Saturday, June 21, 2008

The threat of online security: How safe is our data?

Most computer users are aware of the dark side of the Internet. Our online world brings issues of credit card and identity theft, junk mail and seedy content right into our homes and offices. Nowadays, the Internet has become an important tool and we are exposed to the threat of online security due to the increasing use of internet.

It has been published that over 100 million cases of identity theft have taken place since year 2005. This can happen in several ways, but it is no news that the main character in this story is the laptop. It can be lost or it can be stole, and therefore, all of the private and confidential data that we store in the laptop is lost and our personal information is being exposed to others.

More and more, data management is moving to the Internet—causing even greater security challenges. Software can have many security layers, but the data protection is only as good as the website firewall—and hackers still can get in and do damage.

Trojan horse attacks pose one of the most serious threats to computer security. Trojan horse, also known as a trojan, is a piece of malware which appears to perform a certain action but in fact performs another such as transmitting a computer virus. Trojans do not replicate like a virus, but they do leave behind a program that can be contacted by another computer. From there, they can do just about anything.

Trojans are also known as RATS (remote access trojans) and they are most often hidden in games and other small software programs that unsuspecting users download then unknowingly execute on their personal computer.

Spyware programs range from annoying to the dangerous, including keyboard loggers and screen capture applications that can steal passwords and other sensitive information. The programs are sometimes bundled in with shareware or freeware programs that can be downloaded from the Internet. Often times they claim to be helpful utilities that also carry a more sinister side.

Spyware installed on computer without users’ consent. Spyware software will monitor or controls computer use once it install on the computer. It may be used to send user pop-up ads, redirect user computer to websites, monitor the Internet surfing, or record user keystrokes, which, in turn, could lead to identity theft.

Threats today have become more complicated. They tend to use multiple vectors to spread, thus increasing their chances of infection. Once on the system, these threats tend to show little to no symptoms so they can survive undetected. Therefore, we have to be aware of all this threat and be careful to protect our data when access to Internet.

Examples of phishing and way to prevent phishing


Phishing is the process of attempting information illegally and fraudulently through the internet such as the usernames, passwords and credit card details by creating a fake websites which mislead the real company’s customers to enter their details at the website. Examples like the PayPal, eBay, and online banks. These are many examples of phishing e-mail such as showing below.

Click on the image to enlarge it.

For more examples, visit the link below.

http://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/privacy_security/fraud/page/fraud_examples


Below are the methods that can prevent phishing:

Eliminating phishing mail

Specialized spam filters can reduce the number of phishing e-mails that reach their addressees inboxes. These approaches rely on machine learning and natural language processing approaches to classify phishing e-mails.

Monitoring and takedown

Several companies offer banks and other organizations likely to suffer from phishing scams round-the-clock services to monitor, analyze and assist in shutting down phishing websites. Individuals can contribute by reporting phishing to both volunteer and industry groups, such as Phistank.

Helping to identify legitimate sites

Since phishing is based on impersonation, preventing it depends on some reliable way to determine a website's real identity. For example, some anti-phishing toolbars display the domain name for the visited website. The pet name extension for Firefox lets users type in their own labels for websites, so they can later recognize when they have returned to the site. If the site is suspect, then the software may either warn the user or block the site outright.Browsers alerting users to fraudulent websites

Another popular approach to fighting phishing is to maintain a list of known phishing sites and to check websites against the list. Microsoft's IE7 browser, Mozilla Firefox 2.0, and Opera all contain this type of anti-phishing measure. Firefox 2 uses Google anti-phishing software. Opera 9.1 uses live blacklists from PhishTank and GeoTrust, as well as live whitelists from GeoTrust. Some implementations of this approach send the visited URLs to a central service to be checked, which has raised concerns about privacy. According to a report by Mozilla in late 2006, Firefox 2 was found to be more effective than Internet Explorer 7 at detecting fraudulent sites in a study by an independent software testing company.

An approach introduced in mid-2006 involves switching to a special DNS service that filters out known phishing domains: this will work with any browser, and is similar in principle to using a hosts file to block web adverts.

To mitigate the problem of phishing sites impersonating a victim site by embedding its images (such as logos), several site owners have altered the images to send a message to the visitor that a site may be fraudulent. The image may be moved to a new filename and the original permanently replaced, or a server can detect that the image was not requested as part of normal browsing, and instead send a warning image.

Augmenting password logins

A method to prevent simple phishing of transaction numbers (TANs) is to associate each TAN with a "lock number". The bank's server sends the lock number as a challenge, and the user provides the corresponding TAN as the response. The server selects the key-lock pair randomly from the list to prevent acquiring two consecutive TANs. Lock numbers are not sequential, so that phishers can only guess correct lock numbers.

