Internet is a global system of interconnected computer network consists of millions of private and public networks of local to global scope. Nowadays, most of us will rely on computer to store our personal data and use online financial service to perform financial transactions such as online banking, transfer money. We should have adequate safeguard to protect the confidential data from being stolen. 
Password protect
Choose your password wisely. While you want to choose something you’ll remember, you don’t want it to be something that a clever thief could figure out just by learning your birth date or your child’s name. A combination of uppercase and lowercase letters, numbers, and symbols will offer you more security. And remember do not reveal any personal information or passwords to anyone.
Guard your Social Security number
Make sure that anyone asking your Social Security number really needs it. Often businesses that ask for a Social Security number can use an alternative customer identification number if you ask. Make sure not to print your Social Security number on checks or in other highly visible places. Store your card in a safe place and avoid giving the number to others 
Keep credit cards to a minimum
Use a credit card with a small limit for online purchase. It’s all too easy for a dishonest sales clerk to use your credit card information. If the card you use for these
Purchases has a low credit limit, at least felon won’t be able to rack up many bills before hitting a wall. 
Avoid using public computer for accessing financial information
Avoid logging on to check your bank balance using a public computer or coffee shop that offers wireless access. After using any of the Financial Data Center or member services, it is a must to log out before leaving the Financial Data Center. If you are using public computer must remember to close the browser window. That is to prevent other users from reading your personal information and mail. 
Install antispyware and antivirus software
Protect your computer’s security by using anti-virus software, spyware, firewalls to guard your computer information from the nefarious.
Monday, June 29, 2009
How to safeguard our personal and financial data?
Phishing: Example and its prevention methods.
What is phishing?
Phishing is a fraudulent attempt usually made through email to steal your personal information. The best way to protect your self from phishing is to learn how to recognize a phish. Phishing emails usually appear to come from a well-known organization and ask for your personal information such as credit card number, account number or password.
Examples of phishing
Internet criminals to successfully "phish" your personal information, they must get you to go from an email to a website. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would never request this information of you via email.
Examples: Phishing email / Phishing website
What to look for in a phishing email
1. Generic greeting.
Phishing emails are usually sent in large batches. To save
time, Internet criminals use generic names like "First Generic Bank
Customer" so they don't have to type all recipients' names out and send
emails one-by-one. If you don't see your name, be suspicious.
2. Forged link.
Even if a link has a name you recognize somewhere in it, it
doesn't mean it links to the real organization. Roll your mouse over the
link and see if it matches what appears in the email. If there is a
discrepency, don't click on the link. Also, websites where it is safe to
enter personal information begin with "https" — the "s" stands for secure.
If you don't see "https" do not proceed.
3. Requests personal information.
The point of sending phishing email is to trick you into providing your
personal information. If you receive an email requesting your personal
information, it is probably a phishing attempt.
4. Sense of urgency.
Internet criminals want you to provide your personal
information now. They do this by making you think something has happened
that requires you to act fast. The faster they get your information, the
faster they can move on to another victim.
Phishing is a fraudulent attempt usually made through email to steal your personal information. The best way to protect your self from phishing is to learn how to recognize a phish. Phishing emails usually appear to come from a well-known organization and ask for your personal information such as credit card number, account number or password.
Examples of phishing
Internet criminals to successfully "phish" your personal information, they must get you to go from an email to a website. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would never request this information of you via email.
Examples: Phishing email / Phishing website
What to look for in a phishing email
1. Generic greeting.
Phishing emails are usually sent in large batches. To save
time, Internet criminals use generic names like "First Generic Bank
Customer" so they don't have to type all recipients' names out and send
emails one-by-one. If you don't see your name, be suspicious.
2. Forged link.
Even if a link has a name you recognize somewhere in it, it
doesn't mean it links to the real organization. Roll your mouse over the
link and see if it matches what appears in the email. If there is a
discrepency, don't click on the link. Also, websites where it is safe to
enter personal information begin with "https" — the "s" stands for secure.
If you don't see "https" do not proceed.
3. Requests personal information.
The point of sending phishing email is to trick you into providing your
personal information. If you receive an email requesting your personal
information, it is probably a phishing attempt.
