News

The latest news from Comodo

TrustToolbar Plug-in for SSL made available for free download

Public Preview Beta Release Version 1 now available Comodo helps build trust on the Internet with new Security Product TrustToolbar gives the ability to 'trust what you see'!

Kent, UK, 10 June 2001. Comodo has today released a Public Preview Beta Version as an introduction to its exciting new Internet trust product, which brings new levels of confidence to Internet users.

According to Chief Security Architect of the Comodo Group, Melih Abdulhayoglu, "Legitimate websites can be imitated and spoofed by fraudsters with ease, as a result the end users and legitimate websites are vulnerable to attack. The fact that there is an inability for the Online Merchant to identify itself as a legitimate commercial entity to their customers is a major inhibitor for the success of e-commerce. TrustToolbar helps to overcome this fundamental problem, and overcomes it in such a way that requires no extra actions or education by the user, and of course delivers such assurance trustworthily".

The standard Address Bar in Internet Explorer is the user's interface to the Internet - all navigation and location information is provided by the Address Bar. However, as the standard Address Bar can be redrawn and manipulated by a website, reliance on the Address Bar leaves the user vulnerable to spoofing attacks. TrustToolbar, a free Internet Explorer browser plug-in from Comodo, addresses and overcomes this problem by providing security and enhancing the functionality of the Address Bar.

By replacing the current insecure Address Bar, TrustToolbar reduces the user's vulnerability to web based attacks such as Web spoofing, trapping and SSL exploits. This is achieved because TrustToolbar can always be trusted to deliver both web location and website identification information to the user. It cannot be switched off, hidden or faked by any website visited by the user - it remains completely out of the control of the website. This is because it utilises the power of the Operating System to beat any attacking website (which has no choice but to act within the constraints and limits provided by the browser, which is less powerful than the operating system!).

The majority of the standard Address Bar is under utilized, and when it is, it is only filled with extensive and seemingly random URLs - meaningless to the user. TrustToolbar converts otherwise wasted space to display instantly recognizable user-friendly information. As well as the standard URL, TrustToolbar provides the Company Name (Legal Name), Company Logo and country of incorporation of the corporate entity behind the current website. And when needed, additional company information, such as address, VAT number, telephone / fax numbers, etc may be retrieved with the click of button. Furthermore, if the Merchant has been authorized to accept specific Payment Methods (e.g. Visa, MasterCard, American Express, etc), the relevant payment flags are also displayed on TrustToolbar thereby creating a standard place mat where payment acceptance logos should be displayed. And because all such information is delivered using the TrustToolbar interface, it remains out of the control of the website and can be trusted as being authentic.

The result of all these combined factors is that the user, as well as having a user-friendly means of surfing the web, is considerably less vulnerable to unwittingly becoming the victim of a fraudulent website - it is now possible to verify the true identity of the website being browsed. If the company is a legally recognized entity - TrustToolbar can be used to provide this information to the user. Furthermore, Corporate identities or the brands are not open to abuse and theft by fraudsters and imitation websites.

TrustToolbar displays Digitally Signed information. This information is provided to TrustToolbar in the format of an X.509 Digital Certificate, issued by the Comodo Certification Authority (CA). Like multimedia objects, a TrustToolbar Certificate is easily implemented into a website's code, and may if preferred be stored at a central location - in other words the Merchant need not change anything to benefit from the TrustToolbar system. The Certificate is digitally bound to the Merchants URL (or range of URLs). This ensures that a Certificate will not be verified as legitimate by TrustToolbar on any site apart from the one intended! Even if the Certificate is copied, it will remain valid only for the site it is issued to - if a fraudster attempts to change this "authorized site" information from within the Certificate, TrustToolbar will notice that the digital certificate has been tampered with when its Digital Signature fails, and as a result, will fail the verification.

TrustToolbar, apart from its primary security functionality, offers many other powerful features. For example it may also be used to search for a commercial website through the use of verified and digitally signed corporate information such as the company name, telephone/fax number, postal address, VAT number, keywords or even a trademark. TrustToolbar allows the user to simply enter a company's name or even its telephone number in order to go to its website - there is no longer the need to remember a URL! When a company applies for a TrustToolbar Certificate, as well as Company details (such as Legal Name, URL, Address, VAT Number, telephone /fax numbers) the company may add additional information such as Keywords and Business Description. The user may view such information through the TrustToolbar Search Interface.

As a result the user need only remember one user-friendly unique identifier for a company, unlike today where we are required to remember both a company's Legal Name and their web address. For example, instead of entering http://www.camcon.co.uk, the user need only enter, and be required to remember, "Cambridge Consultants" - their commercial operating name. As well as proving to be extremely user friendly, the fact that the company already has the its Legal Name it helps prevent cyber squatting!

In summary, TrustToolbar allows the way we browse to become safe and secure by displaying Digitally Signed, trustworthy information. TrustToolbar, therefore, makes possible one of the most fundamental aspects of e-commerce, "the ability to establish trust"! Ultimately, no additional actions are required on the user's behalf to benefit from the system - you simply trust what you see on the TrustToolbar!

A full release version of TrustToolbar will be available shortly.

About Comodo

The Comodo companies provide the infrastructure that is essential in enabling e-merchants, other Internet-connected companies, software companies, and individual consumers to interact and conduct business via the Internet safely and securely. The Comodo companies offer PKI SSL, Code Signing, Content Verification and Email Certificate; award winning PC Security software;  Vulnerability Scanning services for PCI Compliance; secure e-mail and fax services.   

Continual innovation, a core competence in PKI, and a commitment to reversing the growth of Internet-crime distinguish the Comodo companies as vital players in the Internet's ongoing development. Comodo secures and authenticates online transactions and communications for over 200,000 business customers and 3,000,000 users of our desktop security products. 

For additional information on Comodo - Creating Trust Online® visit Comodo.com

For more information, reporters and analysts may contact:

Comodo
Email: media-relations@comodo.com
Office: +1 (888) 266-6361