Saturday, February 7, 2009

Phishing: Examples and its prevention methods



Phishing – an internet scam. Is an e-mail fraud where the perpetrator will send out a legitimate-looking e-mail to gather personal and financial information such as pass word or credit-card numbers from well known and trustworthy web sites. Web sites that are frequently spoofed by phishers include eBay, MSN, Yahoo, PayPal where people were directed to Web pages that looked nearly identical to the companies’ sites.

The examples of ‘Phishing’ happened in 2003 where many people received email supposedly from eBay claiming that the user’s account was about to be suspended unless they clicked on the provided link and updates their credit information. The scammers use mass-mailing methods and many of the recipients did not even have an eBay account.

Another type of trick that is used to take you to a page that uses JavaScript to generate a pop-up form and then redirect you to the actual bank site.


Steps to protect your personal date online by avoiding the internet scam:

When receiving any unexpected e-mail saying that your account will be shut down unless you confirm your billing information, do not try or click any of the links in the e-mail body.
Contact the legitimate vendors or merchant right away for clarification of such e-mail.
Never divulge information, such as password and credit card, social security, and bank account numbers, to anyone making contact with you. Only give such information when you initiate a service call, and only do so with trusted sources.
Use anti-virus software or firewalls on every computer that you use.
Do stay up to date with current scams and always report suspicious activity.

The application of pre-paid cash card for consumers.

...

Friday, February 6, 2009

The application of 3rd party certification programme in Malaysia

Important of Third-Party Certify
The basic values of a third-party certification are to provide a measure of conformity, satisfy customer demands and limit supplier risks without the expense of repeating tests. Importantly, the assessment is carried out by an independent, third party organization that is qualified and licensed to issue certification when the assessment is successfully completed. For example:

MSC Trustgate.com Sdn. Bhd

Sigmaview Capital Sdn. Bhd owner of MSC Trustgate Malaysia's premier provider of Internet trust solutions and Valimo Wireless. MSC Trustgate is the qualified CA (Certification Authority) for Malaysia and has started to expand its service offering to other Asian countries.
MSC Trustgate.com was established in 1999 as a licensed Certification Authority (CA) in Malaysia under the Digital Signature Act 1997. Its provide security solutions and trusted services to help companies build a secure network and application infrastructure for the electronic transactions and communications over the network. The commitment in delivering high quality services has brought to recognitions with the enterprises, government, and many leading e-commerce sites, both locally and internationally.

MSC is a subsidiary of Multimedia Development Corporation, it aim at catalyzing the growth of e-commerce by creating a trusted e-environment that helps businesses to expand in the new economy. MSC are also an affiliate of VeriSign in the South East Asia region and a member of VeriSign Trust Network. This affiliation affords customers to enjoy a globally recognized service that is compatible with the existing technological requirements.

MyKey is the MSC Trustgate.com Sdn. Bhd.'s Digital Certificate which is loaded into MyKad. It is governed by Malaysia Digital Signature Act 1997 and is accepted by the courts of law in Malaysia. Benefit of MyKey : Proven technology that has been deployed in 4500 corporations and government organizations, as well as 366,000 e-commerce websites worldwide, highest protection for your data and transaction online, accurate, secure and legally recognized, reliance limit for fraud protection coverage of up to RM25,000*

VeriSign

VeriSign, Inc. (Nasdaq: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, SSL, identity and authentication, and domain name services allow companies and consumers all over the world to engage in trusted communications and commerce.

VeriSign® Identity Protection (VIP) services help your consumers conveniently and securely log-in to their accounts to use your online services. Two-factor authentication, self-learning fraud detection, and a powerful validation infrastructure helps provide a secure end-to-end solution at a reasonable cost from the most recognized trust brand on the Internet.

VIP Authentication Services support second-factor authentication for a range of OATH-compliant credential form factors. Choose from credit-card sized credentials, tokens, even mobile phone credentials to provide the most convenient, cost-effective option for your consumers.

