About Us Membership Resources OTA Members Login
RESOURCES

 Anti-Malvertising  l   Data Breach   l   DNSSEC  l   Email Authentication    I    EV SSL Certs   l   BOTNETS   l  Browser Upgrades

Resources developed by OTA and OTA member companies to enhance business and consumer protection from cybercrimes and deceptive business practices including  identity theft, spam, phishing, privacy exploits and account take-overs.

Anti-Malvertising -  Malvertising is the cybercriminal practice of injecting malvertisements into the legitimate ad supply chain. A malvertisement is a malicious or deceptive advertisement that exhibits behavior including, but not limited to, conducting a drive-by-download, delivering deceptive downloads such as fake anti-virus pop-ups, and/or redirecting the user to sites that a user has not elected to visit.   More >

Anti-Botnet - OTA  is working with key stakeholders in the public and private sectors to address the threats resulting from bots.  The strategy is to focus on a holistic view, including prevention, detection and remediation.  OTA efforts encompass working with law enforcement, ISPs and web site hosting companies in take-down efforts, promoting best practices to reduce the distribution of bots and aiding users to reduce the vulnerability attack surface.  More>

Always On SSL -  Always On SSL is a proven, practical security measure that should be implemented on all websites where users share or view sensitive information.   More>

Data Breach Response -  All businesses should create an incident response plan and be prepared for the likelihood that they will experience a breach or data loss in the future.  A well-designed plan is emerging as a key part of regulatory compliance, demonstrating that a firm or organization is willing to take reasonable steps to protect data (and the consumer) from abuse. More >

DNSSEC - Domain Name System Security Extension (DNSSEC) adds security to the DNS. It is designed to help address MITM attacks and cache poisoning by authenticating the origin of DNS data and verifying its integrity while moving across the Internet.  Today DNSSEC is an Internet Engineering Task Force (IETF) set of specifications that secures communication between DNS name servers and clients.   More >

Email Authentication - Email Authentication helps to detect spoofed and forged email and controls the rising tide of spam and forged email. These efforts ultimately produced two key email authentication technologies: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), each of which received RFC status from the Internet Engineering Task Force (IETF). In addition this initiative includes the recently announced Domain-based Message Authentication, Reporting & Conformance (DMARC) draft specification More >

 Extended Validation SSL Certificates - An added barrier and tool to help combat deceptive and illicit businesses, providing differentiation and recognition for holders of EV Certificates. EV certificates represent a standard now adopted worldwide by all leading browsers. It is recommended that web sites which conduct online transactions and use log-on credentials evaluate EV certificates as part of their security and brand protection strategy.  More >

Messaging Ecosystem Security - As cybercriminals have targeted businesses with increasing malice and precision, interactive marketers, their service providers, and others in the messaging ecosystem need to recognize their valuable data assets are at risk.  To help combat these threats, the OTA has created the "Security by Design Framework" and its recommended practices are intended to provide a basis for immediate action.  More >

 Glossary

 

©2012.  All rights reserved.  Online Trust Alliance (OTA)