Saturday, June 21, 2008

A review on a post on Internet Security from My E-Commerce blog


'Blinkered by the convenience and allure of free Internet?'

When I was reading the post about the unauthorized tapping into home WIFI (wireless technology) dated Feb 15, somehow it caught my attention regarding this issue that actually happened in Singapore. The post didn’t have details on the issue so I have done a little bit of research on the net myself^^. And here are the details:


According to The Straits Times, 17 year-old polytechnic students, Garyl Tan Jia Luo is to be charged with piggybacking someone’s wireless internet connection using his own laptop. The court says if convicted, Tan faces up to 3 years in jail and fines of up to $10000 under Section 6(1)(a) of the Computer Misuse Act and Tan was released on $6,000 bail and is scheduled to appear at the Subordinate Courts.


Piggybacking on others wireless internet connection is a crime?? Wow, sorry for my ignorance that I do not know by simply connecting to the unsecured network will bear the possibility of paying such a high price. Honestly I have done that a couple of times before but now not anymore since I already have my own wireless connection at home. What’s the point of ‘stealing’ other people’s internet networks since I can enjoy a more secured and stable connection? (you get the point here ya, hehe). In the online world, there are special terms for tapping into unauthorized home WIFI, like 'wardriving' and 'Wi-Fi mooching'.


Well nowadays, piggybacking is a very common thing that happens around us and since just anyone can have access to the unsecured networks and hop online with just a few clicks, there is no false that everybody will assume that since it is there, it is okay to use it. To me, it is FOC and convenient, so it explains well why I did that before ><. Now that I know it is illegal to do so, surely I do not want to have policeman knocking on my door steps right away, do I?


Since that it is easy to tap into unauthorized home WIFI, the wrong doers may just do something illegal like defaming someone or downloading pirated MP3s, and they don't want the activities traced back to their own network. In fact, it is not easy for the WIFI owner to detect if there any moochers tapping into their network. But when someone is using your network, you can feel the connection speed will slow down. Therefore, software tools are available for download that can track who is using a network and what they are doing on it.

While the case is the first of its kind in Singapore, there have been at least two similar arrests and convictions in the United States. In some countries like Holland, WIFI network owners can even be held liable by the courts for crimes committed on their unprotected networks. In my opinion, WIFI owners should be smarter and cautious about their own networks. It is their responsibility to safeguard their WIFI networks to avoid serious offence. Garyl shouldn’t be so heavily punish since the owner itself didn’t secured its own network and it is not wrong if someone just access into it.


The simplest way of preventing moochers is to set up your own password on the internet connection.I wonder, is Malaysia enforcing the law yet? Since mooching is the virtual equivalent of trespassing. It should be enforced as soon as possible as cyber crime is gradually increasing in Malaysia as well.


If you are interested of how to secure your wireless network, please visit the following link:
http://www.dailywireless.com/features/secure-wireless-lan-021507/

Friday, June 20, 2008

How safe is our data?

In this modern era, the internet has been one of the easiest tool to share data. with online, all people will be able to find their solution, find their answer, find what they are looking for, and it's all just a click away by online. but still, the question is how safe is our data from being misused by the unauthorized party??

There are few types of security threat in the internet.




1.The most common internet threat is online fraud. Online fraud occurs when someone poses as a legitimate company to obtain a personal data and use the data to conduct transaction witout your consent.

2.The other internet date threat will be worms or other viruses which will create a new date or erase all the important data, duplicated itself, and attached itself into the information to be sent out to the other party by the internet.


3.Attack of Web application which are severe, easy to exploit is one of the threats which we are facing as well.




The number of websites hosting keylogging crimewaresystems rose by over 1,100, reaching 3,362, the second highest number recorded in the preceding 12 months.Websense Security Labs believes much of this increase isdue to attackersincreasing ability to co-opt sitesto spread crimeware using automated tools.


We as the user of the data and the internet should know how to protect ourself from the internet threat. there are a few precaution which we as internet user should do.

1.Protect your passwords
2.Install a personal firewall
3.Install, run, and keep anti-virus software updated
4.Keep your computer operating system up to date
5.Be wary of suspicious emails, phone calls, and mails.

In the end, We can't deny that internet threat has increasing dramatically over the time. but still we as a user can prevent all of the internet threat n keep our data safe with enough precaution and to be careful with the tools itself : the internet.

How to Safeguard Our Personal and Financial Data…..


