google Chrome. On Jan. 1, a CT log operated by DigiCert, a Utah certificate authority, became operational, making it the first non-Google CT log to be approved. The approval is an important step, as part of the CT scheme requires that two-year extended validation certificates have proofs from three separate logs. Google currently operates two logs of its own.
Not Your Father's Workplace
Increasingly, leading companies are providing their employees with work/life balance, including the ability for working dads to enjoy workplace flexibility and be more involved in their children’s lives. A multi-year winner of the Alfred P. Sloan Award, DigiCert values its employees attention to their families’ needs and strives to provide a flexible, supportive work environment.
Mozilla to Support Certificate Transparency in Firefox
Mozilla is planning to add support for Certificate Transparency checks in Firefox in the near future, but the company says that the feature won’t be turned on by default at first. Certificate Transparency is a proposal from engineers at Google that would help resolve some of the issues with certificate authorities, fraudulent certificates and stolen certificates. The framework would provide a public log of every certificate that’s issued by compliant CAs and also would provide proof to users’ browsers when each certificate is presented. Google is planning to implement CT in Chrome, and now Mozilla officials say that the company will implement in Firefox, but the process will be a gradual one.
Securing Blockchain Users with Tor and SSL
Over the past couple of weeks there has been a marked increase in the number of man-in-the-middle (MITM) attacks against Tor users of web based Bitcoin wallet provider Blockchain.info. One user reported 63 bitcoin stolen, and there were many other examples as the thefts continued despite warnings to users. The attacks were so successful that Blockchain resorted to blocking all traffic to the wallet service from Tor exit nodes.
After thefts, Bitcoin wallet heads to HTTPS Tor .onion address
UK-based Bitcoin wallet provider Blockchain has a new .onion address and, like Facebook, it’s got itself a signed SSL certificate to validate its hidden website in an effort to combat thefts against its users. Blockchain, the maker of the world’s most popular Bitcoin wallet, has followed Facebook down the path of the so-called ‘dark web’ — where sites or hidden services with a .onion suffix are not accessible by standard web browsers. Onion addresses are referred to as the dark web, in particular when law enforcement links a Tor hidden service to more nefarious activities on the web, such as those the alleged operators of the recently seized Silk Road and Silk Road 2.0 marketplaces have been accused of. Facebook’s arrival as a hidden service illustrated they could also facilitate access to a site from nations where it is censored, such as China and Iran. Blockchain’s hidden service on the other hand was a response to a spate of attacks on users of its wallet who’d accessed its site through the The Onion Network (Tor) browser.
Get Ready to Upgrade your SHA-1 Certificates!!!
Believe most of you are aware that SHA-1 SSL certificates are going to be discontinued by Microsoft after 2016. As we all know that SHA-1 is the commonly used certificate and most of the websites out there in the Internet are using this Cert and also this is the common Certificate that is used inside most of the Organizations. I am writing this post today to refer and remind you up on this critical update to begin your Cert upgrades to supported SHA-2 SSL certificates proactively and point you to the vital resources well written and available in the community by Technical Experts and vendors for better understanding on the topic.
Is Your Organization Using SHA-1 SSL Certificates?
Following a recommendation by the National Institute of Standards and Technology (NIST), Microsoft will block Windows from accepting SSL certificates encrypted with the Secure Hash Algorithm-1 (SHA-1) algorithm after 2016. Given the number of mission-critical SSL certificates that are allowed to expire from inattention, administrators have their work cut out for them. By knowing what will happen, why it's happening, and what you need to do, you won't be surprised by these important policy changes.
Retailers Demanding Federal Action on Data Breach
In an unusual move, retail groups from across the U.S. sent a letter to Congressional leaders that urged them to pass federal data protection legislation that sets clear rules for businesses serving consumers. The letter, dated November 6, was addressed to the majority and minority party leaders of the U.S. Senate and the House of Representatives and signed by 44 state and national organizations representing retailers, including the National Retail Federation, the National Grocers Association, the National Restaurant Association and the National Association of Chain Drug Stores, among others.
Expanding Use of PKI in Variety of Devices Holds Challenges [Emirates News Agency (WAM) (United Arab Emirates)]
(Emirates News Agency (WAM) (United Arab Emirates) Via Acquire Media NewsEdge) One of the longest running jokes in the security industry is that each coming year finally will be The Year of PKI. While that one huge year never materialized, the use of PKI and digital certificates has become an integral part of how the Internet works today. But there are some challenges on the horizon that will need some innovative solutions.
