Saturday, February 7, 2009

How to safeguard our personal and financial data?

The growing popularity of the use of computers now cause the threat to our personal and financial data. So, safeguard of our personal and financial data had become important now. How to safeguard our important data?

Here are some tips to safeguard our personal and financial data:
1.Use passwords and encrypt our important data- Passwords and other security features add layers of protection if used appropriately. Use a strong password or pass-phrase to protect access to your data. By encrypting files, you can ensure that unauthorized people can`t view your data even if they can physically access it. When you use encryption, it is important to remember your passwords and pass phrases; if you forget or lose them, you may lose your data.
2.Install a firewall-
A firewall is a software program designed to allow good people in and keep bad people out. Most new computers come with firewalls integrated into their operating systems. Those who have a DSL or cable modem have an added layer of protection because these modems come with yet another firewall built in.
3.Use and maintain anti-virus software- Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software. Make sure to keep your virus definitions up to date.
4.Regularly scan your computer for spyware - Spyware or adware hidden in software programs may affect the performance of your computer and give attackers access to your data. Use a legitimate anti-spyware program to scan your computer and remove any of these files.
5.Keep software up to date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should turn it on.
6.Temporary data storage- If you need to store sensitive/confidential data temporarily on a memory stick, laptop, or other device, remove that data from the device when you have finished. Ensure that data has been completely erased and not just deleted.
7.Dispose of sensitive information properly - Simply deleting a file does not completely erase it. To ensure that an attacker cannot access these files, make sure that you adequately erase sensitive files.
8.Avoid accessing financial information in public- Resist logging on to check your bank balance when working from a coffee shop that offers wireless access. These systems are convenient, but also unknown. Casual users have no way of assessing how sturdy their firewalls are.
9.Update your browser- Updating your browser on a regular basis can help plug up security holes, so make it a habit.
10.Don't open mystery attachments- Never open an attachment or click on a link sent to you by an unknown party. Attachments can contain viruses and links can lead unsuspecting users to dummy sites where they are asked to input financial information.

Thursday, February 5, 2009

The application of 3rd party certification programme in Malaysia

Security With WebTrust can allow enterprises to ensure that access to its electronic commerce system and data is restricted only to authorized individuals in conformity with its disclosed security policies. The WebTrust Program's Security standards provide a comprehensive solution for e-businesses by independently verifying a web site's compliance with online security best practices. The WebTrust Security Principle sets out an overall objective for the security of data transmitted over the Internet and stored on an e-commerce system.


Certification Authority (CA) is the body given the license to operate as a trusted third party in the issuance of digital certificates. One of the famous applications of 3rd party certification program in Malaysia is the MSC Trustgate com Sdn Bhd. It is a licensed Certificate Authority under the operation of the Multimedia Super Corridor which incorporated in 1999, under the Digital Signature Act 1997 (DSA). MSC Trustgate was state-of-the-art data center located in Cyberjaya is one of the most advanced in ASEAN and conforms to IT security standard, Orange Book Tier 4. All of the consultants carry out a stringent certification process and continuous training programs and are well experienced in deploying large-scale projects. At present, MSC Trust gate has 12 million of paid up capital.

The projects MSC Trustgate have implemented are E-banking Security Deployment and E-procurement Integration, User Authentication and Customer Clearance Approval System, and Public Key Infrastructure (PKI) to assist all type of companies and institution conducting their business over the internet. MSC Trust gate offers complete security solutions and trusted services for individuals, organizations, government, and e-commerce service providers by digital certificates, encryption and decryption. It could help companies build a secure network and application infrastructure for their electronic transactions and communications over the network.

The objective of MSC Trustgate is to secure the open network communications from both locally and across the ASEAN region. Trustgate provide digital certification services such as digital certificates, cryptographic products and software development. The products and services of Trustgate are SSL Certificate, MyKAD ID, MyTRUST, Managed PKI, SSL VPN, Personal ID, Managed Security Services, VeriSign Certified Training and Application Development. The vision of Trustgate is to enable organizations to conduct their business securely over the internet, as much as what they have been enjoying in the physical world.


helps companies and consumers all over the world to engage in trusted communications and commerce. VeriSign is the most trusted mark on the Internet, the seal of verisign is an instant proof that your web site is genuine because you have been verified by the Certification Authority, and your customers can conduct business with you free of worry. It offers the strongest SSL encryption, and VeriSign is the leading Secure Sockets Layer (SSL) Certificate Authority. SSL is a protocol originally developed by Netscape in 1996 as a way of ensuring the security of e-commerce transactions, communications, and interactions for Web sites, intranets, and extranets.

Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, Security HTTP is designed to transmit individual messages securely. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.
Digital certificate usually attach to an e-mail message or an embedded program in a web page that verifies that user or website is who they claim to be. The common functions of a digital certificate are user authentication, encryption and digital signatures. User authentication provides other security than using username and password. Its session management is stronger. Encryption can make the data transmission secured by using the information encrypted. The intended recipient of the data is only person to receive the message. Digital signatures are like the hand signature in the digital world. It can ensure the integrity of the data. Furthermore, the digital certificates can assist the development of greater internet based activities.

Why is the 3rd party certification needed? The reason is there are threats of internet security spreading over the net nowadays. For example, customers want to make sure that whether they are dealing business with a trusted party. They are afraid of their personal information such as ID number, passwords, credit card numbers and so on being stolen, information contaminated by third parties, and the transacting party denying any commercial commitment with the users. Thus, the certification from 3rd party is needed to ensure their information traveled over the Internet reaches the intended recipients and is safe.

Moreover, it can provide e-mail protection and validation, secure online shopping carts and more services in order to avoid being spammed, hacked and attacked by the malicious software such as virus, trojan horse and worms.

Lastly, by applying 3rd party certification, there are more safeguard for online shopping, which means the customers can shop safely. In addition, the confidentiality of customers towards the internet will also be enhanced and hence the organizations will be able to earn more profits.

References:

http://youthdew.blogspot.com/2008/06/application-of-3rd-party-certification.html
http://milkteablog.blogspot.com/2008/06/application-of-3rd-party-certification.html
http://littleangele-commerce.blogspot.com/2009/02/application-of-3rd-party-certification.html
http://focus.ti.com/lit/ml/szzq009a/szzq009a.pdf
http://www.rhb.com.my/insurance/en/join-rhbi/business-development-opportunities/the-requirements/Default.aspx
http://ecomworld.wordpress.com/2008/06/25/the-application-of-3rd-party-certification-programme-in-malaysia-2/
http://e-noll.blogspot.com/2009/02/application-of-3rd-party-certification.html
http://www.bnm.gov.my/files/doc/forex_online_application_userguide.pdf

Wednesday, February 4, 2009

Phishing: Examples and its prevention methods.




What is phishing?


Phishing in this computer world is where perpetrator using fraud method and criminally and fraudulently steal people information such as usernames, password, credit card number, bank account number to invade other people privacy.
Communications purporting to be from popular social web sites (YouTube, Facebook, MySpace), auction sites (eBay), online banks (Bank of America), online payment processors (PayPal), or IT Administrators (Yahoo) are commonly used to lure the unsuspecting।


How phishing works?

The perpetrator carried out using e-mail addresses and instant messaging. They will use fake website they have created instead of legitimate one to steal the information from people, the fake e-mail address that they have sent usually redirect to the perpetrator website which is fake so that it look similar to the original website.
Phishing occurs when a consumer receives a deceptively-legitimate looking e-mail from what appears to be a reputable company. The e-mail asks recipients to update their credit card information or their account will be promptly terminated. Or the message offers a service to protect their credit cards from possible fraud.

The best way to protect yourself from phishing is to learn how to recognize a phish.

Phishing e-mail:



What to look for in a phishing e-mail:

1. Generic greeting: Phishing e-mails are usually sent in large batches. To save time, Internet criminals use generic names like “First Generic Bank Customer” so they don’t have to type all recipients’ names out and send emails one-by-one. If you don’t see your name, be suspicious.
2. Forged link: Even if a link has a name you recognize somewhere in it, it doesn’t mean it link to the real organization. Roll your mouse over the link and see if it matches what appears in the e-mail. If there is a discrepancy, don’t click on the link. Also, websites where it is safe to enter personal information begin with ‘https’ – the‘s’ stand for secure. If you don’t see “https” don’t proceed.
3. Requests personal information: The point of sending phising e-mail is to trick you into providing your personal information. If you receive an e-mail requesting your personal information, it is probably a phishing attempt.
4. Sense of urgency: Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.

Example of Phishing email from PayPal:



Example of Phishing email from Citibank:


Example of Phishing email from eBay:



Example of Phishing email from YouTube:





Phishing website:


What to look for in a phishing website:

1. Poor resolution: Phishing websites are often poor in quality, since they are created with urgency and have a short lifespan. If the resolution on a logo or in text strikes you as poor, be suspicious.
2. Forged URL: Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Read URLs from right to left – the real domain is at the end of the URL. Also, websites where it is safe to enter personal information begin with “https” – the “s” stands for secure. If you don’t see “https” do not proceed. Look out for URLs that begin with an IP address such as http:// - these are likely phishes .

