Thursday, June 25, 2009

A review on a post on Internet Security from My E-commerce blog


A password is a secret word that used by most users to prove their identity or access to the resource. In the modern, many area also required users to key in their users name and password to log into a process so that it can protect the computer processing system. There was no requirement that password must be actual words, indeed password which are not actual words are more difficult to guess by a hacker. According to the blog, there are some research done by the Information week stated that based on their analysis of 28000 passwords, 16% users likes to use their name include their spouse or children name while 14% likes to use some password which are easy and nice such as 1234 or 12345678. Lastly, there are small amount of users who will used the word "password" as their password.

Besides that, there was also some other password which will used by the users such as the English keyboard letters below the numeric keys. This password is easy to remember by the users and not so easy guess by others. Those popular TV show stars such as Pokemon, matrix, iron man also will be chosen as the users passwords. I love you or I hate you also quite popular to be used by users for their password.

Based on some computers expects opinion, an online users should not use the same password for everything because once the password has been figures it out, the hacker will do some malicious damages especially for online banking. So that, it is recommend to use a combination of letters and numbers that would be virtually impossible to guess such as a23ui9r but remember not to record it down as a document on the PC.

In conclusion, users need to be cautious when create their password to prevent some malicious damages. Some website which require user name and password from the user to enable log in will restricted the users to choose a password which is longer than 8 character. To be more safer, users can create a password with a capital letter or a symbol or a number.

Wednesday, June 24, 2009

How to safeguard our personal & financial data?

Do you know how to protect your data?

Is it save enough?

Do you need to protect your data like this??


For me, I only know the basic way to protect my data. Before i found out these researches, i wont realize that my way to protect data is outdated, because there is a lot of software that can easily hack into my data or computer.
Hacker is the “most professional people” that steal data without your knowledge. Thus,it is very dangerous for you and me, because we don’t know have strong knowledge in protecting our data. In order to prevent it, we need to start to protect our data now.




There are few ways to safeguard our data:


1) Set up password
--this is not the best way , as others can stil
l steal your data if your password can be guessed.
--Thus, we should avoid using password such as birthday, name and identity card number, this type of password is can be easily guessed by other people.
--Besides that, we should not use repeating word in
a password e.g. Betty.
--The length of the password is also very imp
ortant, at least 7 words long.
--Nowadays, when setting up the password there will be an identification bar of the strengtheners
of your password. Therefore, remember to set the password that is strong enough to avoid stealing of data.

2) Firewall
--a part of a computer system or network that is designed to block unauthorized access.
--are usually u
sed to prevent unauthorized users from accessing private networks, especially intranets. --All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that are unauthorized.
--It is suitab
le for both individual or organization use.
--There is a lot of firewall software that are available in the internet; you can download it for free.


3) Antivirus Software
--Computer virus is a computer program that can copy itself and infect a computer without the permission of the owner.
--Virus can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.
--Thus, in order to avoid virus hacking our computer, we need to install antivirus software. --The software must be very strong enough to “kill” the virus. Therefore, we need to upd
ate antivirus software everyday, so there will be strong protection for our data.





4) Log in, log out
--When you log in to some website, the website may keep your username and password. --This may be dangerous when you are using public device to log on to that website. Others may steal your data without your knowledge.
--So, after you log in to one website, you need to make sure tha
t you have clear the data. This will ensure that your data will not be hack by others or other people misuse your accounts.
--MOST IMPORTANT: when you sign in to one account, you need to ensure that you have sign out from that account, because some people will directly close the window and they think that the account will be automatically sign out. (Some website will automatically sign out your account but not all.) You need to make sure that you have signed out to the account and make a
double check by log in another time to that website.
-- Especially those financial website, eg www.maybank2u.com

Tuesday, June 23, 2009

Phishing

Phishing is an act to imitate legitimate in internet environment to lure people to share passwords or credit card numbers. Criminals usually targeted on online services for day-to-day activities which including banking, shopping and more. Normally, the purpose of phishing is to commit financial fraud.

Examples of phishing:
1. Maybank phishing
Phishing email is sent to lure the user to venture over the phishing website. The URL and page of the website look exactly right. The scammer might copy the Web page code from a major site and use that code to set up a fake Web page which will make the user look and feel are almost identical to the legitimate one. When the user clicked into the website, it is prompted to enter user online detail which is Maybank account username and password.

