The threat of online security: How safe is our data ?

Nowadays, we cannot deny that internet technology has improved the quality of our lives. However, we are facing the threat of online security too. Computer users tend to worry about their personal data to be leak out and used in negative purposes. On the other hand, organizations are worried about the online security too.

Today, computer users are facing the threats of cybercrime, internet and network attacks such as computer viruses, worms and Trojan horses and back doors.

A virus is a program that attach itself to a legitimate program to penetrate to the operating system and destroy application programs, data files, and the operating system itself.

A worm is a software program that virtually burrows into the computer’s memory and replicates itself into areas of idle memory. The worm systematically occupies idle memory until the memory us exhausted and the system fails.

Trojan Horse is a program whose purpose is to capture IDs and passwords from unsuspecting users. These programs are designed to mimic the normal log-on procedures of the operating system. The author of Trojan Horse uses these IDs and passwords to access the system and masquerade as an authorized user.

However, as the technology grow along quickly, the security requirement has been increased to protect the safety of the information. The security requirements are summarized into 3 category namely Confidentiality, Integrity, and Authentication.

Confidentiality makes sure that a message is kept confidential such that only intended recipient can access it. Encryption is a favourite tool to provided confidentiality.

Integrity is aiming to ensure that if the content of a message is altered, the receiver can detect it. Thus, when the payment information is changed, the message is no longer valid.

Authentication is about verification of the identity where the identity of the company can be verified before carrying out a transaction. In an open c-commerce system, a digital certificate is used to satisfy the authentication requirement.

Besides that, the best way users can do if they get on the Internet at all is to use security software and hardware such as firewalls and authentication servers, as this is the most effective approach to protect the computer and their personal information

In conclusion, safeguards developed must be always up to date to enhance the defences against online security threats. By the way, users must be educated and informed about the crucial damages and loss caused by imposing online security threats.

The application of third party cerification programme in Malaysia

What is Third Party Certification?

Third Party Certification is act as a certificate authorities (CAs), who issue digital certificate to provide verification that your website does indeed represent your company.It used to provide the trust on your web pages and provide security measurement purpose. Data is restricted only to authorized individuals in conformity with its disclosed security.

Malaysia also have it own third party certification company,which is MSC Trustgate.com Sdn Bhd.MSC Trustgate was incorporated in 1999 to meet the growing need for secure open network communications and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region.Trustgate is licensed under the Digital Signature Act 1997 (DSA),which it was required by Malaysia Law .

Trustgate’s core business is to provide digital certification services, including digital certificates, cryptographic products, and software development.This services is mention for individuals, organizations, government, and e-commerce service providers.

The product that also been offered by MSC Trustgate is SSL Certificate,Managed PKI, Personal ID,My TRUST,MyKAD ID,SSL VPN,Managed Security Services VeriSign Certified Training and Application Development.

Why the Third Party Certificate is needed?

The reason behind of it is, there are threats of internet security happen each day. Example for the biggest threat is happen in Y2K. It been affected the computer database from around the world, and reported cost the effected company Millon of Dollars in businesses.With the exist of this certificate user will be able to make transaction online without worried feared that their particular such as ID, Password, and private imformation been will been stolen by other unresponsible party.

In conclusion, third party certification program is important to the internet user to secure their privacy , prevent the confidential information or personal data being stolen during the transaction on Internet.

Phishing: Examples and its prevention methods

What is Phishing?

Phishing is a fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Examples of Phishing
1. eBay:

On 17 November 2003, many eBay customers received email notified that their accounts had been compromised and were being restricted. After clicking the hyperlink provided in the email, a web page which just looked like the same as eBay’s home page appeared. To re-register, the customer were told to provide credit card data, ATM personal identification numbers, Social Security number, date of birth and their mother’s maiden name. However, the problems was eBay did not send the email and the webpage did not belong to eBay.



2. Citibank:

The "From Field" appears to be from the legitimate company mentioned in the e-mail. However, that it is very simple to change the "from" information in any e-mail client. The e-mail will usually contain logos or images that have been taken from the Web site of the company mentioned in the scam e-mail.

The e-mail will contain a clickable link with text suggesting you use the inserted link to validate your information. In the image you will see that once the hyperlink is highlighted, the bottom left of the screen shows the real Web site address to which you will go. Note that the hyperlink does NOT point to the legitimate Citibank Web site URL.

In this instance, the text you click is "here". However, this may also state something like "Log-in to Citibank" or "www.citibank.com/secure" to be even more misleading. This clickable area is only text and can be changed to anything the sender wants it to read.

Additionally, you may spot some of these elements that did not appear in this particular scam:
Logos that are not an exact match to the company's logo, spelling errors, percentage signs followed by numbers or @ signs within the hyperlink, random names or e-mail addresses in the body of the text, or even e-mail headers which have nothing to do with the company mentioned in the e-mail.

How to prevent it?

1. Never click directly on any link from your e-mail. Be suspicious when you have come to a message that requires account verification.
2. Use strong password and do not use the same password for more than one site. Change it frequently.
3. Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.

4. Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.

5. Stay alert and be cautious with the e-mail and on Websites.

Hopefully all this information can help all the users to be alert from the phishers.