Review on Internet security - Favourite passwords used online

Recently i have read a post from My E-commerce, which is about the favourite passwords used online. In that post, it discuss about the passwords that are usually used. After reading the post, I agree with the post, to choose a password that is longer than 8 characters, and include some character with capital letter and symbol.

Many people like to use their name, date of birth, telephone number, IC number as their password. But this will create a chance for other to have unauthorized access to your account. They can easily get those information from elsewhere in order to access into your account.

Therefore, your password should include some capital letter and symbol to avoid any unauthorized access. This is because they cannot guess your password easily. There may need some time to guess your password.

The password should be unrelated to your birthdate or name. But if realy want include name in your password, you can insert some capital letter or symbol in between your name.

These are my opinion about review on Internet security.

Additional Information:
- Secure Passwords Keep You Safer

- Password Cracking

- Password Strength

How to safeguard our personal and financial data

Due to the reason of so happen that our personal and financial data are esposed to risk of being hacked, we have to take consideration in safeguarding our data.

Ways to safeguard personal and financial data:

(1) Do not give away any valuable or sensitive persoanl information on Myspace or Facebook profile or within messages to other members of the network.

(2) Do not click on any links in social network messages from people that you do not know.

(3) Use one of the many antivirus, antispyware, and firewall programs on the market.

(4) Pay attention to the messages from Windows that pop up on your screen. They often contain helpful security information that many users overlook.

(5) Beware of e-mail that you received. No reputable company will ask for password, account number, or other log in information via e-mail or instant message.

(6) Upgrade the browser to the most current version.

(7) Update virus scanning utility on a regular bases so that you can protect your system from the lastest computer virus ciculating.

(8) Do not open e-mail attachments from the e-mail addresses that you do not know.

(9) Implement and stick with an automated backup system, where you regularly monitor the log files and run test restore jobs.

References:

- How Safe is Critical Data

The threat of online security:How safe is our data?

Internet is widely used today. Unfortunately, hackers appear with malicious intention. They hack, steal as well as destroy consumers' personal or financial data. Hackers are increasingly attacking online services. For consumers, their profile containing their personal information on social network is exposed to risk. Hackers might hack their accounts by using malicious software. For example, Facebook users had their profile defaced by an attack which installed a Trojan while displaying animated graphics.

In a corporate world, the hackers are hunting for more of the valuable information stored on companies' servers. Besides that, the cyber thieves are also intended to attack corporate databases in search of undisclosed financial data or proprietary design and engineering information that can be sold.

Other than that, hackers are also unleashing viruses into consumers' personal computers. This is because new viruses circulate the Internet daily and you will not fully be protected. By doing so, consumers may lose all their personal information and falls into trouble.

In addition, as far as organization is concerned, disgruntled employees should be aware too. the greatest threat to business online security is from its own staffs. The organization should ensure that policy and procedures are set up to protect against potential threats such as email viruses, internet misuse and mishandling of personal and private data. These can all lead to an attack on the company's security.

In short, become aware of the online security threat as data security is a complex issue the potential for disruption, to both the consumers and corporate may be alarming.

References:
- Top Online Securuty Threat for 2009

The application of 3rd party certification programme in Malaysia

In e-commerce world, reliability of business on the Web is one of the key concerns for online consumers. According to a research, there are more than 50% of people will choose to buy things from well-known and major site, in stead of those unpopular sites. Normally these sites have applied a digital certificate from a 3rd party, to ensure their sites’ reliability and boost online users’ confidence. The most popular 3rd party certification companies in Malaysia are DigiCert and MSC Trustgate.

DigiCert
It is the 1st certification authority in Malaysia, which licensed to issue digital signature and digital certificate. Basically, DigiCert provides services according to:

1.Screening of the authority of the people that apply for issuance and revocation of certificates.
2.Issuance, revocation and publication of certificates.
3.Delivery, storage and archiving of certificates and certificates revocation list.

MSC Trustgate
It is the 2nd certification authority company in Malaysia, which is similar to DigiCert. It provides security services to various Internet markets such as:

1. Issue digital certificates
2. Establish public key infrastructure
3. Provide cryptographic technology

Applications of Digital Certificate
Privacy and confidentiality -- use for message encryption and decryption.

Integrity, authentication, and non-repudiation -- use for digital signing of messages to establish the identity of the sender and to establish that messages have not been alter with.

Access control – use to control access to facilities, Internet sites, Intranets, and other digital networks.

Document archive and retrieval – use to validate that stored messages have not been altered and to provide controlled access to authorized individuals.

Identification and privileges -- to establish their rights and privileges, for instance, for licensing purposes.

Through these 3rd parties’ digital certificate, those business transaction through online will be secured, and thus, increase the reputation of their sites. Online users’ will feel secure to trade and communicate with the business site through online.

Additional Informations:

- What is Digital Certificate

- Internet security system-iVEST

Phishing: Examples and its prevention methods

Do you know what does it means by “phishing”? Yea it is sounds alike with “fishing”, but the meaning behind the words are different. Fishes are the target of “fishing”, while “phishing” is targeting on our personal private data!

Definition - criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication

Here is an example for a phishing email:

It is so dangerous where our personal information will be used to perform wrongful things, or even we will lose our money. Therefore, to prevent this happen, there are several ways to avoid it:

Check the grammar and the sentences of the email
Normally, the phishing email is sent in bulk. Therefore, you should take not when you got an email with “Dear Valued Customer”. Besides, formal email is normally free of grammar mistakes (a company would not do this mistake to spoil their own company name). Therefore, when you did notice grammar mistake in the email, beware of it.

Compare the link address before clicking on it
When you receive an email that require you to fill in your information by clicking the website, compare the link address that written in the email, with the actual link that you are going to. The actual link that you are going to is provided by the browser where it normally located at left bottom of the browser when you mouse hover on the link. When the link address are different, do not click on it, it might be a phishing website that try to trick you.

Verify the e-mail with the original website
You can forward the email to the original website, or call to their service centre, to ask them to help you to verify whether it is an email from their website.

Directly go to the original website to precede the steps
If you think that verify with the original website is troublesome, you can directly go to that original website and precede the steps. By doing it through this way, you would not get into the phishing website, and you will get know if the original website did not require you to do so.

Check the link address with 3rd party – PhishTank
PhishTank “www.phishtank.com”, is a online database that store numerous of phishing website address. When you suspect that the email might be a phishing website, copy the link address and paste to this website to ask them verify for you. The website will then check the address with their database. If they could not find it in their database, they will try to access the website and verify for you whether it is a phishing website.

Install online anti-phishing software
Use online anti-phishing software to verify the website for you, for instance, ScamBlocker, PhishBlocker, and TrustWatch.

There are many ways to prevent getting trick, but the most important is to be careful and do not trust the email easily. Get smart before getting trick.

Additional Information:
- Alert: Watch Out for "Phishing" Emails
- example of phishing
- Wikipedia explanation about phishing
- PhishTank

- CNN news about phishing