DigiCert receives requests for .onion SSL certificates after issuing one to Facebook
Tor hidden services use URL addresses that end in .onion, a suffix that does not exist in the Internet's DNS root zone and is not a TLD recognized by the Internet Corporation for Assigned Names and Numbers. As such, these addresses only resolve within the Tor network through a private DNS-like system. The internal use of made-up TLDs like .onion is not something specific to Tor. Organizations have used pseudo-TLDs like .local, .lan, .corp, .priv and others on their internal networks for a long time, even though it is not a recommended practice.
CIO: DigiCert is considering SSL certificates for more Tor hidden services
Last week, Facebook made its website accessible inside the Tor anonymity network by setting up a so-called Tor hidden service with the facebookcorewwwi.onion address. The company described it as an experiment that will provide Tor users with end-to-end communication, from their browsers directly into a Facebook data center, avoiding third-party exit nodes.
IT-World: DigiCert is considering SSL certificates for more Tor hidden services
Certificate authority DigiCert is considering issuing SSL certificates to more Tor .onion address owners after recently providing Facebook with one. However, SSL certificates for pseudo-top-level domains like .onion that don't actually exist on the Internet are in the process of being phased out and the Tor Project has not yet decided if Tor websites getting SSL certificates is a good thing.
Securing an Internet Made From ‘Duck Tape and Baling Wire’
LAS VEGAS–The Internet that we use today was not designed as a cohesive network. It was put together from found bits and pieces over the course of the last few decades, and, as major bugs such as Heartbleed and others have shown, it’s a frighteningly fragile construction. Attackers know this as well as anyone, and they’ve certainly made a lot of hay in recent years exploiting the fundamental weaknesses of the Internet. Serious flaws in protocols such as SSL, the DNS system and other key pieces of the Internet’s infrastructure have made life easier for the bad guys. But that doesn’t have to continue, experts say.
Jeremy Rowley on the Facebook Tor Cert Decision and the Future of PKI
Dennis Fisher talks with Jeremy Rowley of DigiCert about the company’s decision to issue a certificate for Facebook’s .onion site, the challenge of key protection in today’s environment and what the near future holds for PKI.
Expanding Use of PKI in Variety of Devices Holds Challenges
LAS VEGAS–One of the longest running jokes in the security industry is that each coming year finally will be The Year of PKI. While that one huge year never materialized, the use of PKI and digital certificates has become an integral part of how the Internet works today. But there are some challenges on the horizon that will need some innovative solutions.PKI was developed at a time when having digital certificates in TVs and cars would have seemed absurd. But it’s no longer just Web servers, mail servers and the core network infrastructure that’s in play. Now, the range of devices that use digital certificates includes WiFi routers, mobile devices and many others.
Avoiding the Dark Security Future
LAS VEGAS–Nick Percoco has been thinking a lot about the future of technology, and some of the things he’s dreamed up aren’t very pretty: farms of people renting out their spare brain cycles, autonomous cars that freak out and careen into oncoming traffic and hacking groups hijacking users’ augmented reality gear and demanding ransoms to unlock them.That’s a fairly dark, dystopian view of what’s awaiting us in the coming decades, but it’s not necessarily the way that Percoco believes it has to be. Rather, he believes there’s plenty of time, talent and technology available to solve the fundamental security and reliability problems that could lead to that dim future. Percoco, a security researcher and vice president of strategic services at Rapid 7, said that the brighter, technologically slick future he imagined as a young boy first learning about computers is still a possibility.
DigiCert Considering SSL Certificates for More Tor Hidden Services
Certificate authority DigiCert is considering issuing SSL certificates to more Tor .onion address owners after recently providing Facebook with one. However, SSL certificates for pseudo-top-level domains like .onion that don’t actually exist on the Internet are in the process of being phased out and the Tor Project has not yet decided if Tor websites getting SSL certificates is a good thing. Last week, Facebook made its website accessible inside the Tor anonymity network by setting up a so-called Tor hidden service with the facebookcorewwwi.onion address. The company described it as an experiment that will provide Tor users with end-to-end communication, from their browsers directly into a Facebook data center, avoiding third-party exit nodes.
Go to the PC World website to continue reading
DigiCert Considering Certs for Hidden Services Beyond Facebook
News broke last week that Facebook had built a hidden services version of its social network available to users browsing anonymously via the Tor Project’s proxy service. Unlike any .onion domain before it, Facebook’s would be verified by a legitimate digital signature, signed and issued by DigiCert.What this means is that Tor users could be certain that when they connect to Facebook’s hidden services site in the .Onion top level domain, they were in fact communicating with the real Facebook as opposed to a domain controlled by an unknown third party.
Go to the ThreatPost website to continue reading.
