A review on a post on internet security from My E-Commerce Blog

11:23 PM Anonymous

After reviewing the Internet Security Threats – Its Changing Faces (Part 2) from My E-Commerce blog, I try to figure out the information about the internet security threats and I found that many experts have predicted that rootkit malware will soon be thought of as equally troublesome as viruses and spyware. Rootkit malware will become more common and their sources will be more surprising.

A rootkit malware allows someone either legitimate or malicious to maintain command and control over a computer system. Rootkit malware can disrupt the computer systems without the computer system user knowing about it.

Mostly, rookit malware is used by attackers or spies to infiltrate and monitor the computer systems. Beside that, they will install rootkit malware by spreading with a malware threat such as virus.


Prevention Method:

  1. Don't accept files or open email file attachments from unknown sources
  2. Search and check the computer system memory
  3. Keep abreast of the latest antivirus and malware protection software from leading antivirus and security vendors
  4. Update your firewall protection
  5. If possible, harden the workstation or server against attack
  6. Choose the right rootkit detection tool
    • Eg: Sysinternals' RootkitRevealer, F-Secure BlackLight, Sophos Anti-Rootkit, and Rootkit Hook Analyzer.

Sysinternals' RootkitRevealer

F-Secure BlackLight


~For more information, please refer to following websites:

  • http://www.computerweekly.com/Articles/2007/07/03/224064/rootkit-and-malware-detection-and-removal-guide.htm
  • http://netsecurity.about.com/od/frequentlyaskedquestions/f/faq_rootkit.htm
    • Labels: 1 comments | edit post

    The application of 3rd party certification programme in Malaysia.

    10:08 PM Lee Chin Han

    Certification authority (CA) is an entity that issues digital certificates for used by other parties. CA is also called as 3rd party certification. The most famous application of third party certification programme in Malaysia is provided by the MSC
    Trustgate.com Sdn Bhd    .

    MSC Trustgate.com Sdn Bhd is one of the licensed of Certification Authority (CA) in Malaysia since 1999 under the Digital Signature Act 1997 (DSA). They offer complete security solutions and leading trust services that are needed by individuals, enterprises, government, and e-commerce services providers using digital certificates, encryption and decryption. The goal of Trustgate enables the organizations to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world.







    The application of 3rd party certification programmes includes SSL Certificate, Managed PKI, Personal ID, MyTRUST, MyKAD ID, SSL VPN, Managed Security Services, VerSign Certified Training, and Application Developmrnt in the Trustgate.


    Our MyKad is one of the 3rd party certification authorities. MyKad can be used to store critical medical information and digital certificate. There are some applications that Malaysians can utilize this new generation identity card.

    The applications of MyKad are included as follows:

    1. National Identity Card: MyKad will replace the traditional paper based laminated document to provide extra security and access future to future E-government application.

    2. Driving License: Any Malaysians will only need to have their MyKad instead of a separate driving license as identification document. It reduces the wastage of resources and increases the processing speed.

    3. Passport Information: MyKad does not replace passport for travelling oversea. However, it can help to increase efficiency at immigration check-points for exit and re-entry of Malaysians.

    4. Medical Information: Medical history will be stored in the chip of the smart card. It allows for immediate and accurate diagnosis of disease.

    By using a Certificate Authorities (CA), online users could perform secure transaction and communications through the internet. As a result, integrity and the authenticity of the information is preserved and protected from anyone.

    Other information sharing:

    Besides that, Digicert is a joint venture company between POS MALAYSIA Berhad and MMOS Berhad. It was incorporated in February 1998 to pursue its objective as a premier licensed Certification Authority (CA).

    It is in the center of an effective trust model that the government is creating to address the issue of information security such as digital signatures, encryption, and the infrastructures to support their use are becoming essential for further growth of E-business in Malaysia.

    Encryption

    Labels: 0 comments | edit post

    How to safeguard our personal and financial data?

    11:11 PM Anonymous
    Internet is a public network of nearly 50,000 networks connecting millions of computers throughout the world. Nowadays, computer and Internet are very common to everyone. We will rely on computers to save our personal data and also use online financial services to do financial transactions such as online banking. However, information transmitted over the Internet is more vulnerable and has a high degree of security risk than internal networks because they are opened to everyone. Therefore, it is important for the users to take adequate safeguards to protect their data from being stolen and misused.


    Here are a few approaches on how to safeguard our personal and financial data:



    Password protect

    Use a strong password to protect your access data. Do not use passwords that are easy for someone to guess such as your date of birth and your pet’s name. Never write your password down and never carry it in your wallet.



    Install antispyware and antivirus software

    Norton, Symantec and AVG antivirus are popular software used to protect personal and financial data against viruses that may steal or modify the data in your computer. You must make sure to update your antivirus software in order to have a well protection.




    Keeps credit cards to a minimum

    Use a credit card with a small limit when doing online purchases. It is very easy for a dishonest sales clerk to use your credit card information. If the card you use for these purchases has a low credit limit, at least the thieves would not be able to use up a lot of your money.





    Avoid using public computers for assessing financial information

    Do not use public computers to check your bank account balances. If you are using the public computers such as in Internet café or in the public library, remember to close the browser window. This is to prevent other users from reading your personal information and email.



    Avoid clicking on pop-up

    You are not encouraged to click on any pop-up advertisements or download any information from unknown sites. Do not open a link sent to you by an unknown party. Attachments can contain viruses and links may lead unsuspecting users to dummy sites where they are asked to input their financial information.


    Protect your Social Security number

    Please ensure that you do not print out your Social Security number on checks or in other highly visible places. Store your card in a safe place and avoid giving the number to others.




    Review credit card report frequently

    Always review your credit card report after having an online purchase. This is to ensure that the amount that you pay is accurate.



    ~ For more information, pease refer to following website:
    Labels: 1 comments | edit post

    Phishing: Examples and its prevention methods

    10:13 PM Anonymous

    Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by concealing as a trustworthy entity in an electronic communication.



    It is usually done by sending fake emails and redirecting unsuspecting users by using fake websites which the URL will use legitimate form like email address, logos and link of reputable business such as SunTrust, eBay, Citibank, Chapter One Bank, PayPal and IRS Tax Refund in the message.



    The examples of phishing scam are as follows:

    Ebay


    Trusted Bank


    Citibank

    The ways to prevent phishing scam:

    1. Check where the email comes from
      • Checking the sender of the email. If the email address is not the domain of a legitimate bank/service, then it is certainly a phishing scam

    2. Do not follow a “click here” link in the email
      • The email will contain the link which named as “Click here” or link which may re-enter to your user information. Please measure whether the link is meeting to the legitimate website or content before you click on it.

    3. Check contact information provided in the email
      • Double check the contact information by using your recorded contact information such as phone number, fax number and address of that company to the email.

    4. Check your personal information that provided in the email
      • You can check out the information that stated in the email by figuring out whether it suits your original information such as when you register for this website or account.

    5. Make sure a site's URL as listed in the browser is legitimate
      • Verify the legitimacy of a web address with the company directly.

    6. Avoid filling out forms in e-mail messages

    ~For more information, please refer to following websites:


  • http://www.privacyrights.org/ar/phishing.htm
  • http://antivirus.about.com/od/emailscams/ss/phishing_8.htm
  • http://chris.pirillo.com/top-five-ways-to-prevent-phishing
  • http://en.wikipedia.org/wiki/Phishing
    • Labels: 0 comments | edit post

    The Threat of Online Security: How Safe Is Our Data?

    8:11 PM Jian Zhong
    Virus…!!! It’s scary…!!! Online security issues always become the major concern of most of the computer users in protecting their data from losses. For me, I experienced once. My computer was attacked by virus one day before my assignment due date. Have you ever experienced it before???

    Online security threat is any danger software that can damage the computer system. It is obviously one of the biggest challenges on internet in today IT world. There are several potential threats to online security that can create possible attacks on personal computer. These threats are listed as below:


    (1) Computer Viruses:
    • A small computer program that copies itself & spreads it from one computer to another computer without the knowledge of the computer owner.

    • Such viruses can be infected easily through E-mail attachment, USB drive, CD, & floppy disks.




    (2) Torjan Horses:

    • A program that contains hidden function that carry security risk

    • Designed to allow hacker remote assessing to a target computer system

    • Deletion of files and keystroke logging can be caused by Trojan Horses




    (3) Denial of Service (DOS):

    • Attempt to make a computer resource unavailable to its intended users

    • DOS criminal will normally target sites or services hosted on high-profile web servers such as banks and credit card payment gateways




    (4) Phishing:
    • Acquired users’ personal & financial information such as credit card details through acting as a trustworthy entity in an electronic communication


    • Collect information through fake websites


    • Most likely carried out by instant messaging or Email



    (5) Worm:

    • A self-replicating computer program that sends copies of itself to other codes until it interrupts the operation of a computer network.


    • The transfer of computer worm can be done without any interventions of the computer users




    ~Effects of online security threats:

    • Confidential information might be loss or damaged
    • Computer & network can be harmed
    • Theft of intellectual property will be increased
    • More people will involve in cyber crime
    • Copyright material such as music and videos will be illegally used


    ~ Looming Online Security in 2008:

    Research shows that famous social networks such as Facebook & MySpace are most common targets for hackers to obtain users’ sensitive information. Hackers will turn their attention into these social network websites as majority of the internet users like to display their personal information on these websites.


    ~ Conclusion:

    From our point of view, we think that online security threats not only can destroy users’ data, but it also able to harm the users’ computer. As a result, safeguards such as backup procedures & firewall should be developed & updated in order to strengthen the defenses against the threats.


    ~ Video:

    Crazy Virus Can Harm Our Computer!!!


    ~ Related Website Links:

    Labels: 2 comments | edit post