Nowadays, many people are facing the problem on an attack on their personal, financial and privacy data. Shielding your private financial information with no risk of a breakdown may be impossible in these days. But it’s critical to understand how your privacy can be compromised and the consequences of such a breach. There is no 100% protection that can guarantee that you will never fall victims to some form of identity theft. But there are some steps that we can take to protect our personal and financial date from being collapsed.

First and foremost, you must remember to destroy all your privacy records and statements. For example, you should tear up or if you prefer to shred all your credit card statements, solicitations and any other documents that contain privacy financial statements. Besides that, we should secure our mail. We should empty our mailbox immediately, lock it or get a P.O. Box so that the criminals don’t have a chance to snatch credit card pitches. We should never mail any outgoing bill payment from our home because all this documents may get stolen from your mailbox and the payee’s name erased with solvents. On top of that, we should safeguard our Social Security number. Never carry our card with us or any other card that may have our number like a health insurance card. And also remember don’t put our number on the checks because it is the primary target for the identity thieves as it gives them access to our credit report and bank accounts.

Besides that, we can have the ways to safeguard our online financial assets. We can install a firewall. A firewall is a software program designed to allow good people in and keep bad people out. Most new computers come with firewalls integrated into their operating systems. Those who have a DSL or cable modem have an added layer of protection because these modems come with yet another firewall built in. If you have an older computer or use dial up, you may need to buy a firewall separately and install it yourself.
Installing and updating antispyware and antivirus programs can also preventing the financial data breakdown. Microsoft and numerous application vendors offer users regular updates to existing antispyware programs, so be on the lookout. As for antivirus protection, Symantec and Norton antivirus are popular choices. If you're looking to cut costs, Consumer Reports says Alwil Avast offers the best free virus protection available. We should also avoid from accessing financial information in public. Resist logging on to check your bank balance when working from a coffee shop that offers wireless access. These systems are convenient, but also unknown.

Thursday, June 19, 2008

The application of 3rd party certification programme in Malaysia

The Application of 3rd party certification programme in Malaysia







The application of 3rd party certification programme, such as Secure Socket Layer (SSL), is standard for e-commerce transaction security. SSL is all about encryption. SSL encrypts data, like credit cards numbers (as well other personally identifiable information), which prevents the "bad guys" from stealing your information for malicious intent. The link between a web server and a web browser gives an opportunity to observe whether all data passed between the server and browser is private and safe. You know that you're on an SSL protected page when the address begins with "https" and there is a padlock icon at the bottom of the page.

SSL Certificates own the following benefits:

  • Guarantee that the customers have a legal web site, and, moreover, those clients’ online businesses are the true certified businesses. Secure Sockets Layer Certificates encrypt data transferred between a customers’ browser
  • Internet business in order to assist when it comes to preventing theft of valuable information including passwords, credit card numbers and account numbers.
  • Help your business get better and more advanced.

www.verisign.com/ssl/ssl-information-center/how-ssl-security-works/index.htm

~Phishing~

Phishing isn't really new -- it's a type of scam that has been around for years and in fact predates computers. Malicious crackers did it over the phone for years and called it social engineering. What is new is its contemporary delivery vehicle -- spam and faked Web pages.

Phishing (sometimes called carding or brand spoofing) uses e-mail messages that purport to come from legitimate businesses that one might have dealings with -- banks such as Citibank; online organizations such as eBay and PayPal; Internet service providers such as AOL, MSN, Yahoo and EarthLink; online retailers such as Best Buy; and insurance agencies. The messages may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages.
Here's an example of how phishing works. On Nov. 17, 2003, many eBay Inc. customers received e-mail notifications that their accounts had been compromised and were being restricted. In the message was a hyperlink to what appeared to be an eBay Web page where they could re-register. The top of the page looked just like eBay's home page and incorporated all the eBay internal links. To re-register, the customers were told, they had to provide credit card data, ATM personal identification numbers, Social Security number, date of birth and their mother's maiden name. The problem was, eBay hadn't sent the original e-mail, and the Web page didn't belong to eBay -- it was a prime example of phishing.



  • Be suspicious of any email with urgent requests for personal financial information
  • Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle
  • Avoid filling out forms in email messages that ask for personal financial information
  • Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
  • Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too.
  • Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
  • Regularly log into your online accounts ~don't leave it for as long as a month before you check each account
  • Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
  • Ensure that your browser is up to date and security patches applied