Announcements & Articles
Stay informed about the Acmetek Announcements & Articles and more.

New Requirements Announced For Code Signing Certificates Industry Wide

We want to inform you about new industry requirements that were announced by the Certificate Authority Security Council (CASC) for Code Signing certificates on 8th December 2016 and that comes into effect on the 1st of February 2017.

The new requirements address four key areas within our Code Signing products and provide a safer experience and minimize the risk of Code Signing attacks.

To reduce the chance of issuing certificates to malicious publishers the guidelines require that Symantec:

  • Follow a strict and standardized identity verification process to authenticate publishers
  • Check all Code Signing orders against lists of suspected or known malware publishers
  • Check all Code Signing orders that were previously revoked by Symantec where the certificates were used to sign suspect code.Code Signing Important

Symantec has also introduced a ‘Certificate Problem Reporting’ system for both Symantec and Thawte Code Signing certificates which will allow third parties like malware organisations and software suppliers to report issues relating to key compromise, certificate misuse and possible fraud. Under the new arrangement, once Symantec receives a request, we will either revoke the certificate within forty eight hours, or alert the requestor that we have started an investigation.

Symantec has enhanced their timestamping services for their Code Signing customers to meet the new requirements. More information can be found in the following KB articles for Microsoft Signing and Java Signing.

The main benefit of using a timestamp is that the signature does not expire when the certificate does, which is what happens in normal circumstances. Instead, the signature remains valid for the lifetime of the timestamp, which can be as long as 135 months.

Symantec has published a set of guidelines on private key protection best practices for Symantec and Thawte Code Signing certificates which must be reviewed and accepted by subscribers as part of the enrollment process. These guidelines makes recommendations regarding the secure storage of private keys to mitigate against the risk of potential vulnerabilities, however it is important to call out that Code Signing minimum requirements published in December stop short of mandating that an OV Code Signing certificate must be stored on a FIPS 140-2 Level 2 HSM or equivalent on premise hardware.

Lastly, any pending Symantec or Thawte Code Signing orders placed before the 25th of January 2017 and not issued before the 1st of February 2017 will be cancelled by Symantec and respective customers asked to re-enroll.

If you want any further clarification about this announcement, or have any questions feel free to get in touch your Certificate Authority who issued your Code Signing Certificate.


Dominic Rafael, Lead Tech Engineer
dsrafael@acmetek.com

Acmetek Joins Inc. 5000 Fastest-Growing Private Companies In America!

ACMETEK GLOBAL SOLUTIONS, has made the Inc. 5000 magazine list of the fastest-growing private companies in America. Acmetek achieved a three-year growth of 182% and continues to expand its security solutions to its clients across the world.

Inc. 5000 Inc. magazine, founded in 1979 and based in New York  City, is an American

monthly publication focused on growing companies.
For 35 years, Inc. has welcomed the fastest-growing private companies in America into a very exclusive club. The magazine publishes annual lists of the fastest-growing publicly held and private small companies in the U.S. The Inc. 5000 is ranked according to percentage revenue growth over a three-year period. To qualify, companies must have been founded and generating revenue by the first week of the starting calendar year, and therefore able to show three full calendar years of sales. Additionally, they have to be U.S.-based, privately held, and independent—not subsidiaries or divisions of other companies.

As an Inc. 5000 honoree, Acmetek Global Solutions shares a pedigree with Intuit, Zappos, Under Armour, Microsoft, Jamba Juice, Timberland, Clif Bar, Pandora, Patagonia, Oracle, and other notable

alumni. The 2016 list added such powerhouses as Dollar Shave Club, Bai Drinks, Orange Theory Fitness, ipsy, Square, Yeti Coolers, and Ruby Receptionists.

Acmetek started its journey into Website Security Solutions mainly focusing on SSL

in 2010 as a result of a simple observation: SSL has evolved over the years, but Technology Distributors and Businesses have not adapted. This mismatch led the founders of Acmetek to create the vision for the SSL experience and to develop the Channel Enablement Model to support it.  With  integrated set of tools and savvy enablement support, partners can now offer SSL/TLS and implement Security Solutions their clients across the globe.

Acmetek’s sole mission is to make the world more secure with our growing fleet of Website Security Solutions. Our passion in security is seen by our clients and they know full heartily that they are in good hands. Acmetek’s success is testimony to our team’s creativity, resilience, and tenacity.

“We are deeply honored to be in such great company as all those recognized by Inc. magazine,” stated Ramesh Nuti, CEO of Acmetek.  “I am very proud of the entire Acmetek team and we are excited to be recognized by such an illustrious publication. This is a true testament to our commitment to quality and 100% client satisfaction.”


Media Contact: Meenu Kuar, PR Manager,
mkaur@acmetek.com

WhatsApp Enables Two Factor Authentication Strengthening it’s Security.

WhatsApp Enables Two Factor Authentication Strengthening it’s Security.

WhatsApp is a widely popular free to use cross platform smart phone messaging application that allows users to use their phone service and wifi internet to make voice/video calls, send text messages, documents, images, gif’s, user locations, etc. Its popularity is primarily due to where data rates or roaming charges can cost an arm and a leg.

WhatsApp Inc., based in Mountain View, California, was acquired by Facebook in February 2014 for ridiculous $19.3 billion US Dollars. By February 2016, WhatsApp has a user base of over one billion, making it the most popular messaging application at the time.

Over the recent years Privacy and Security has been a focus on the popular message app. In 2014 WhatsApp implemented end to end https encryption scrambling the information between communicating users. The latest Security implementation is the coming of Two-Step Verification.

What is Two-Step Verification?

Two-step verification is an optional feature that adds more security to your account. The technology is not new, and it has been in use for quite some time. Blizzard Inc. creator of the biggest online MMO (Massive Multiplayer Online) game World Of Warcraft implemented two factor authentication back in 2008 to protect gamers accounts from being hacked. Two-step, or Two-Factor Authentication protects your accounts by requiring you to provide an additional piece of information after you give your password In the most common implementation, after correctly entering your password, an online service will send you a text message or an email with a unique string of numbers that you’ll need to punch in to get access to your account.

Implementing Two Step Verification on WhatsApp:

To enable two-step verification, open WhatsApp > Settings > Account > Two-step verification > Enable.

Upon enabling this feature, you can also optionally enter your email address. This email address will allow WhatsApp to send you a link via email to disable two-step verification in case you ever forget your six-digit passcode, and also to help safeguard your account. WhatsApp will not verify this email address to confirm its accuracy. You will want to provide an accurate  email address so that you’re not locked out of your account if you forget your passcode.

How it works..

After implementing Two-Step Verification if you receive an email to disable two-step verification, or receive a pass-code request but did not request this, do not click on the link! Someone could be attempting to verify your phone number on WhatsApp elsewhere. Meaning that someone is attempting to gain access to your account! Stay secure.


Lead Tech Engineer: Dominique Rafael
dsrafael@acmetek.com