4. Sense of urgency.
Internet criminals want you to provide your personal
information now. They do this by making you think something has happened
that requires you to act fast. The faster they get your information, the
faster they can move on to another victim.
The threat of online security: How safe is our data?
The internet is one of the wonders of the world. But it has a dark side, just like a beautiful city that has bad neighborhoods. Online security threats are one of the biggest challenges on the Internet today. Online Security Threats come from the fact that Windows basically records everything you do; most importantly it records the web sites you visit, whether intentionally or not, and keeps copies of all the images and pictures you have viewed, including those on web pages. It is no longer unusual for others to investigate exactly what you have being doing on your computers. Therefore, we need to know what threats are out there before we can be wary of it.
Threat to your privacy
The internet makes it easy for online criminals to attack your privacy:
Accidental Actions
Accidental actions contribute to a large number of computer security risks. This category encompasses problems arising from basic lack of knowledge about online security concepts and includes issues such as poor password choices, accidental or erroneous business transactions, accidental disclosure, and erroneous or outdated software.
Hacking
Hacking is the act of illegally gaining access to your computer/sites for the sole purpose of destroying, disrupting or carrying out illegal activities on your system. A "hacker" is the person who illegally gains access. Hackers generally look for personal information, such as passwords or credit cards numbers. They may also be trying to use your Internet connection to transit their own material—or they may just be searching at random to see what they can find. However, there are many technologies out there you can use to prevent and detect hacking. A firewall, a program designed to prevent unauthorized Internet users from accessing your system, is the best way to protect your computer from intrusions
Wi-Fi eavesdropping
If you use a wireless, or Wi-Fi, network you’ll know that it lets you connect to your broadband internet connection using a radio link with a range of several hundred feet. However, this flexibility has a downside. A more sinister risk is that people can, with the right equipment, spy on you and gain access to your computer over the wireless link.
Spyware
Spyware doesn’t try to replicate itself like a virus. Instead, it relies on people downloading it mistakenly, often alongside other programs such as peer-to-peer music sharing programs. It causes a range of problems, including:
Annoying pop-up adverts.
1) Taking over your web browser.
2) Scanning your computer for private information like credit card numbers.
3) Slowing down your computer and internet connection.
4) Downloading viruses.
5) Being very difficult to remove.
Threats to your wealth
Fraud
Fraud is a growing problem online. Conmen are the dot.com entrepreneurs of crime. Common tricks include:
Phishing
Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. If you suspect phishing, do not reply to the e-mail or respond by clicking on a link within the e-mail message.
Identity theft
Online identity theft comes in many forms and involves the use – by someone else – of your computer and/or the information on it. Some identity thieves use an array of techniques known as social engineering to try to manipulate you into performing certain actions or divulging confidential information. Or, they may access sensitive information without you even being aware of their presence. With this information they can, for example:
1) Empty your bank account.
2) Max out your credit cards buying stuff for themselves.
3) Buy cars on tick, in your name.
4) Impersonate you online, for example using your identity in online auctions or e-commerce site.
Malicious Attacks
Attacks that specifically aim to do harm are known as premeditated or malicious attacks. They can be further broken down into attacks caused by malicious code and those caused by intentional misrepresentation. Misrepresentation is most often seen with regard to on line fraud and identity theft. Notable examples of which include computer viruses and Denial of Service (DOS) attacks.
Computer virus
Viruses are small, malicious computer programs that try to infect computers, spreading from one machine to the next. There are four main classes of viruses:
File infectors- imbed themselves into ordinary executable files and attach to other system executables when the file is run.
System or boot-record infectors- infect the first sector on a driver from which the operating system is booted-up.
Macro viruses- infect data files that include scripting "macros.”
Multi-part viruses- viruses that use more than one attack method.