2. eBay phishing
User received an email from eBay member which claimed that there is a problem with payment to the Paypal account. When the user click to the respond button and directed to an eBay phishing website asking for the login information.

Prevention methods:

1. Education and awareness is important in prevention in order to train the user to recognize phishing attempts and deal with it.

2. Web browser toolbars is one of the methods to prevent phishing. For example, before submitting financial information through a website, look for the “lock” icon on the browser’s status bar to check whether the information is secured during transmission.

http://www.uscert.gov/reading_room/phishing_trends0511.pdf
http://en.wikipedia.org/wiki/Phishing

Monday, June 22, 2009

The threat of online security: How safe is our data?

How you lock your computer?
Like this? ~~~~~~~~~~~~~~~~~~>

Do you aware of computer viruses?

What kind of threats are there?



Nowadays, organizations are always facing cyber attacks from inside and outside of the organization, it is a huge number of cyber attacks happening day to day. According to Secure Works, the number of attempted hacks rose from 11,146 per health care client per day in the first half of 2007 to almost 20,630 per day in the second half of 2007 in January 2008. Besides organization, even individual computer users are facing the Internet threats and attacks. There are 2 categories of threats and attacks, nontechnical attack and technical attack.

Nontechnical attack:

It is where the attackers do some action that compromise the security of a network or use their intelligent and chicanery to trick people to get their personal information such as password, credit card numbers, and other sensitive information. One of the type of nontechnical is social engineering - which is the hacker uses the social pressures to trick computer users, such as cheating people for gain the financial transaction. Other than that, Phishing also is a type of the nontechnical attack. For further Phishing information, please click here.

Technical attack:

Denial-of-service (DoS) attack

DoS or distributed Dos attack is where the attacker uses particular software to send a flood of data packets to the victim (computer) in the purpose to make its resources unavailable to its intended user. There are various types DoS attack, the 5 basic types of DoS attack are consumption of computational resources, Disruption of configuration information, Disruption of state information, Disruption of physical network components, and obstructing the communication media between the intended users and the victim so that they can no longer communicate
adequately.

Spyware

It is also called adware, which is a software that is hiding in your computer for the purposes of gather your personal information and Internet use habits. After that, software then relays it to advertisers, marketing groups and others who use the information to target you with pop-up ads. It is similar to computer virus, it can cause the computer become slow down or hang up. Further more, it will also cause conflicts between different software program, add new toolbars in the Web browser, change the Web browser's homepage, slow down network speed, and etc. The examples of Spyware are CoolWebSearch, Internet Optimizer, Zango, HuntBar, Zlob Trojan and so on. For more detailed information, please click here.

Virus

Virus is a software code that replicates itself and infects another file, program, partition sector, boot sector, or a document with executable instructions (such as macros) by attaching itself or inserting itself into that medium. It needs its host program to be run in order to activate it, so it won't cause damage when the computer turned off. Majority viruses are just replicate and do little more, but there are some viruses that can cause a significant amount of damage. There are many type of viruses, such as Resident Viruses, Direct Action Viruses, Overwrite Viruses, Boot Virus, Macro Virus, Directory Virus, and etc.

Worm

A computer worm is a computer program that runs independently. It will send copies of itself to other computers through the network and without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or devour files on a targeted computer. It can damage the computer data even the computer is not running once the computer is infected. As compare with viruses, worm cause the damage more slowly.

Trojan Horse


It is a term used to describe malware - which is a program that appears to have a useful function but, in fact, it contains a hidden function that gain unauthorized access to the user's computer system. The name of 'Trojan Horse' is came from the story in Greek mythology. Trojan horses are not self-replicating which distinguishes them from viruses and worms. Additionally, they require interaction with a hacker to fulfill their purpose.

As we always say 'prevention is better than cure', instead of worry and cure the computer system after infected viruses, better prevent it by install anti-virus in the computer system and be more careful when access to the Internet and the time when received unauthorized email. From my experience, better not click on the pop-up from the Web site and ignore those email sent from unauthorized people. For getting a free anti-virus, visit http://free.avg.com/.


Referencing:
http://en.wikipedia.org/wiki/Main_Page
http://doit.missouri.edu/security/make-it-safe/spyware-phishing.html
http://www.yourdictionary.com/hacker/types-of-threats
http://ezinearticles.com/?Examples-Of-Spyware-And-What-They-Are&id=1054106
http://www.buzzle.com/articles/different-types-of-computer-viruses.html