Sunday, February 8, 2009

The application of 3rd party certification programme in Malaysia.

Internet users may fear whether personal data that they provide in the internet are safe and not stolen by others. Most of the public organizations have imposed internet security onto their internet web page. These internet securities basically guarantee four essential components in establishing trust on-line and smart card based transactions, and they are: confidentiality, authentication, integrity and non-repudiation.


At present the licensed Certification Authorities which can issue out digital certificates are Digicert Sdn Bhd and MSC Trustgate Dotcom Sdn Bhd. Both companies offer certification services with digital certificates to secure web servers, browser and email packages with a range of assurance level.


Besides, Malaysian Communications and Multimedia Commission have played a role where it oversees and regulates the operations of the Certification Authorities, repositories and date/time stamping services in Malaysia. Apart from that, it is also empowered to ensure that the licensed Certification Authorities and the recognized repositories and date/time service providers maintain a high level of integrity and quality in rendering their services. It also looks into the determination and coordination of the Certification Authority trust model and cross-certification policies with foreign Certification Authorities.

With the 3rd party certification programme in Malaysia, we will be able to transact on the internet without fear of having our personal data stolen, our information contaminated by third parties, and our transacting party denying any commercial commitment with us. Furthermore, it assists in the development of greater Internet based activities.  

How to safeguard our personal and financial data?

Nowadays the number of crime on stealing personal and financial data from outsider is increased. We should put more attention on how to safeguard our own personal and financial data from outsider. It is very dangerous for us to disclose our personal data in the internet. For those users who want disclose some of his or her personal data in internet he or she can subscribe anti virus software such as Crypto Heaven to safeguard the file. Crypto Heaven allow us to send encrypted email, share file such as picture and business document and securely backup in secure environment. Beside that there is others way to safeguard our data so that the hackers not able to access our personal and financial data.

Here is some way that we can safeguard our personal data,

We can use strong password. What kind of password we call it as strong password? A strong password is more that 12 words and it include Digit (0-9), Alphabetic (A-Z), and also some of the special character (@,#,^,<,>,$). Besides that the password that you set is hard to get from dictionary. For example: 10y@o$h3ng1987. Passwords such as Dog, 123456 or yys19 are not recommended to use. By having strong password hackers is not easy or not able to access our personal and financial data easily.

Besides that we can have Credit Card Holder can subscribe paypal to secure his or her Credit Card Number. It is because when we buy things from internet the seller charge us by have Credit Card Transaction, so we need to give them out credit card number so he or she can have transaction toward us. Paypal can secure the Credit Card Holder by having the transaction with the seller without giving out credit card number to the seller. 

Here is some others suggestion,

·      Avoid clicking on pop-up ads or downloading information from unknown sites.

·      Use your own computer, instead of a work or public machine, to access financial and other sensitive personal information.

·      Avoid giving your personal information to “cold callers” and other unknown parties online, via e-mail and over the phone.

·      Resist using free wireless connections — particularly in cafes, airports and other public places — to check personal information.

·      Use and update antivirus and antispyware software

This is my opinion to secure your personal and financial data. Well there will be others solution more to secure our personal and financial.

The threat of online security: How safe is our data?

Internet such as online shopping, online banking, communicating with overseas friends and others activities are becoming part of our life no matter for young peoples or old peoples. So, online security is important for all Internet users because Internet is not a safe place unless an adequate security against different types of threats that exist in cyberspace. 

There are 3 categories of cyber attacks:                

(1)  Accidental actions cover problems arising from basic lack of knowledge about online security concepts. Moreover, issues such as unintentional or erroneous business transactions, poor password choices, erroneous or outdated software, and unintentional disclosure are also included in accidental actions. It contributes to a large number of computer security risks.

 

(2)  Online fraud is also known as cyber vulnerability. It is a broad term covering Internet transactions that involve falsified information. The newest form of scheme that has been viewed in traditional settings for many years is personal identity theft on the Internet. Some most common forms of online fraud are the sale through Internet of counterfeit documents such as diplomas and recommendation letters sold as credentials. In the Internet world, electronic commerce information can be captured as a result of vulnerabilities in computer precautions.

 

(3)  Malicious attacks are attacks that particularly aimed to do harm and are known as premeditated. The typical malicious attacks are virus, worm, Trojan horse and rookit. Examples for malicious attacks are data theft and Denial of Service (DOS). Denial of service attacks is another form of malicious code and are carefully crafted, executed. DOS crash computers or issue floods of commands to overwhelm websites to steal personal information, such as credit-card and bank numbers. DOS are not fresh but they are rising in difficulty.


Security Tips

-        Install a firewall which is software that runs on another computer. Protective barriers between your computer and potential harmful attacks can create by firewall. Some more, it inspects network traffic passing through it and denies or allows passage based on a set of rules.    

-       Use one of the antivirus and antispyware programs on the market. This software protects against viruses and malicious code that come through email and other else. Good anti-virus software will automatically update itself on a regular basis and they can recognize the new threats.                                                

-       Pay attention to the messages from Windows that pop up on your screen, especially in the new Vista operating system.

-       Don’t click on any links in social network messages from people that you don’t know.

-       Keep security and system patches up to date.

-       Choose your computer passwords wisely.

-       Turn on Windows’ automatic- update function to get Microsoft’s regular security patches. 






Phishing: Examples and its prevention methods

Phishing is the criminally fraudulent process of attempting to acquire important information such as usernames, passwords and credit card details. For example, the hacker/cracker will send e-mail or instant message ask users to update their personal information such as credit card number and bank account number.

Example of phising 

Sample 1: Look like a message from eBay's payment system PayPal.


Figure 1.1 Example receipt of Ebay – Paypal

 

When the users click on the link, the users are re-directed to sample 2. At the sample 1 looks like the PayPal website, but when the users check the address at the top the users will see that the people who want users email address and PayPal password are hiding behind some obscure site.

Sample 2: Look like a message from eBay's payment system PayPal.


Some prevention methods for phishing

  1. While the users receive any email from the bank ask users verify their account information, and then the users must check the sender of the email. When the email address is not the domain of a legitimate bank, then it is certain that email is a phishing.
  2. The users do not follow a click here link in the email. The phishing emails usually have a ‘Click here to re-enter user information’ kind of link that leads to an illegitimate website.
  3. The users must check contract information provided in the email. It is because have a lot of phishing emails contain fake contract information that would just serve users into their hands.
  4. The users must check the information about users provided in the email. Hacker/cracker is getting better and better at obtaining users information.