Enterprises benefit consumers conveniently use one credential to log-in to multiple web sites, will have the added protection of second-factor authentication. The VeriSign® Fraud Intelligence Network provides early warning of attacks and comprehensive watchlists to block potential fraud sources.

VIP Fraud Detection Services utilizes a rules engine and a behavior engine to detect anomalies and automatically respond according to your intervention settings.

VeriSign operates the Internet infrastructure that has supported the .com and .net top-level domain names with 100% availability since 1998, and SSL Certificates secure more than 900,000 Web servers world wide. Fortune 500 companies such as eBay, PayPal, and Charles Schwab trust VeriSign and display the VIP logo.

SSL certificates, wildcard certificates, Verisign certificates, InstantSSL certificates, and a host of other digital SSL certificates. 256 bit encryption is provided from most SSL certificate vendors so user can enjoy a secure ecommerce and network security environment.

REFERENCES :

http://www.msctrustgate.com/

http://www.mykey.com.my/Website/home.php

http://www.verisign.com/

http://www.trademal.com/global/index.php/id/17463/target/about/MSC_Trustgate_com_Sdn_Bhd/index.html


Tuesday, February 3, 2009

The threat of online security: How safe is our data?



As technology grows and changes, internet already becomes one of the daily uses in our society as it given convenience to all the users to make their transaction by online. Besides that, people also use internet to communicate with each other and get more services by online. Therefore, it is important to the users to aware with the threat of online to protect them become one of the victims.

Internet security is one of the main concerns by all the users as they hope to get protection for their piracy. Is this ultimately a good thing if it keeps our information safer? Can we even trust those who have our personal data? It is not as the technology frequently grows and changes in the world today. The personal information could be targeted by thieves and hackers if we didn’t prevent it.

There are some threat of the online security such as viruses, worms, Trojan horse, back doors or trap doors, denial of services ( DOS ) and logic bombs. A virus is a program that attaches itself to other program like I love you virus which had cause $8.75 billion loss in the world. Worms is programs that copy themselves until it interrupts the operation of network or computer system while the Trojan horse is a program that appears to be useful but actually mask destructive program. For an example of Trojan horse is Trojan Xombe where it is a hackers access to computer and steal passwords. Besides that, Back doors or trap doors are typically a password which known only to the attacker, that allows access to the system without having to go through any security. For an example, DOS had caused 3 hours slow performance on e-commerce in feb 6 while logic bombs designed to activate and perform a destructive action at a certain time.

Therefore, it is important for the users to protect their own computer. There are some steps can be taken to protect your computer. First, make sure the firewall is turn on where it can helps to protect your computer from hackers who might try to access in. Secondly, always make sure the computer operating system up-to-date. Others than that, users must use updated antivirus software and antispyware technology to help to prevent it from destroy by others.

In conclusion, it is important to the users to take the prevention and awareness before it cause damage to their computer.

REFERENCES :-
http://www.microsoft.com/protect/computer/default.mspx
http://www.microsoft.com/protect/yourself/mobile/publicpc.mspx
Let check it out the link to show you how to protect the privacy of your personal information online

Monday, February 2, 2009

How to safeguard our personal and financial data??

It is unclear just how big the problem of identity theft is although studies by the financial industry shows that the crime strikes million of us consumers when they are using the internet. In today's world, most people rely on Internet to create, store and manage information. Information transmitted over the Internet is more vulnerable and risky because hackers have the ability to intercept and use that information, such as e-banking user name and password to falsely do transactions. Therefore, it is important that users take measure to protect their data from loss, damage and misuse.

Below will be some suggestion ways for you to safeguard your data:
1. Shred financial information.
To avoid identity theft via dumpster diving, shred important financial information before placing it in the trash or recycling bin. Using a cross cut shredder prevents thieves from piecing together your information. Shred such information as credit card receipts, credit card offers, bank statements, paycheck stubs, tax information, or anything that may carry tour social security numbers.
2. Use a credit card with a small limit
It's all too easy for a dishonest sales clerk to use your credit card information. If the card you use for these purchases has a low credit limit, at least thieves won't be able to rack up many bills before hitting a wall.

2. Install and update antispyware and antivirus programs
Set the virus checker to an auto update mode so that you don't have to worry about staying current. In addition to automatic virus checking, load an anti-spyware program on your computer. Spyware protection software helps you to completely clean your computer of invasive threats.
4. Review your monthly statements
Not only will reviewing your monthly statements alert you to possible fraudulent charges, you may also find legitimate charges for services that are either redundant or no longer necessary.
5. Choose your username and PIN wisely
While you want to choose something you'll remember, you don't want it to be something that a clever thief could figure out just by learning your birth date or hp number. A combination of uppercase and lowercase letters, numbers, and symbols will offer you more security.
6. Resist using free wireless connections
Do not used the wireless connection in cafes, airports and other public places to check personal information or transfer any amount of money because anyone can just easily hack your password.

7. Used encryption software
To protect information on the Internet and networks, individuals may use a variety of encryption techniques to keep data secure and private. Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access.

An example of E-Commerce failure and its causes

Kozmo.com was a venture-capital-driven online company that promised free one-hour delivery of anything from DVD rentals to Starbucks coffee in the United States. It was founded by young investment bankers Joseph Park and Yong Kang in March 1998 in New York City. Kozmo had a business model that promised to deliver small goods free of charge, typically by using bicycle messengers.

Its headquarters were located in New York City. The company raised about $250 million, including $60 million from Amazon.com. It entered a five-year co-marketing agreement with Starbucks in February 2000, in which it agreed to pay Starbucks $150 million to promote its services inside the company's coffee shops. Kozmo.com ended its deal in March 2001 after paying out $15 million.


While popular with college students and young professionals, the company failed soon after the collapse of the dot-com bubble, laying off its staff of 1,100 employees and shutting down in April 2001. 18 locations nationwide and their Memphis distribution center were liquidated by a veteran entertainment wholesaler from Florida. Kozmo had filed an IPO with Credit Suisse First Boston before the layoffs, but it never went public. According to documents filed with the Securities and Exchange Commission, in 1999 the company had revenue of $3.5 million, with a resulting net loss of $26.3 million.


Kozmo.com face failure because of wrong business strategy. Free delivery services might sound good but one-hour point-to-point delivery of small objects is extremely expensive. Kozmo.com also had a bad business plan. They used almost 60% of their capital just on advertisement.





Discuss how E-Commerce can reduce cycle time, improve employees’ empowerment and facilitate customer support.

Electronic commerce, commonly known as e-commerce or eCommerce, enables all the suppliers, manufacturers or even the consumers buying and selling products or services over electronic systems such as the Internet and other computer networks.

EC can reduce cycle time by eliminating steps in business processes. The steps may be redundant or can be replaced with more efficient technology solutions. The elimination of the steps speeds the overall process and reduces cycle time. E-commerce allows people to carry out businesses without the barriers of time or distance for example Pizza-hut or Air-asia It provide buyer and seller many type of services with a single click of mouse via online services.

EC can provide employee empowerment by providing employees with greater and easier access to information provided by the employer. EC technologies provide greater information is important for employee to build initiative and confidence on the part of the employee to take on greater responsibility. Its allowed employee use to overcome discrimination, achieve full equality, well-being and participation in decisions that impact the quality of work perfomance and company return earning.



EC facilitates customer supported by providing a wide range of technological solutions and communication opportunities. EC also provide customer and technical support through analysis and problem solving to facilitate installation, implementation, maintenance, education, and documentation of a variety of computer and software technologies utilizing remote communication with the end user. Additionally, EC supports self-help customer service so consumers can answer their own questions.
On the other hand, e-commerce can provide other support services to aid in the eliminate system issues before they occur, develop on-line documentation, newsletters tips and other information that will educate business users allowing them to resolve their own questions and/or issues and, in general provide a more responsive, higher quality service.