Friday, June 20, 2008

The threat of online security: How safe is our data?


The advance technological is improving and changing in our world. Many things can be done through internet, such as search information, download, online banking and chat with friend. So, computer becomes part of their life of students, even or workers. Besides, computer became the best place to store information and data. However, it also raises the issue that hacker who create virus or tools to hack into computer in order to get our confidential data. Those hackers normally spread the viruses through e-mail attachment and normally those viruses are being hid by hacker inside the documents.

Another virus can be generally categorized into Trojan horse, virus, worm, spyware and etc. Those viruses can attack our computer through the internet easily. The remote attacker can enter the computer undetected, when the user is online, to access or destroy any information stored. Alternatively, the Trojan can be programmed to automatically send any information on our PCs back to the attacker. This could include,

  • Client or customer information or other business data
  • Credit card details
  • Passwords for access to your online bank, ISP or web services
  • Information you would rather remain hidden
  • Email addresses, which may be used for spamming
  • Children's names, photographs, ages or other personal details held on the computer
  • Distributed Denial of Service (DDOS) attack on other computers via the victim's computer

Among those viruses, virus or worm can,

  • Disable the computer
  • Add, modify or delete files or reformat the hard disk
  • Steal addresses held in our computer to send on virus-infected emails to our friends, colleagues, clients or customers
  • Send unsolicited bulk email (spam) to those in our mail address books and other users.

Having read through the computer Internet security risks, you'll now know some of the many dangers you're facing as soon as you go online. Our personal information and data remains as secure as possible.

How to safeguard our personal and financial data?

We live in an increasingly online world. Many transactions can be done through internet, such as online banking, booking, buying, auction and etc. However, it raise the issues that hacker who to hack into computer in order to theft those confidential data. So, keeping our personal and financial data as secure as possible. In the following, some guidelines learn to keep our private personal and financial data safe online.
1. Choose your PIN wisely
. While we want to choose something we’ll remember, we don’t want it to be something that a clever thief could figure out just by learning our birth date or your child’s name. A combination of uppercase and lowercase letters, numbers, and symbols will offer us more security.
2. Secure network
. If we have a wireless network at home or workplace, make sure that it is secure. A hacker can gain access to anything you do over an unsecured network in a matter of seconds. If we look at the documentation for wireless router, we’ll be able to find out how to lock router and encrypt our information. It won’t affect the way we use wireless network, but it will keep intruders from getting a hold of info.
3. Don’t reuse passwords
. As tempting as it may be to reuse passwords, it’s a really good practice to use a different password for every account we access online. This way, if someone does find out what our password is for one credit card, they won’t also be able to access our checking, brokerage and email accounts. It may take a little more organization to use different passwords for each site, but it can help marginalize the effects of unauthorized access to your accounts.
4. Don’t put private information on public computers
. If we’re away from home, make sure not to save private information onto a computer used by the public. If we’re accessing a private account at the library or cyber cafĂ©, make sure to log out completely from our accounts, and never choose to save login information (like username or password) on these computer.
5. Protect computer’s security. Use as many tools as you can to guard our computer information from the nefarious. Failing to protect our computer is just as bad as leaving your door unlocked, your windows wide open, and a sign on the mat, saying, “Burglars, come on in.”

Thursday, June 19, 2008

Review of 'Internet Security' from My E-Commerce blog

I have chosen to review the post on :
Firstly, I'd like to say that this post is very brief, and direct to the point. However, it is merely summarising the actual news story as it happened in Singapore. It did not give the whole article reported in newspapers. Secondly, although the source was referenced, it was not adequately referenced. Here are some websites that I have found, containing the news excerpt, and other reated stories:

  1. http://www.itconsulting.com/news/singapore-misuse-crime-011707/
  2. http://newsinfo.inquirer.net/breakingnews/infotech/view_article.php?article_id=31954
  3. http://www.theage.com.au/news/Technology/Report-Singapore-teen-faces-3-years-jail-for-tapping-intoanothers-wireless-Internet/2006/11/11/1162661936948.html
  4. http://www.zdnetasia.com/news/security/0,39044215,61982282,00.htm
  5. This is a related post, which contains other examples of such cases:
  • Here is a YouTube video regarding the above news story:


*Please view from 1:38-1:59


Next, the term 'Computer Misuse Act' was not clearly defined although it was stated in the article. Here are some references regarding the definition of 'Computer Misuse Act':

  1. http://www.thinkcentre.org/article.cfm?ArticleID=2229
Here is a video from YouTube regarding the Computer Misuse Act:



The question posed at the end of the post is very intellectual in nature, and helps us think from various perspectives: legal, political, social (a minor was convicted). Although the question was a very good one (Who's responsibility to secure the home WIFI systems? Owner or Service Provider?), yet there were no suggestions on the part of the blogger concerned. It was 'left hanging' so to speak. Therefore, I would like to attempt to answer the question posed. In my opinion, HOME WiFi systems are the responsibility of the home owner. The Service Provider cannot, and should not be held responsible for breach of Wireless Network setup by a home user.
As a Wireless Internet consumer myself, I have noticed that harware manufacturers today, such as Aztech & Linksys, and many others, have made it simple enough for any home user to setup his or her 'Security Enabled' Wireless Network with very few & simple steps.

Linksys WRT54G - One of the most famous & Award-winning Wireless Routers

Some problems/issues that could be faced as to the innocence of one convicted under the Computer Misuse Act are such as a Wireless Network from others which is not security-enabled can be automatically accessed, unknowingly by a person who has his own Wireless Modem, thinking they are using their own line. They could be convicted, not knowing what they have done!

-Joel Vergis-

Wednesday, June 18, 2008

Phishing - Examples and its prevention methods

Phishing is defined as a criminal or fraudulent action which through e-mail, instant message, link manipulation, filters evasion, website forgery or phone phishing. The purpose of “phisher” is to steal others' usernames, password, and credit card details.


Examples,

The example of phishing e-mail shown as above is targeting Paypal users. The spelling mistakes in the e-mail and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues to prove that is a phishing attempt. The e-mail above lack of personal greeting, other signs that the message is a fraud are misspellings of simple words and the threat of consequences such as account suspension if the recipient fails to comply with the message’s requests.



Some phisher show official-looking logos from real organizations or identifying information taken from legitimate website in their pop-up windows. The example above show a deceptive URL addresses that links to a scam website. It could be a phony scam site or pop-up window that looks like the official site. Once you are at one of these “spoofed” websites, you might unveil your personal information accidentally.

Some phrases like “Verify your account”, “If you don’t respond within 48 hours, your account will be closed”, “Dear Valued Customer” and “Click the link below to gain access to you account” might trigger you to send your personal information to the con artists.


There are some methods to prevent phishing (anti-phishing):
1)
Be suspicious of any e-mail with urgent requests for personal financial information.

Phishers always will show some upsetting phrases to make victims react immediately in order to acquire their information. Beware of any suspicious e-mail unless the email is digitally signed.

2) Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle.

3) Avoid filling out forms in e-mail messages that ask for personal financial information.

4) Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser.

The yellow lock near the bottom of the screen usually is considered as another indicator that you are on a 'safe' site. It will display the security certificate for the site when double-clicked it. Don’t continue if the displayed does not match the certificate.

5) Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like "http://www.gotyouscammed.com/paypal/login.htm?" Be aware of where you are going.

6) Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.

For examples, Internet Explorer version 7 and EarthLink ScamBlocker.

7) Regularly log into your online accounts.

8) Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.

9) Ensure that your browser is up to date and security patches applied.

10) Always report "phishing" or “spoofed” e-mails to the following groups: