Tuesday, 28 May 2013

Are You Still Using 1024 Bit Key Encryption?

With the growing complexities of the internet, digital certificates generated with 1024 bit key encryptions are no longer advisable. While they proved to be unbreakable for the past few decades, with the advances in technology, Generation X now has the ability of decrypting these chains allowing a successful Man in the Middle attack resulting to unauthorized access to personally identifiable information.

Understanding this curve of development in algorithms, the National Institute of Standards and Technology (NIST) has recommended all CAs to use 2048 bit key lengths on all issued digital certificate starting November 2010.

As a certificate authority valuing customers and industry innovation most, GlobalSign has been religiously complying with NIST guidelines and recommendations (in advisories 800-57 and 800-131) and Microsoft’s mandatory requirements of Microsoft’s Root Certificate Program (Technical Requirement Point 11). All of the issued digital certificates from the GlobalSign comprehensive product line from December of 2010 have 2048 bit key encryptions giving customers double protection from possible breach of their data. 

What happens?

All individuals and organizations requesting and/or renewing SSL certificates from GlobalSign will have to specify a 2048 bit key encryption length on their Certificate Signing Requests (CSR) from November 29, 2010 onward. The system shall not process CSRs with a 1024 or lower key lengths.

If are currently using a 1024 bit key length on your SSL’s CSR and would like to renew under GlobalSign, you would have to create another CSR with 2048 bit key encryption. In the event that you do not have the technical expertise to do this, you may email our support team at support-asia@globalsign.com or you can use GlobalSign’s AutoCSR function* alternatively.

*AutoCSR may only be used for DV and OV SSL orders. For EV SSL, client needs to manually generate their Certificate Signing Requests. 

Check your Certificate’s Encryption Strength

Enter your website’s URL on https://sslcheck.globalsign.com/

 After the analysis is done, please click on more details.

Afterwards, click on Certificate Details. To know the encryption strength, refer to the details under Public Key. 

Tuesday, 14 May 2013

Be GlobalSign’s Next Great Hire!

If you like the idea of working for a company that encourages constant learning and provides training that will grow and hone your skills and expertise, then you surely must consider working for GlobalSign.

At GlobalSign, we believe in constant innovation and forward thinking. These are the values that bring our company and people on top of the playing field. We do not strictly define how things should be done as we let employees explore the best ways they can accomplish the tasks on hand.

 We are looking for free-spirited individuals with the zeal to work in a culturally-diverse environment – people just like you. Come and join GlobalSign’s growing international team!
Available Career Opportunities in GlobalSign:
  • Marketing Specialist
  • Sales Specialist
  • HR/Admin Assistant
  • Pre-sales Engineer
  • Web Developer (GlobalSign)
  • Web Developer (GMO Cloud)
  • Software Engineer
  • Back End Software Engineer
  • Vetting Specialist (US, Chinese, Thai, Malay, Indonesian, & Dutch)
  • Technical Support Specialist (UK, US, German, and APAC)
  • Cloud Technical Specialist

Interested applicants may send their resumes to careers_ph@globalsign.com. For the list job descriptions and qualifications, you may send an email to sslelite@globalsign.com.
For recruitment and product updates, you may also tune in to our Facebook, Twitter, and LinkedIn accounts. 

Friday, 10 May 2013

Don’t Fall for Phishing and Scams this Mother’s Day

Counting the days to Mother’s Day, I’m sure you already have something in mind on what gift to give to your sweet mothers. There may probably be a few who are still undecided on what to give and opted to search online for the best mother’s day gift. There’s nothing wrong with this as this is what Google coined the Zero Moment of Truth. A word of caution though, cybercriminals will not get past this occasion without preparing some scams and phishing attacks for unsuspecting young minds. While shopping online, make sure to be on the lookout for scam e-mails and phishing websites taking advantage of your kind heart.

Most often than not, scammers will set up online stores and blast e-mails with the intent of robbing your account details and credit card information. A recent report* showed that there have been recorded attacks since last week luring online shoppers to fall prey to a bogus link attached in e-mails. These Bogus links offer cheap flowers for Mother’s Day that says "Don't Forget Mother's Day - $19.99 Flowers.” When clicked, it redirects to a site selling masculine products such as cars, televisions, and the like. Should the shopper decide to push the purchase or checkout button, his/her credit card information will be stolen.

To keep you safe during this festive season, here are a number of must-read tips from GlobalSign:

  1. Pay attention to spelling and grammatical errors on the e-mail content and the e-mail address itself. Most scams are fond of using excess consecutive identical letters (e.g. Faceboook instead of Facebook) which are easier to overlook.

  2. Look for a digital signature in the e-mail. Digital IDs such as GlobalSign’s PersonalSign, use S/MIME technology to allow users to digitally sign and encrypt e-mails. The digital signature on the e-mail proves the sender’s identity. To know if an e-mail has a digital signature, just look for the certifying red ribbon on the upper right hand of the e-mail: 

  1. Do not directly click on the attached link on the e-mail body. It is best to either hover your mouse on the link to see the original URL on the lower left side if the screen, OR copy the link location and post it on your browser.

  2. Raise your level of security awareness. Check if the website has an SSL certificate installed. Generally, websites that have SSL certificates can be accessed with URLs that begin with "https", and a "padlock" will be prominently displayed in the browser's address bar indicating that the website has been encrypted through SSL technology and its identity authenticated. If an enhanced certificate such as Extended Validation SSL (EV SSL) is installed, the browser's address bar will be prominently displayed in green in addition to the above features,, enabling users to know that the website is using the highest level of security available at a glance. 

  3. *http://goo.gl/ivZ20

Wednesday, 8 May 2013

What is a Certificate Signing Request (CSR)?

A Certificate Signing Request (CSR) is an encrypted body of text generated on the web server where the SSL certificate is installed. It is a code necessary for the application and activation of an SSL certificate.

Generally, CSRs contain encoded information specific to the registered domain name and the company requesting the SSL certificate. These CSRs usually include details such as: Country, State (or Province), Locality (or City), Organization (Company Name), Organizational Unit (Department), and Common Name (website/domain). To be valid, all these information must be filled out correctly. Moreover, the CSR also contains the public key which is needed to encrypt and secure sensitive information as they are transmitted from the website to the server.

The private key is generated at the time the CSR and public key are created, but it is only kept secret by the technical end user and is not part of the signing request.

Certificate Signing Request (CSR) generation remains one of the consistent problem areas faced by customers who wish to secure their server. Most of the time, customers are unfamiliar with the CSR generation process or make time-consuming mistakes.

Some Certificate Authorities today, like GlobalSign, provides end users the AutoCSR option. This is to ensure convenience for those who do not have the technical know-how on CSR generation but would like to secure their servers and websites with SSL certificates. With AutoCSR, the CA who issued the certificate will generate the CSR on behalf of the organization making the order. The required fields should be filled out accordingly during the certificate application process.