Look for these clues to determine if your computer is infected with malware:
1) A sudden increase in pop-up ads
2) A browser that takes you to sites other than those you type into the
address box (also called hijacked browser)
3) Sudden or repeated changes in your computer’s home page
4) New toolbars or icons
5) Keys that suddenly don’t work
6) Sluggish or slow performance when opening programs or saving files
Denial of Service Attacks
It is another form of malicious code, are carefully crafted and executed. It is an attack on website in which an attacker uses specialize software to send a flood of data packets to the target computer with the aim of overloading its resources. it may cause a network to shut down masking it impossible for user to access the sites. Denial of Service Attacks is not new, yet they are growing in sophistication. Traditional DOS attacks usually involve one computer attacking another, but the use of multiple computers in a highly organized attack is known as Distributed Denial of Service Attacks (DDOS) becoming increasingly common. The DDOS attacker strategically builds an army of key players including:
1) One client machine for coordinating the attack
2) Three to four host machines, which are battlefields under the attacker's
direct control
3) Potentially hundreds of broadcasters, which are the legions that run the
code to generate the flood of packets that attack a target system
Threat to your privacy
The internet makes it easy for online criminals to attack your privacy:
Accidental Actions
Accidental actions contribute to a large number of computer security risks. This category encompasses problems arising from basic lack of knowledge about online security concepts and includes issues such as poor password choices, accidental or erroneous business transactions, accidental disclosure, and erroneous or outdated software.
Hacking
Hacking is the act of illegally gaining access to your computer/sites for the sole purpose of destroying, disrupting or carrying out illegal activities on your system. A "hacker" is the person who illegally gains access. Hackers generally look for personal information, such as passwords or credit cards numbers. They may also be trying to use your Internet connection to transit their own material—or they may just be searching at random to see what they can find. However, there are many technologies out there you can use to prevent and detect hacking. A firewall, a program designed to prevent unauthorized Internet users from accessing your system, is the best way to protect your computer from intrusions
Wi-Fi eavesdropping
If you use a wireless, or Wi-Fi, network you’ll know that it lets you connect to your broadband internet connection using a radio link with a range of several hundred feet. However, this flexibility has a downside. A more sinister risk is that people can, with the right equipment, spy on you and gain access to your computer over the wireless link.
Spyware
Spyware doesn’t try to replicate itself like a virus. Instead, it relies on people downloading it mistakenly, often alongside other programs such as peer-to-peer music sharing programs. It causes a range of problems, including:
Annoying pop-up adverts.
1) Taking over your web browser.
2) Scanning your computer for private information like credit card numbers.
3) Slowing down your computer and internet connection.
4) Downloading viruses.
5) Being very difficult to remove.
Threats to your wealth
Fraud
Fraud is a growing problem online. Conmen are the dot.com entrepreneurs of crime. Common tricks include:
Phishing
Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. If you suspect phishing, do not reply to the e-mail or respond by clicking on a link within the e-mail message.
Identity theft
Online identity theft comes in many forms and involves the use – by someone else – of your computer and/or the information on it. Some identity thieves use an array of techniques known as social engineering to try to manipulate you into performing certain actions or divulging confidential information. Or, they may access sensitive information without you even being aware of their presence. With this information they can, for example:
1) Empty your bank account.
2) Max out your credit cards buying stuff for themselves.
3) Buy cars on tick, in your name.
4) Impersonate you online, for example using your identity in online auctions or e-commerce site.
Malicious Attacks
Attacks that specifically aim to do harm are known as premeditated or malicious attacks. They can be further broken down into attacks caused by malicious code and those caused by intentional misrepresentation. Misrepresentation is most often seen with regard to on line fraud and identity theft. Notable examples of which include computer viruses and Denial of Service (DOS) attacks.
Computer virus
Viruses are small, malicious computer programs that try to infect computers, spreading from one machine to the next. There are four main classes of viruses:
File infectors- imbed themselves into ordinary executable files and attach to other system executables when the file is run.
System or boot-record infectors- infect the first sector on a driver from which the operating system is booted-up.
Macro viruses- infect data files that include scripting "macros.”
Multi-part viruses- viruses that use more than one attack method.