POODLE Flaw Found in Legacy SSL 3.0 Encryption - DigiCert Offers Workaround
POODLE, or Padding Oracle On Downgraded Legacy Encryption, is a newly disclosed vulnerability in the legacy SSL 3.0 protocol that could be exposing users of newer Transport Layer Security (TLS) encryption protocols to risk. Google disclosed the POODLE vulnerability, also identified as CVE-2014-3566, in a research paper. If exploited, the POODLE flaw could potentially enable an attacker to access and read encrypted communications.
Go to the eWeek website to continue reading.
11 Common Ecommerce Mistakes -- and How to Fix Them
No ecommerce site is perfect, especially when it first goes live. Even if you choose a seemingly straightforward or turnkey ecommerce solution, problems are bound to occur. And while it's hard to predict problems, there are certain common ecommerce problems, say the experts, which can be prevented -- or fixed relatively easily. Here are 11 of the most common ecommerce mistakes -- and how to avoid or fix them.
DigiCert Releases Tool to Simplify SHA-2 Migration for System Administrators
"Using the DigiCert® SHA-1 Sunset Tool, administrators can determine validity periods for their SHA-1 SSL certificates and receive information about how Google’s new policy will affect user interaction with these certificates. DigiCert issues new certificates with SHA-2 by default and has done so for nearly a year. For those choosing to migrate their existing SHA-1 to a new DigiCert-issued SHA-2 certificate, DigiCert will provide a free replacement matching the length of the existing certificate licensing term, regardless of whether or not they are a DigiCert customer."
Go to the Dark Reading website to continue reading.
11 Common Ecommerce Mistakes -- and How to Fix Them
"No ecommerce site is perfect, especially when it first goes live. Even if you choose a seemingly straightforward or turnkey ecommerce solution, problems are bound to occur. And while it's hard to predict problems, there are certain common ecommerce problems, say the experts, which can be prevented -- or fixed relatively easily."
Go to the CIO website to continue reading.
Beyond Heartbleed: Closing SSL implementation gaps within our own networks
"As security professionals put in place the final patches to fix the Heartbleed bug, I think network administrators have a unique opportunity to look beyond Heartbleed to close the unintentionally self-inflicted SSL implementation vulnerabilities within their control."
Go to the Help Net Security website to continue reading.
DigiCert Certificate Inspector - Products of the week 03.03.14
"Discover all certificates on network. Identify potential certificate and endpoint configuration vulnerabilities, such as weak keys, problematic ciphers and expired certificates. For each detected vulnerability, receive list of remediation activities."
Go to the NetworkWorld website to continue reading.
Identify and fix vulnerabilities in your SSL certificates
"DigiCert announced DigiCert Certificate Inspector, a tool designed to quickly find problems in certificate configuration and implementation, and provide real-time analysis of an organization’s entire certificate landscape, including SSL termination endpoints. "
Go to the Help Net Security website to continue reading.
DigiCert + security leadership : Looking ahead to 2014 + beyond
"The year’s wrapping up but the cybersecurity predictions are hitting high gear. Today from DigiCert we have COO John Merrill and Flavio Martins, VP of Operations. DigiCert is at the nexus of modern security, providing enterprise security solutions in the fields of PKI, SSL, authentication and digital certificates. Their clients number more than 70,000 around the globe, consisting of financial, government, enterprise organizations and beyond."
Go to the SiliconANGLE website to continue reading.
Code Signing Seen as Effective Way to Safeguard App Security
"There are a number of different ways to ensure application security in the modern IT environment. One of them is by starting right at the source, by enabling application developers to digitally sign their code, in an effort to guarantee the integrity and authenticity of a given application."
Go to the eWeek website to continue reading.
DigiCert Announces Certificate Transparency Support
"DigiCert, Inc., a leading global authentication and encryption provider, announced today that it is the first Certificate Authority (CA) to implement Certificate Transparency (CT). DigiCert has been working with Google to pilot CT for more than a year and will begin adding SSL Certificates to a public CT log by the end of October."
Go to the Dark Reading website to continue reading.
Behind the Padlock: How Secure Web Connections Work
"If you've ever shopped online, and chances are you have, you've probably noticed, or been told to look for, certain indicators that you have a secure Web connection. For many years, the primary indicator was a padlock at the bottom of your browser screen. Now, the padlock is likely to be found in the address bar up top. Sometimes the address bar itself will turn a different color (usually green) when you enter a secure website."
Go to the NBC News website to continue reading.
5 Tips for Securing Your Small Business’s Online Presence
"The intensity and sophistication of cyber-attacks are making it increasingly difficult for small businesses to protect sensitive information online. By implementing the simple steps below, small business owners can build trust and loyalty by ensuring their website is safe for customers to visit, search, enter personal information or complete a transaction."
Go to the SmallBizDaily website to continue reading.