Example of Phishing website from Paypal:



Example of Phishing website from Citibank:


Example of Phishing website from eBay:


Example of Phishing website from YouTube:



How to spot phishing scams:
1. Keep your e-mail and Instant Message Addresses Private
2. Immediately report suspected phishing contacts
3. Limit your dialogue
4. Never reply to e-mail message that request your personal information
5. Don’t click links is suspicious e-mail, the link might not be trustworthy
6. use the strong or different password for each of your accounts and change them frequently
7. Don’t send personal information in regular e-mal messages
8. Do the business only with companies you know and trust
9. Help protect your PC, keep your PC updated and use antivirus software
10. Monitor your transaction, using just one credit card for online purchases makes it easier to track your transactions
11. Use credit cards for transactions on the Internet instead of debit cards to avoid the big credit limit from your bank account


If you receive a suspicious e-mail, you can send it to the US Federal Trade Commission at spam@uce.gov or you can just click the ‘report as junk’ button on your e-mail program.
Learn more about protecting yourself from online identity theft with the FREE Computer Safety Pro e-Course. http://www.ComputerSafetyPro.com
Microsoft also provides the method to fight for the spammers or phishing actives. http://www.microsoft.com/protect/yourself/phishing/identify.mspx


References:

http://en।wikipedia.org/wiki/Phishing
http://www.phishtank.com/what_is_phishing.php
http://evolutionboyz.blogspot.com/2008/06/phishing-examples-and-its-prevention.html
http://chowkamleeng.blogspot.com/2008/06/phishing-examples-its-prevention.html
http://ezinearticles.com/?How-to-Prevent-Phishing-Scams&id=1147318

The history and evolution of E-commerce

The history of E-commerce

History of ecommerce dates back to the invention of the very old notion of “sell and buy”, electricity, cables, computers, modems, and the Internet. Ecommerce became possible in 1991 when the Internet was opened to commercial Since that date thousands of businesses have taken up residence at web sites.


At first, the term ecommerce meant the process of execution of commercial transactions electronically with the help of the leading technologies such as Electronic Data Interchange (EDI) and Electronic Funds Transfer (EFT) which gave an opportunity for users to exchange business information and do electronic transactions। The ability to use these technologies appeared in the late 1970s and allowed business companies and organizations to send commercial documentation electronically


Although the Internet began to advance in popularity among the general public in 1994, it took approximately four years to develop the security protocols (for example, HTTP) and DSL which allowed rapid access and a persistent connection to the Internet. In 2000 a great number of business companies in the United States and Western Europe represented their services in the World Wide Web। At this time the meaning of the word ecommerce was changed। People began to define the term ecommerce as the process of purchasing of available goods and services over the Internet using secure connections and electronic payment services। Although the dot-com collapse in 2000 led to unfortunate results and many of ecommerce companies disappeared, the “brick and mortar” retailers recognized the advantages of electronic commerce and began to add such capabilities to their web sites (e.g., after the online grocery store Webvan came to ruin, two supermarket chains, Albertsons and Safeway, began to use ecommerce to enable their customers to book groceries online). By the end of 2001, the largest form of ecommerce, Business-to-Business (B2B) model, had around $700 billion in transactions.


History of ecommerce is a history of a new, virtual world which is evolving according to the customer advantage It is a world which we are all building together brick by brick, laying a secure foundation for the future generations.

The Evolution of E-commerce

Since 1995, many innovative applications, ranging from direct online sales to e-learning experiences had been developed। Almost every organization in the world has a Web site।

In 1999, the emphasis of e-commerce shifted from B2C to B2B.
In 2001, from B2B to B2E, e-government, e-learning, and m-commerce.
In 2005, social networks started to rise and so did l-commerce and wireless applications.

E-commerce will undoubtedly continue to shift and change in the future।


1984
EDI, or electronic data interchange, was standardized through ASC X12. This guaranteed that companies would be able to complete transactions with one another reliably.

1992
Computer server offers online retail products to its customers. This gives people the first chance to buy things off their computer.

1994
Netscape arrived। Providing users a simple browser to surf the Internet and a safe online transaction technology called Secure Sockets Layer.


1995
The biggest names in e-commerce are launched Such as Amazon.com and eBay.com.

1998
DSL, or Digital Subscriber Line, provides fast, always-on Internet service to subscribers across California। This prompts people to spend more time, and money, online.
:


1999
Retail spending over the Internet reaches $20 billion, according to
Business.com.

2000
The U.S government extended the moratorium on Internet taxes until at least 2005.