Look for these clues to determine if your computer is infected with malware:
1) A sudden increase in pop-up ads
2) A browser that takes you to sites other than those you type into the
address box (also called hijacked browser)
3) Sudden or repeated changes in your computer’s home page
4) New toolbars or icons
5) Keys that suddenly don’t work
6) Sluggish or slow performance when opening programs or saving files
Denial of Service Attacks
It is another form of malicious code, are carefully crafted and executed. It is an attack on website in which an attacker uses specialize software to send a flood of data packets to the target computer with the aim of overloading its resources. it may cause a network to shut down masking it impossible for user to access the sites. Denial of Service Attacks is not new, yet they are growing in sophistication. Traditional DOS attacks usually involve one computer attacking another, but the use of multiple computers in a highly organized attack is known as Distributed Denial of Service Attacks (DDOS) becoming increasingly common. The DDOS attacker strategically builds an army of key players including:
1) One client machine for coordinating the attack
2) Three to four host machines, which are battlefields under the attacker's
direct control
3) Potentially hundreds of broadcasters, which are the legions that run the
code to generate the flood of packets that attack a target system
Saturday, June 27, 2009
Certificate Authorities (CAs)
Certificate Authorities (CAs) are the third parties that issue digital certificate to provide verification that your website does indeed represent your company. One of the certificate authorities is MSC Trustgate.com Sdn Bhd. It is a licensed CA in Malaysia which incorporated in 1999, under the Digital Signature Act 1997 (DSA). It offers complete security solutions for individuals, organizations, government, and e-commerce service providers by digital certificates, encryption and decryption.
The objective of MSC Trustgate is to secure the open network communications from both locally and across the ASEAN region. Trustgate provide digital certification services such as digital certificates, cryptographic products and software development. The products and services of Trustgate are SSL Certificate, Managed PKI, Personal ID, MyTRUST, MyKAD ID, SSL VPN, Managed Security Services, VeriSign Certified Training and Application Development. The vision of Trustgate is to enable organizations to conduct their business securely over the internet, as much as what they have been enjoying in the physical world.
VeriSign is the leading Secure Sockets Layer (SSL) Certificate Authority which also enabling the security of e-commerce, communications, and interactions for Web sites, intranets, and extranets. It provides security solutions to protect an organization’s consumers, brand, Web site, and network.
Why is the 3rd party certification needed? The reason is there are threats of internet security spreading over the net nowadays. For example, with the increase of phishing on the internet; customers want to make sure that whether they are dealing business with a trusted party. They are afraid of their personal information such as ID number, passwords, credit card numbers and so on, will be sent to those companies which do not exist in this real world. Thus, the certification from 3rd party is needed to ensure their information travelled over the Internet reaches the intended recipients and is safe.
Besides that, those parties are needed because they can provide e-mail protection and validation, secure online shopping carts and more services in order to avoid being spammed, hacked and attacked by the malicious software such as virus, Trojan horse and worms.
By using the digital certificate, there are more safeguard for online shopping , where the users can be able to make transaction on the internet without fear of having the personal data being stolen, information contaminated by third parties, and the transacting party denying any commercial commitment with the users. In addition, the confidentiality of customers towards the internet can also be enhanced; therefore, the digital certificates can assist the development of greater internet based activities.
Wednesday, June 24, 2009
My review on a post on the Internet Security from My E-Commerce blog
Symantec security firm said,
the number of viruses, worms and trojans in circulation
has topped the one million mark.
the number of viruses, worms and trojans in circulation
has topped the one million mark.
Unfortunately, in 28 April 2009, Symantec Corporation announced the publication of its April 2009 MessageLabs Intelligence Report. The analysis highlights that spam has increased almost ten percent in one month, reaching heights of 85.3 percent, levels not experienced since September 2007. Also in April, the high profile G20 summit was the subject for a rise in targeted malware attacks. In addition, the number of malicious websites intercepted per day continued to increase significantly, taking the average number of intercepted each day to 3,561.
The vast majority of these viruses are aimed at PCs running,
Typically, groups engaged in hi-tech crime employ groups of programmers to generate the novel variants. The fact that these programmers expect to be paid drives the criminals to make as much money as possible out of the information they steal and to be constantly on the look out & threaten online users as new victims.
Thus, in order to avoid the increase of those numbers of viruses in future, as my suggestion the security firms should create an ultimate protection for windows such as strong antivirus system before too late to secure it.
Malicious programs hit new high
http://news.bbc.co.uk/2/hi/technology/7232752.stm
Symantec Announces April 2009 MessageLabs Intelligence Report
http://www.messagelabs.com/resources/press/28950
More Than 1 million computer viruses in circulation now
http://ecommerze.blogspot.com/2008/04/more-than-1-million-computer-viruses-in.html
Subscribe to:
Posts (Atom)
BookMark Zone
 |