Friday, June 20, 2008

The application of 3rd party certification programme in Malaysia

E-Commerce application had been widely used in today century but there is limitation when using it. Thus, the third party certification is very important when the customers dealing business through the internet and they do not need to worry there is fake retailers or the unsecure open network communication. This is the programmer that run by an independent institutions that licensed by the country law which it is trustable and reliable.

One of the third party certification programme is the MSC Trustgate Sdn Bhd, which is a Malaysian company and licensed Certification Authority (CA) in Malaysia since 1999 that helps to secure the open network communications and business transactions. They are offering complete security solutions and leading trust services that are needed by individuals, enterprises, government, and e-commerce service providers using digital certificates, digital signatures, encryption and decryption such as the finest Public Key Infrastructure (PKI) to assist all the companies in conducting their business over the Internet.

PKI Technologies help the organizations to enhance the security of the data and manage identification credentials from users and organization. It helps to secure by based on the exchange of digital certificates between authenticated users and trusted resources. The E-Commerce users can design their own PKI to meet the preferable security and technical requirements of their organization such as confidentiality where PKI users will use it to encrypt data that is stored or transmitted.

The third party certification programme had made the E-Commerce more widely used without any worries. All the consumers can safely purchase their preferable products or services through the internet especially for those users who always doing the buying and selling goods such as the eBay users. Thus, all the transactions can be safely made and the company can operate the business more efficiently and effectively.

For more information on the MSC Trustgate, click on the link below;

http://www.msctrustgate.com/

Example of others third party certification programme is the VeriSign which provides a security that enables key transactions, protects data, and safely delivers information across myriad protocols and devices. They had protected over 900,000 web servers worldwide, so consumers can shop safely everyday through the internet. It is a trust between the buyer and seller. Example of the products are the VeriSign Secure Sockets Layer (SSL) encryption is one of the most effective ways to establish that trust which secure e-commerce and communications for web sites, intranets, and extranets. The VeriSign Secured™ Seal is one of the most recognized trust marks on the Internet which can protects the server.

Secure Sockets Layer (SSL) technology protects your web site and makes it easy for the web site visitors to trust the company in three essential ways which enables encryption of sensitive information during online transactions, each SSL Certificate contains unique, authenticated information about the certificate owner and verifies the identity of the certificate owner when it is issued.

Each SSL Certificate consists of a public key and a private key. The public key is used to encrypt information while the private key is used to decipher it. When a Web browser points to a secured domain, a Secure Sockets Layer handshake authenticates the server and the client. An encryption method is established with a unique session key and secure transmission. This is useful when the company has online store or accept online orders and credit cards or the website need to process sensitive data such as address, birth date, license, or ID numbers. Lastly, to comply with privacy and security requirements besides to protect privacy and to gain consumer’s trust.

For further information, visit the link below;

http://www.verisign.com/

How to Safeguard Our Personal and Financial Data

Today’s changing environment had affects the way for everyone to maintain their information. Whether the information in a data file or hard copy paper records, all organizations need to be able to capture and retrieve information, usually at a moment’s notice. However, how can we safeguard our personal and financial data?

There are few ways I suggested to protect our personal data

  • Password access
  • We can use the password system to lock our data so that it won’t be too easy to let people access into our data.
  • Identify where the data is stored
  • Our sensitive or confidential data are kept nicely and put in specific places within the network or computer. These network shares, hard drivers, servers, or system folders can have their specific method to keep them more secure. Whenever possible, store there data on the devices that are physically secured. We can allowed only the authorized individuals to access into there devices and monitor access to there devices whenever possible.
  • Restrict network or shared access
  • We don’t allow anyone access into there sensitive and personal data unless they specifically require to access. We limit it to only those who really need it can limit the risk of both accidental and malicious exposure. By this, we not only protecting the data, but also protecting out organization.
  • Temporary data storage
  • If we really wan to store our personal data on a memory stick, laptop or other device temporarily, remove those data from devices once finished. We must ensure that the data are totally erased but not just deleted.
  • Use separate local or network accounts
  • By using separate accounts, we can be assigned very specific access rights and privileges. Using separate accounts with differing access levels limits the potential for accidental or malicious data exposure.

For safeguarding the financial data

  • Use a credit card with a small limit
  • Nowadays, the dishonest sales clerk can easily use our credit card information. If we reduce the credit limit of the card, at least thieves won’t be able to rack up many bills before hitting a wall.
  • Review monthly statements
  • By reviewing our monthly statements, it can alert to possible fraudulent charges. Sometimes, we can find out also the legitimate charges for services that are either redundant or no longer necessary.
  • Choose PIN wisely
  • While we want to choose something easier for us to remember, we normally will choose the Pin likes our birth date or identity card no. By then, it was giving the chance for the thief to break our password. For more secured, we offer users to use the combination of uppercase and lowercase letters, number, and symbols.
  • Protect computer’s security
  • We can use as many tools as can (anti-virus software, spy ware, firewalls and password) to guard computer information from nefarious. Failing to protect computer is just as bad as leaving your door unlocked.