DataMotion, DigiCert Collaborate to Simplify Health Care Data Exchange
"By deploying DigiCert's dual-mode data certification, DataMotion will make secure messaging quicker through the federal government's Direct Project data-transfer protocol."
Go to the eWeek website to continue reading.
Securing and Managing HISP-to-HISP Communication
"DigiCert and DataMotion announced a partnership this week in which DataMotion will issue certificates to healthcare customers using DigiCert as part of the DirectTrust Transitional Trust Anchor Bundle."
Go to the Health IT Security website to continue reading.
Possible security disasters loom with rollout of new top-level domains
Plans to populate the Internet with dozens of new top-level domains in the next year could give criminals an easy way to bypass encryption protections safeguarding corporate e-mail servers and company intranets, officials from PayPal and a group of certificate authorities are warning.
The introduction of Internet addresses with suffixes such as ".corp", ".bank", and ".ads" are particularly alarming to these officials because many large and medium-sized businesses use those strings to name machines inside their networks. If the names become available as top-level domains to route traffic over the Internet, private digital certificates that previously worked only over internal networks could potentially be used as a sort of skeleton key that would unlock communications for huge numbers of public addresses.
"The primary concern is the speed at which these new gTLDs are going to be adopted by ICANN without giving enough consideration to the potential impact on security and established networks," Jeremy Rowley, the associate general counsel for certificate authority DigiCert, told Ars. "I don't think they have an accurate understanding of the number of internal server names [and] internal networks that are out there and the number of certificates that have been issued to those networks."
Go to the Ars Technica website to continue reading.
Securing SMB Online Transactions
"Giving consumers the assurances they need to know they're securely sending their private information to your business."
Go to the Dark Reading website to continue reading.
Under the Lens: DigiCert
Learn more about DigiCert and some of the unique things we're doing to affect change in the SSL industry.
Go to the Utah Technology Council website to continue reading.
DigiCert Ranks Among Fastest Growing
"DigiCert, Inc., a leading online security provider for many of the most recognized brands and websites in the world, today announced it ranked number 160 on Deloitte’s Technology Fast 500(TM), a ranking of the 500 fastest-growing technology, media, telecommunications, life sciences and clean technology companies in North America."
Go to The Hosting News website to continue reading.
These Companies Want You to Take Time Off
DigiCert is highlighted on CareerBliss' list of companies who are changing the way their employees use their time off. PTO at DigiCert helps employees strike a work-life balance.
Go to the CareerBliss website to continue reading.
DigiCert Now Offers EV SSL Certificates for Web Hosts to Resell
"Certificate authority DigiCert announced on Tuesday at HostingCon 2012 that its high-assurance certificates are now available for web hosts to resell."
Go to the Web Host Industry Review website to continue reading.
Ernst & Young Entrepreneur of the Year Finalist
DigiCert founder and Executive Chairman of the Board, Ken Bretschneider, was recently featured in the Utah Business Magazine for being a Finalist in the Ernst & Young Entrepreneur of the Year Award.
Utah's Fastest-Growing Companies
DigiCert has been named one of Utah's top 30 Fastest-Growing Companies for the fourth year in a row by Utah Valley BusinessQ. This incredible growth has been made possible by our loyal customers, great employees, and amazing founder.
Go to the Utah Valley BusinessQ website to continue reading.
Online Security Infographic
See how the OTA is working to help bring security and trust to the Internet with SSL implementation, email authentication, and privacy practices, and learn what you can do to help.
Check out the Online Security Infographic and download it here.
SSL Certificate Discovery Tool
The free SSL Discovery Tool from DigiCert is an automated certificate finder that will help any user locate and catalog all the active digital certificates in their inventory.
Go to the Web Host Industry Review website to continue reading.
DigiCert Inc. Names Nicholas Hales CEO
DigiCert announces that Nicholas Hales has been appointed as its new CEO while Ken Bretschneider, DigiCert's founder, has been named the Executive Chairman of the Board.
Go to the Dark Reading website to continue reading.
DigiCert Awarded Frost & Sullivan "Best Practices" Award
Global analyst group Frost & Sullivan recognizes DigiCert for its flexible, value-added features and industry leading customer support.
Go to the Daily Herald website to continue reading.
Travis Tidball - Utah Marketer of the Year
Utah Business Magazine has honored DigiCert's VP of Marketing, Travis Tidball, with its first annual Sales and Marketer of the Year (SAMY) Award for 2012.
Go to the Utah Business website to continue reading.
Utah's Best Companies to Work For
Based on its corporate culture, benefits and pay, fairness and opportunities, internal communication, and employee pride, DigiCert has been named one of Utah Business Magazine's best companies to work for in 2011.
Go to the Utah Business website to continue reading.