Web-based services, such as social networks MySpace and Facebook, are becoming major targets for hackers to seeking your personal information. Due to our personal information have display many on social networking web sites and office workers upload more sensitive data to online software programs, the hackers have this opportunity to steal our data.
I have been read news from online that there is a case, the names and contact information for tens of thousands of customers of two were stolen from a web sites called Salesforce.com, which provides online customer management software for those two companies. The incident occurred after a hacker tricked a Salesforce employee into disclosing a password. The attack on consumer sites is getting more unsecured on our privacy.
It may be harder to prevent attacks that exploit the Web-based lists of friends and business contacts that users save in widely used services and social networks. Now there are new hacking strategies that the users are unable to detect them and also approach to maximize damage without being caught. These include division of labor by hacking expertise and wider use of black-market sites to hire programmers and purchase professional malware-writing tools.
For consumers, it is not just their profiles on social networks that can be mined for personal information. Smartphones and e-mail applications that are store more valuable data, could present tempting targets. In the corporate world, criminals are hunting for more of the valuable information stored on companies' servers. For example, hackers access to credit- and debit-card of the retailer's customer according to court documents filed by Visa and MasterCard.
Therefore, do not give away any valuable or sensitive personal information on social network or within messages to other members of the network. And do not click on any links in social network messages from people you did not know. Actually there is no reputable company will ask for your password, account number, or other log-in information via e-mail or instant message. Thus, any situation like this, you should be aware.
Saturday, June 21, 2008
The threat of online security
Phishing - Examples and its prevention methods
Phish is an Internet scam designed to cheat the recipient into revealing credit card, passwords, social security numbers and other personal information to someone who intend to use them for fraudulent purposes. For instance, the investors may submit their personal information to the phish website because it has the power influence the investors’ thinking that they are buying something from a real business. The criminals then use the personal information for their own purposes, or sell the information to other criminal parties.
The example of the phishing case is Paypal that is a spelling 
mistakes in the email and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues that this is a phishing attempt. Another giveaway is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy.
The damage caused by phishing ranges from denial of access to email to substantial financial loss. This style of identity theft is becoming more popular, because of the readiness with which unsuspecting people often disclose their personal information to phishers, including credit card numbers, social security numbers, and mothers' maiden names. There are also fears that identity thieves can add such information to the knowledge they gain simply by accessing public records. Once this information is acquired, the phishers may use a person's details to create fake accounts in a victim's name. They can then spoil the victims' credit, or even refuse the victims access to their own accounts.
There have some prevention for the phishing cases:
• Prevents an attack before it happens with Early Warning System® and tools for uncovering fraudsters while they’re still in the planning stages of an attack
• Detects attacks in progress by monitoring and analyzing the industry’s widest range of intelligence sources, customer reports, and more
• Moderate loss and risk with quick effective response using a network of strategic alliances with the broadest worldwide coverage
• Arms enterprises with critical intelligence for ongoing, proactive defense, with a web portal for daily monitoring, weekly reports on industry-wide phishing activity, and details on specific attacks for customer analysis
Friday, June 20, 2008
the application of 3rd party certification programme in malaysia
Verisign is the leading Secure Sockets Layer (SSL) certificates authority enabling secure e-commerce, communications, and interactions for Web sites, intranets, and extranets. SSL technology protects Web site and makes it easy for the Web site visitors to trust in three essential ways:
1. Enables encryption of sensitive information during online transactions.
2. Contains unique, authenticated information about the certificate owner.
3. Enables encryption of Each SSL Certificate contains unique, authenticated information about the certificate owner.
An SSL Certificate establishes a private communication channel enabling encryption of the data during transmission. Encryption scrambles the data, essentially creating an envelope for message privacy. An encryption method is established with a unique session key and secure transmission can begin. True 128-bit SSL Certificates enable every site visitor to experience the strongest SSL encryption available to them
.
When the SSL handshake occurs, the browser requires authentication information from the server. By clicking the closed padlock in the browser window , the Web site visitor sees the authenticated organization name. In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns green when an Extended Validation SSL Certificate is detected. If the information does not match, the browser displays an error message or warning.
VeriSign Extended Validation (EV) SSL Certificates meet the highest standard in the Internet security industry for Web site authentication. EV SSL Certificates give high-security Web browsers information to clearly display a Web site’s organizational identity. The high-security Web browser’s address bar turns green and reveals the name of the organization that owns the SSL Certificate and the SSL Certificate Authority that issued it.
Today and every day, verisign infrastructure services enable and protect number of transactions over the world, and helping to drive dramatic information in the way people work, play and live.
Case of Phishing
Phishing is the process of attempting to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details. It is typically carried out by e-mail or instant messaging and often directs users to enter details at a website. Here has a case of phishing in people’s account and this was happened in India.
Many people will also use the internet for their banking needs. A guy has been checked his account by online but his amount in account was suddenly different after few days his had checked and no sign where the money had gone. It was later revealed that this guy had been a victim of phishing attack on ICICI Bank and the money had been transferred to another person.
He had given his password and name online by replying to an email sent by the hackers. The hackers then logged into the victim’s account and put in their mobile number instead of his. So that, when they did make the transfer, the message alerting the victim of the transfer would go out to their mobile and not his. Once the password and user name are with the phisher, it's only a matter of a few minutes before your money is transferred from your account to the phishers.
Due to most of the banks in India do not have an emergency response team for phishers and they don't respond as fast as an American or European bank. Thus, phishers are targeting to Indian banks because they get more user names and passwords than any other banks.
In order to keep your money safe and to protect yourself from such attacks, we should:
-Be on the alert when a banking e-mail uses dramatic information to get you to react immediately.
-Be ware of e-mails from shopping websites offering free goods. It might be a scam to get your banking details.
-Avoid filling up any forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website.
-Do not use the links in an email to get to any web page, if you suspect the message might not be reliable.
-Finally, clicking on phishing sites may install a spying device on your computer. Downloading an anti-spyware programme will help.
Therefore, be aware of phishing that can attack you. God bless you.
How to safeguard our personal and financial data
In this new and high technology era, internet users increase day by day so as the internet hackers and virus can be committed through computer or internet. Therefore, we need to install the security system on computer thus to protect our personal and financial data would not attached by third party. There are several ways to safeguard our personal and financial data:
Resists open unknown attachments
Never open an attachment or click on a link sent to you by an unknown party. Attachments can contain viruses and links can lead unsuspecting users to dummy sites where they are asked to input financial information.
Do not use the same password for every thing on the Internet
Yes, we all hate passwords, but hackers love people who don’t use passwords. Create passwords that combine 6-8 numbers and letters, upper and lower case and just throwing in a number or symbol at the end will make it hundreds of times hard for a person to crack your password.
Connect to secure wireless networks
If you have a home wireless network, secure it quickly! Connecting to non-secure wireless networks is asking for trouble. Therefore, resist logging on the online banking to check your bank balance when working from insecure hotel wireless networks.
Make sure anti-virus and anti-spyware are installed and up-to-date
This, of course, should be obvious. But most people usually stop there and don’t install any anti-spyware programs. That is a big mistake! As for anti-virus protection, Symantec and Norton antivirus are popular choices.
Lock your computer at home and at the office
This is another one of those tips that most people do not think about, especially at your office. If you leave for lunch and your computer is just on without a password-protected screen saver, what will stop other people to steal your data? It may not seem likely, but it can very well happen and it’s better to put a password on your screen saver.
Remember, don’t be afraid of the Internet, it’s a great way to make your life easier and can be a safe place as long as you follow some simple common sense rules. Even if you never use a computer, your identity can still be stolen from the paper that your throw out in your trash!
Wednesday, June 18, 2008
Phishing
A phishing technique was described in detail as early as 1987, while the first recorded use of the term "phishing" was made in 1996. Phishing is the process of attempting to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by hidden as a trustworthy entity in an electronic communication. Malware and pharming are the common tools which use for steal information.
Phishing is an e-mail fraud method in which the phisher sends out legitimate-looking email in an attempt to gather personal and financial information from recipients.
The damage caused by phishing ranges from denial of access to e-mail to substantial financial loss. This style of identity theft is becoming popular, because of the readiness with which unsuspecting people often disclose personal information to phishers, including credit card numbers. Once this information is acquired, the phishers can use the victim’s details to create a fake account to debt, use their credit to buy valuable goods.
Since phishing is based on simulate, preventing it depends on some reliable way to determine a website's real identity. People can take steps to avoid phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be "verified”, it is a sensible precaution to contact the company to check whether the e-mail is legitimate.
The legitimate e-mail messages from companies to their customers contain an item of information that is not readily available to phishers. Some companies, for example PayPal, always address their customers by their username in e-mails, so if an e-mail addresses the recipient in a generic fashion ("Dear PayPal customer") it is likely to be an attempt at phishing or E-mails from banks and credit card companies often include partial account numbers.
Preventions method
· There are provided a phishing-prevention method capable of preventing phishing-related accidents from which an Internet user suffers and storage medium storing a computer program source for executing the method
· People can be trained to have their suspicion aroused if the message does not contain any specific personal information. However, used personalized information, which makes it unsafe to assume that the presence of personal information alone guarantees that a message is legitimate. .
· When a user attempts an access to a specific website through an e-mail and a web browser or inputs his/her own personal information directly in e-mail or the like to transmit the related information to outside, the website to be accessed of a specific server is analyzed in order to warn the user in advance so that the user can select whether to actually access thereto, prior to accessing to the website, if it is in danger.
· When the user attempts an access to a website similar to a famous or known website address, the method of the present invention warns the user of a possibility that will be a phishing website so that the user can select whether to actually access thereto.
· When the user makes use of the function of inputting personal information directly in e-mail to transmit the related information directly to a specific server, the method of the present invention transfers a warning therefore to the user so that the user can select whether to actually transmit the related information.
In making all the warnings and the user's selections, familiar and easily-expressed information associated with the website is provided to the user for correct judgment.
