Time is Important~~!! Don't always Blur Blur~~!

Saturday, June 21, 2008

Phishing:An examples and prevention methods

Phishing is a crime technique to steal the identity of a target company to get the identities of its customers (by turban e-electronic commerce 2008 a managerial perspective) It is also recognized as a scam.

An Example of phishing is an eBay phishing email such as the eBay logo, the attacker attempts to gain authority. In the purporting email warns the victim that there is a billing incorrect may have been made on the account and urges the eBay victim to login
and confirm the charges.

Besides that, another example is Citibank phishing. The attacker will trick the victims by instructed them to visit a fake website and enter personal financial details for their confirmation shake of security online banking. The attacker will then use to disturb the very security and integrity they claim to be protecting.

Prevention Methods is if there is a suspicious email received that instructs you to login to any account for any reason should be viewed with suspicion, users should report and send it to the US Federal Trade Commission at spam@uce.gov or you can just click the “Report As Junk button on your email program. Or verify the authenticity of the email by call the bank or commerce site to seek for confirmation. However, scammers may use phone number to trick victims in the suspicious email as well.

There are few ways to prevent from attacked by phishing such as using Phishing Filters,
Look for online websites for known phishing sites,try to avoid for any suspicious emails asking for private information which you feel unsecured.Phishing Filter helps identify and warn about possible phishing scams. There are ways that these can be used such as

Built-in filters.It built into the browser and scan web addresses and pages for characteristics that are known as phishing scams and also will warn the users if any sites visited are found disbelieving.Other than that, , according to Microsoft Online service is the most triumphant phishing sites appear and disappear in 24-48 hours. These services provide up-to-the-hour information about reported phishing Web sites.

Reference;

http://antivirus.about.com/od/securitytips/a/stopphish.htm

www.cwu.edu/~balea/page5.html

Friday, June 20, 2008

How to safeguard our personal and financial data?

Nowadays, computer and internet are very common to everyone. We will rely on computer to save our personal data and using online financial services to do financial transactions such as online purchases or online banking in order to safe time. Before we do any financial transaction in the website, we need to register to become a member to fill in some personal information. The information is including name, date of birth, gender, address, telephone, e-mail address, occupation and interests. “Personal Financial Information” means any record containing a customer of a financial institution, whether in paper, electronic, or another form, that is handled by behalf of the institution or its affiliates.

But, is it security to protect consumer avoid embezzled by other people? Therefore, there are some ways I suggest to safeguard our personal and financial data.

1. Use strong password or pass-phrase to protect your access data. When using the computer, password plays an important role to many aspects. We do not reveal any personal information or particularly passwords to anyone. After using any of the Financial Data Center or member services, must remember to log out properly before leaving the Financial Data Center. Besides that, if share information with another users or use our services on a public computer such as in a public library, school computer lab or Internet cafe, must remember to close the browser window. That is to prevent other users from reading your personal information and mail. Besides that, we also need to avoid using passwords that are easy for someone to guess, such as the your personal identity card numbers. Then, it is also strongly suggested to change regularly and different passwords make to different accounts.

2.
Install and update antispyware and antivirus programs. To safeguard our personal and financial data, we can install an antivirus program such as Symantec and Norton antivirus, AVG antivirus or other more in order to protect ourselves against viruses and Trojan horses that may steal or modify the data on our own computer. Besides that, we always need to make sure our antispyware and antivirus programs is up to date.

3. Install a firewall. Firewall can also prevent the unswanted data coming into computer
and unauthorized data leaving from computer. Most new computers come with firewalls integrated into their operating systems. If we have an older computer or using dial-up, then we may need to buy a firewall separately and install it ourselves.

4. Regularly scan your computer for spyware. Spyware or adware hidden in software pr
ograms may affect the performance of your computer and give attackers access to our data. Use a justifiable anti-spyware program to scan our computer and remove any of the infected files.

5. Avoid unused software programs. We need to always make sure that we do not clutter our computer with unnecessary software programs. If there have programs on our computer that we do not use, consider uninstalling them.

6. Use separate local or network accounts. By using separate accounts, individuals can be assigned very specific access rights and privileges. Using separate accounts with differing access levels limits the potential for accidental or malicious data exposure.



7. Identify where the data is stored. When we need to store any sensitive or confidential data temporarily on a memory stick, laptop, or other device, remove that data from the device when we have finished, and ensure that data has been completely erased and not just deleted.

References:

http://www.msisac.org/awareness/news/2007-03.cfm

http://finance.yahoo.com/banking-budgeting/article/103893/Six-Ways-to-Safeguard-Your-Online-Assets

The Application of 3rd Party Certification Programme In Malaysia




VeriSign is the most trusted mark on the Internet of the 3rd party certification programme.
VeriSign secures more than one million Web servers worldwide, more than any other Certificate Authority. The world’s 40 largest banks and over 93% of Fortune 500 companies choose VeriSign SSL Certificates.
Over 75% of Web sites using Extended Validation SSL choose VeriSign, including biggest names in e-commerce and banking. Over 90,000 domains in 145 countries display the VeriSign Secured Seal, the most recognized trust mark on the Internet.

Benefits
VeriSign offers the strongest SSL encryption
High-level encryption, at 128 bits, can calculate 288 times as many combinations as 40-bit encryption. That’s over a trillion times a trillion times stronger.
Only True 128-bit SSL Certificates with Server Gated Cryptography (SGC) enable every site visitor to experience the strongest SSL encryption available to them.
VeriSign is the leading SSL provider of SGC-enabled SSL Certificates, enabling 128- or 256-bit encryption for over 99.9% of Internet users.
VeriSign is the leading SSL Certificate Authority
It makes it easy to keep track of all your SSL Certificates and maintain the security of your online services with VeriSign® Certificate Center, a single-point control online management portal. If you already have a SSL certificate, Verisign also offers payment processing solutions. You will need a merchant account in addition to these solutions. You will also need to have a shopping cart that will integrate with Verisign. When you use the Verisign payment processing gateway, you are ensuring that your customer’s information will not be stolen while they are being redirected to your merchant account processing system. The payment processing solutions all offer the ability to use the Verisign Seal on your website.
VeriSign helped lead the development of Extended Validation to give Web site visitors a visible sign of trust and security in the browser bar on high security browsers.

Thursday, June 19, 2008

The threat of online security: How safe is our data?

Online security is any kind of protection when using the Internet. Online security is important because the Internet is not a safe place unless we have adequate protection against the many varieties of threats that exist in cyberspace. The best form of online security is to install software from security vendors. There are several levels of online security software, that includes antivirus, antispyware, and firewall components to a comprehensive online security suite that includes anti spam and anti phishing features.

However, there are also some threat of online security which include accidental actions, malicious attacks and online fraud.

Accidental actions contribute to a large number of computer security risks. This category encompasses problems arising from basic lack of knowledge about online security concepts and includes issues such as poor password choices, accidental business transactions, accidental disclosure, and outdated software.

Attacks that specifically aim to do harm are known as malicious attacks. They can be further broken down into attacks caused by malicious code and those caused by intentional misrepresentation. Some examples of malicious attacks is computer viruses, data theft, and Denial of Service (DOS) attacks. The most common form of malicious code is a computer virus which is a program of code that replicates by attaching copies of itself to other programs. Denial of service attacks is another form of malicious code, are carefully crafted and executed. Denial of Service Attacks are not new, but they are growing in difficulty. Traditional DOS attacks usually involve one computer attacking another, but the use of multiple computers in a highly organized attack is becoming increasingly common.


Online fraud is a broad term covering Internet transactions that involve falsified information. Identity theft is a major form of online fraud. Personal identity theft on the Internet is the newest form of fraud that has been witnessed in traditional settings for many years. For example, in traditional settings, thieves open credit card accounts with a victim's name, address and social security number, or bank accounts using false identification. In the online world, electronic commerce information can be intercepted as a result of vulnerabilities in computer security. Data theft is the term used to describe not only the theft of information but also unauthorized perusal or manipulation of private data.


References:

http://www.jvexchange.com/antifraud/

Wednesday, June 18, 2008

How to safeguard ourpersonal and financial data

Nowadays, there are number of cases that personal data has been lost, compromised or stolen. For example a theft of a laptop from a Federal employee’s home enclosed personal data involving 26.5 million veterans.

Therefore, users should be fully alert to make sure that they do not fall becoming the next victim of cyber fraud. There are few steps for safety online that should be needed to examine.

1. Install and update antispyware and antivirus programs. Every user should have regular updates of existing antispyware.Nowadays there are numerous application vendors and even Microsoft offers users for regular updates. Symantec and Norton antivirus are well demanded for antivirus protection.

2. Install a firewall. It is a software program which allows authorized personal to access into their personal data. Major computers do come with firewall which it’s already integrated in the operating systems. A DSL or a cable modem is much preferred because they have another built-in firewall. For those old PCs or dial up users, you may need to purchase and install it.

3. Avoid accessing financial information in public. Think twice before even logging on to check your bank balance in a coffee shop which provides WiFi access although they’re convenient yet they are unknown. Without this, hackers or crackers could easily access their personal info without them knowing it.

4. Update your browser. Regularly update your browser could help plug up and enhance security holes so…. Make it a habit.

5. Look for "locks." Look for a small padlock icon on the lower right corner of window browser as it indicates that the website is a secure page to be log on. Also, the web address should be “https”.

6. Don't open mystery attachments. Do not click or even open an attachment sent by unknown party or user as they could contain viruses and wares that can harm or even links that lead to unsuspecting site which they’ll ask to input financial information.


reference;
http://us.i1.yimg.com/us.yimg.com/i/us/fi/gr/market_watch