Saturday, June 21, 2008

The threat of online security: How safe is our data?

Nowadays, people rely on computers to create, store and manage critical information. Consequently, it is important for users to aware that computer security plays a major role in protecting their data from loss, damage, and misuse. Similarly, online security has been online trader’s main concern in protecting their websites from potential threats, such as phishing, security hacking, information theft, virus, worms and etc.

However, the increasingly developed technologies sarcastically increase the risk every computer user faced. Everyone who owns a computer with internet connection is able to equip themselves with ‘hacking’ knowledge by making some research online. Internet provides the opportunities for users to share the knowledge without filtering the content. Therefore, everyone can learn skills that may jeopardize online security via internet and therefore increase the online security risk.

Nowadays, computer users are facing the threats of cybercrime, phishing, internet and network attacks such as computer viruses, worms and Trojan horses and back doors.

Cybercrime is defined as online or internet-based illegal acts. Hackers, crackers and corporate spies who have advanced computer and network skills access computers and networks illegally with the intent of destroying data, stealing proprietary data and information.

Phishing is a scam in which a perpetrator sends an official looking e-mail that attempts to obtain your personal information and financial information. For example, some phishing e-mail messages ask you to reply with your information, or a pop up window that looks like a website, that collects the information. The damages caused by phishing can be crucial. The following case illustrates potential threat caused by phishing.

For example, in 21 June 2007, a spear phishing incident at the Office of the Secretary of Defense (OSD) stole sensitive U.S. defense information, leading to significant changes in identity and message-source verification at OSD. This incident has cost administrative disruptions and personal inconveniences, as well as huge financial loss in making system recovery.

Internet and network attack that jeopardize security include virus, worm, and Trojan horse. Virus is a piece of code that is secretly introduced into a system in order to corrupt it or destroy data. Virus attack can damage the operating system, causing the loss of data and other possible losses. A worm is a program that copies itself repeatedly. The repeatedly copied files use up the available space and slow down a computer operating speed. On the other hand, a Trojan horse is a program that hides within or looks like a legitimate program. Although they seem to be harmless, they may however be triggered if certain condition is certified.

A back door is a set of instructions in a program that allow users to bypass security control when accessing a program, computer, or network. Once perpetrators gain access to unsecure computers, they often install a back door or modify an existing program to include a back door, enabling them to continue to access the computers remotely without the user’s knowledge.

In conclusion, risk exposed by computer users is increasing with the increasing developed technology. Therefore, safeguards developed must be always up to date to enhance the defenses against online security threats. In the same time, users must be educated and informed about the crucial damages and loss caused by imposing online security threats.


References:
http://www.govexec.com/story_page.cfm?articleid=39456
http://en.wikipedia.org/wiki/Timeline_of_computer_security_hacker_history

Phishing: Examples and its prevention methods

Phishing is a criminal and fraudulently activity carried out on computers to acquire sensitive information such as try get hold of a person’s user name, password and credit card details. The most common way that phishers will attempt to get this information is by email or instant messaging and often directs users to enter details at a website. Normally, PayPal, eBay and online bank are phisher’s common targets. The damages cause by the phishing is that the victims may incur the financial loss due to denial access to the email.

There are some examples of the phishing:


The email looks like a real Citicorp email and the link in the email contains the name "Citibank". However, it has nothing to do with Citibank. To see the real link in an email message, right click on the text and choose “properties” from the context menu. To see an example of a faked link, try to log on to http://www.microsoft.com


This is an eBay phishing email includes the eBay logo in an attempt to gain credibility. The email notes that the billing information in the account is error and the eBay member need to login and verify the charges.

There are some methods use to prevent the phishing such as never reply to email that request your personal information or financial information. You should be suspicious when one sends you any email to ask you update your personal information or confirm it. Besides that, use anti virus and anti spam software and update them all regularly to ensure that you are blocking from new virus. The anti spam software can be use to analysis the content within the message or in urls and delete the phishing mail while the normal email gets filtered through to your inbox. Another way to prevent the phishing is review credit card and bank account statement regularly to ensure that no unauthorized transactions have been made. If your statement is late, call your credit card company or bank to confirm your billing address and account balances.

Friday, June 20, 2008

The application of 3rd party certification programme in Malaysia

What and why we need third-party certification?

Third-party certification is a scientific process by which a product, process or service is reviewed by a reputable and unbiased third party to verify that a set of criteria, claims or standards are being met. A third-party certification can reduce the time and expense needed for identifying, selecting and purchasing the products. Third-party certification is not the final word. The consumer has the final say. But a third-party certification claim is an important factor to consider when selecting a product.

The basic values of a third-party certification are to provide a measure of conformity, satisfy customer demands and limit supplier risks without the expense of repeating tests. Certifying organizations are anxious to maintain their reputation and sustain their integrity and will provide an excellent way to validate trustworthy of website while protecting consumers from myths, misconceptions, misleading information and “fly by night” manufacturers.

Example:


MSC Trustgate.com Sdn Bhd is one of the popular Certification Authority (CA) in Malaysia and it is recognized by most of the Malaysian as a mark of safety and quality. MSC Trustgate has joint venture with the Verisign which is the largest certificate authority behind the encryption and authentication on the Internet in American. Verisign provide the SSL (Secure Sockets Layer) technology to MSC Trustgate, this is a cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. Maybank2u is using the MSC Trustgate SSL to enables encryption of sensitive information during online transactions.

Wednesday, June 18, 2008

How to safeguard our personal and financial data?

As technology in this world improved day by day, our personal and financial information are getting easily and easily to be stolen and misused. People can access our personal data as well as our financial data easily trough internet. Other than that, they may also get the data by steal our wallets and purses that contains our identification; steal our mail, for example, bank and credit card statements; steal files or bribe employees who have access to files with our information and many more. Most of people that been stolen their personal and financial data will suffer financial loss. For example, the thief might use our bank account or credit cards. So, we need to take some important steps to prevent and also to safeguard our personal and financial information.

First of all, we should increase our awareness of how and when we use our personal information. By doing this, we can reduce the chance that our personal information from being misuse. This can be done by follow some steps suggested below.

Firstly, never give personal or financial information over the phone or Internet unless you initiated the contact. If you are told to send your information through email or phone, do not entertain it. It can be easily stolen.

Secondly, use strong password and try to avoid using your date of birth as password.
Most importantly, memorize the password. Do not record the password on paper that carry with you.

Thirdly, check your monthly credit card and bank statements for unusual activity. If you found any unusual record in your statement, contact the relevant authorities to check out with it.

Fourthly, use a firewall program on your computer, especially if you leave your computer connected to the Internet 24 hours a day, and never download files that sent by strangers. It helps to prevent hacker and cracker to obtain our information.

Lastly, shred receipts and copies of documents with personal information if they are no longer needed. Some identity thief might rummage through your trash to get your personal data. So, if we shred it, they would never had chance to look at it.

Other than preventing, if we suspect that we had become a victim of personal and financial data thieves, we should act immediately. We should recall all the activities that might cause the data stolen and try to remember the person that we suspected. Then, we should call the police and immediately close the account that had been theft.

As a conclusion, prevention is better than cure. We should always alert and aware of the confidentiality of our personal and financial data. We can stop it before it happen.