June 26, 2009

Internet security -Favourite Passwords Used Online




I choose the post entitled “Favourite Passwords Used Online”.





After I read this post, the first thing came into my mind is that the public users awareness on internet security are low. The password for emails, e-banking account, e-market and others is very important because it protects the personal identity of the user from being stolen. However, it seems that there are still large number of users do not realize the important of password choices and the selected password shows zero imagination which could be easy prey by another unauthorised person.



Some of the websites have discovered this problem and inserted the “password strength” module into the user sign up process right beside the password column. The purpose of this module is to notify the users about the strength of the password (weak or strong) chosen by them. G-mail is one of those who provide this kind of service.









Other than the tips stated in the article to create a safer password, there are also something we should avoid when choosing a password:

a) Don't use keyboard patterns (asdf) or sequential numbers (1234).
b) Don't use a password that contains personal information (name, birth date, etc.)
c) Don't use repeating characters (aa11)



There are other tips for password creation; you may refer to https://www.google.com/accounts/PasswordHelp for further reading and information.



Other than that, you can also refer to http://www.channelnewsasia.com/stories/technologynews/view/408503/1/.html for technology news about the Favorite Passwords used by the internet users.



It is always better to be wise during the selection of password as it is our responsibility to protect our identity and defend the internet security.


References:

June 25, 2009

Remove DANGER from personal and financial data

Personal data[1]

- All information about a loving, identifiable individual.
It includes the individual's name, address, age, gender, telephone number, identity number, financial status, occupation, personal identification numbers (PINs) and others.


Financial data

- Examples are bank account information, credit card information and others.


How to safeguard our personal and financial data?

1.
HAVE A STRONG ACCESS CONROL

  • In order to ensure a stronger security, users are advised to have a wiser password.
  • A combination of letters, numbers and symbols will increase the difficulty for the thief to figure out your password.
  • Active tokens and passive tokens also do a big favour in this matter.
  • Besides, the biometric system offers a more accurate authentication by recognising a person through physical trait, for example fingerprint, iris, facial and voice recognition.


2.
USING PUBLIC KEY INFRASTRUCTURE (PKI)

  • It is a cornerstone for secure e-payment.
  • Users should encrypt their private data to protect data in transit.
  • Public key encryption, Digital Signature and Certificate Authorities are examples of encryption.


3.
IMPROVE YOUR COMPUTER SECURITY

  • To reduce the risk of exposing to those internet threats and attacks, users are recommended to use some useful tools, such as the anti-virus software, spyware or setting up a strong firewall.
  • This can protect users' personal and financial data from the nefariousness.


4.
LOWER YOUR CREDIT CARD LIMIT

  • When purchasing online or using mail orders, it may be easy for other intended person to steal and use you credit card information.
  • By using a low limit credit card, you can be saved from paying huge amount of payment for others without knowing it.


5
. BE ALERT

  • Users are advised to check their monthly bills in order to discover any unusual transactions done using their credit cards.
  • Scanning computer regularly can detect the viruses or worms which have intruded into the computer.
  • Users should be careful when receiving anonymous's mails and do not simply open them.
  • Before giving out any sensitive data, users should verify the validity of any request for personal data independently.


Reference:

1. Safeguard Your Financial Life

June 24, 2009

Phishing: Examples & its prevention methods

As the usage and popularity of Internet increase, the security of Internet is also being threatened.

Many security issues have arisen recently as hackers are attempting to steal personal information from the users.

One of them is
phishing, which is a process of duplicating a genuine Web page in the attempt to obtain personal information such as username, password, bank account and credit card details.

This is normally done by sending a deceptive e-mail claiming to be from an established legal entity with a reasonable request, such as authenticating one’s personal information and account details.

When users click the hyperlink in that e-mail, they will be directed to a sham Web site asking for their personal information. ]

Once they enter their information, the information will be stolen.

Here is a simple example of how that works.



http://www.google.com.my

By looking at the link above, we will think that it will direct us to Google’s Web site.
However, when you click on it, you are directed to Hotmail's Web site.
This is done by editing the html coding.



Phishing e-mails usually claim to be from any bank, eBay, PayPal or credit card companies. The e-mails will either state that the user has won a huge amount of cash prize and needs to follow the steps to claim the prize, or that the user needs to verify their personal or account details to prevent their account from being closed or deleted.
The earliest recorded mention of phishing was on the alt.2600 hacker newsgroup in January 1996, even though the term may have appeared earlier in the printed hacker magazine 2600.


Below are some of the examples of phishing e-mails and Web sites:


Phishing eBay Web site



















Phishing eBay e-mail













Phishing PayPal Web site





















Phishing PayPal e-mail




Phishing Citibank Web site





















Phishing Citibank e-mail






















The number of phishing scams is increasing dramatically.
Therefore
, we need to take certain steps to avoid being a victim.
A simple phishing scam can be
revealed easily.


The followings are some ways to detect phishing scam:


I) Never click on the link provided in the e-mail

II) Look for misspelled words or grammatical errors

III) Not get panic by the content of the e-mail


A more detailed explanation can be found here.



As for a more sophisticated phishing scam, there are few ways to prevent phishing attacks.

1) Detect and block phishing Web sites in time

2) Enhance the security of the Web sites

3) Block phishing e-mails through different spam filters

4) Install online anti-phishing software

For more information on these four methods, please click here.




References:

Phishing - Wikipedia

Online detection and prevention of phishing attacks



June 23, 2009

Online Security Threat : How safe is our data?

Online security threat, is one of the issues that concerns many people. We must aware of the threats we are facing only then we can avoid from the trap.


Basically, cyber attacks include accidental actions, malicious attacks and online fraud.


ACCIDENTAL ACTIONS


This threat is avoidable because it arises from basic lack of knowledge about online security concepts and other such as poor password choices, accidental disclosure or outdated software. Other than that, misconfigured security products and information leakage resulting from insecure information transfer also contribute to the online security threats. Thus, education can help innocent online users from this threat.


MALICIOUS ATTACKS


These attacks specifically aim to harm targeted prey. For instance, computer virus, phishing, denial-of-service (DOS) attack, distributed denial-of-service (DdoS) attack, worm as well as trojan horse.


Computer virus


It is the most common form of malicious code which the program or a fragment of code replicates by attaching copies of itself to other programs. For example, the Melissa virus/worm which first spotted in March 1999 caused about $ 80 million in damage worldwide. This virus was embedded in WORD document and would be sent out as an attachment to the first fifty people in the e-mail. Besides, ‘ I LOVE YOU’ virus which was found on May 2000 also caused great impact in worldwide.


Phishing


Phishing is a social engineering attack that the electronic identity is misrepresented in an attempt to trick individuals into revealing credentials. This threat will be discussed in more detail in the later post.


Denial-of-service attacks (DOS) and Distributed denial-of –service (DDoS) attack


DOS involves one computer attacking another but they are growing into DDoS which attacks with the use of multiple computers in a highly organized form. A DDoS attacks by overwhelming the server with plenty of messages that seem normal. They will send a list of internet protocol (IP) addresses to the target machines which are under their control. When everything is ready, the attacker will give order to the machines to send data packets against the given IP using false identities. This process is called ‘sproofing’.


ONLINE FRAUD


Online fraud consists of identity theft and data theft.


Identity theft is basically about the attackers use a victim’s name to open an account using false identification. Then, the attacker will use the account to do what he plans to do. Besides, data theft is the manipulation of private data without the victim’s knowledge.


The example of online fraud is the Cisco Systems case in April 2001 which the two workers transfer stock share to their private portfolios.


Threats are everywhere. Be carefull and cautious.




Reference:

Major Online Security Threat