Saturday, June 21, 2008

Phishing: Examples and its prevention methods

Phishing is an e-mail fraud method in which the sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Phishing can attempting to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Normally, the messages appear to come from well know and trustworthy Web sites. Web sites that are frequently spoofed by phishers include Pay Pal, eBay, Yahoo, MSN and online banks are common targets. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.

The email below is the example of phishing:

"Phishing" -- Sample bogus e-mail from Citibank:

Example for Pay Pal:Example for Wachovia email:

There are some menthods to prevent Phishing:

1. No attempt to prevent information leakage. Rather, try to detect and then rescue users from the consequences of bad trust decisions.

2. Harness scale against the attacker instead of trying to solve the problem at each client. Thus scheme increases in efficacy with the scale of deployment: it offers very little protection if a small fraction of users participate, but makes phishing almost impossible as the deployment increases.

3. Verifying the authenticity and security of Web sites, particulary EC sites.

4. Securing computer before shopping online by keeping antivirus, antispam, and firewall software up-to-date.

5. Never following directions asking you to reveal information or delete a file that is received in e-mail or pop-up messages from seemingly trusted companies.

6. Never replying to e-mail or pop-up messages from companies that ask for personal, financial, or password information.

7. Reviewing credit card and financial statements for unauthorized charges.

References:

- http://www.bankrate.com:80/brm/news/advice/Phishing-email.asp
- http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci916037,00.html
- http://www.wachovia.com/misc/1,,1856,00.html
- http://en.wikipedia.org/wiki/phishing

Prepared by: Koh Kah Wang

A Review on Internet Security from My E-Commerce blog

Today, I am going to do a review on a post on Internet Security from E-Commerce blog.
In Facts, there are a lot of harmful threats on internet.

Some of the example of the threats:
-Hacker
-Malicious Code
-Spam
-Denial-of-service attack (DoS)
-Distributed Denial-of-service attack (DDoS)
-Virus
-Worms
-Trojan horse


What is Internet Security?
Internet security is the prevention of unauthorized access to our computer via internet. The security is consisting of encryption and password. There are many of the security applications/software has been developed to protect our computer from the threats. I discovered an interesting post from the E-commerze.blogspot which teaches us how to prevent our blogger blog for being hacked and how to recover our hacked blog.

Refer to the post: John Cow.com was hacked! And unhacked !


Tips to prevent out computer from being hacked:
There are few tips is provided for us to prevent our blogger from being hacked, we need to keep our personal information private and avoid to use a same password for different registration. We should put a password which is much more complicated (Alpha-numeric password) because it has a higher security level compare to homogeneous password.

We shouldn’t use our identity card numbers, home address, nickname, year of birth and whatever number which can be found by others easily. Try to avoid using a public computer to access any important websites because the security system of a public computer is not good enough to protect our private information. The most important tips is that we need to install anti-virus software to protect our computer from being hacked. Antivirus systems can help us to block and detect potential threat.


What is Antivirus system?
Antivirus software is computer programs that attempt to detect, identify, eliminate or neutralize malicious software. Nowadays, antivirus serve as functions such as to combat a wide range of threats including virus, worms, Trojan horse, phishing attack, malware and etc. There are few steps is executed by antivirus software, it is scanning, identifying, eliminating, quarantine, and Delete potential threats.

There are few popular antivirus software in the market, such as:
-Norton Anti Virus
-Panda software
-AGV antivirus
-Nod32 antivirus
-Spyware Doctor (anti Spyware)



Next, we will focus on how to recover a hacked blogger or website.

How to recover a hacked blogger or website?
There are 7 steps in the recovery process:

1)Regain control to your website.
2)Restore the data from backup file in diskette, CD, hard disk and etc.
3)Restore missing information.
4)Scan for the vulnerability.
5)Delete, block, or eliminate the vulnerability.
6)Remove/delete all suspicious file and send a copy to the antivirus software provider.
7)Periodically monitor your website activity after the recovery.

In facts, the steps above only can help us to recover our website from minor attacks. For those websites which is hacked seriously by professional hackers, there are lesser chance for us to recover it because we do not have sufficient software and techniques to resolve the problems. Hence, we need to seek for help from computer/software/IT experts to help us to regain access to a hacked website.
Internet security is very important for us because we conduct a lot of activity via internet. A lot of private information is transmitting across internet and a high level security system is a necessity to protect the users.



References:


- http://en.wikipedia.org/wiki/Antivirus_software
-
http://en.wikipedia.org/wiki/Internet_security
-
http://ecommerze.blogspot.com/search/label/Internet%20Security
- Turban, E., King, D., McKay, J., Marshall, P., lee, J., & Viehland, D.(2008). Electronic Commerce: A Managerial Perspective 2008 (International Edition). Upper Saddle River: Pearson-Education International.


Prepared by: Teo Muh Chow

Thursday, June 19, 2008

How To Safeguard Our Personal And Financial Data


Nowadays, Internet is a public network of nearly 50,000 networks connecting millions of computers throughout the world. When we register to become a member of this website, we need to fill in some personal information. The information is including name, e-mail address, password, telephone and others.If online purchase, the company will record consumer information records such as names, addresses, phone numbers, bank and credit card account numbers and et-cetera.

Everyone who uses the computer will mostly keep their personal data and financial data in the computer. This is because many data can be stored inside the computer easily. However, this important data might be stolen by others (hackers) when the person surfs the internet by using the computer. Besides that, anyone can easily get access to the computer and knew the important data if the computer has no any security.

Here are a few approaches on how to safeguard our personal and financial data:

1) Do not reveal any personal information or particularly passwords to anyone. After using any of the Financial Data Center or member services, must remember to log out properly before leaving the Financial Data Center.

2) Securing data through non-repudiation. It ensures that a party in the dispute cannot refute a transaction that has occured. This is necessary especially to the business people.

3) Installing a firewall. It can also safeguard the computer from being hacked and important data being stolen. Firewall should be installed if the user will surf the internet quite often.

4) Keep credit cards to a minimum. Only keep the ones you actually use and destroy any that you no longer use by shredding them.

5) Avoid using passwords that are easy for someone to guess such as the name of your favorite pet, your date of birth, your name and others. Never write this information down and never carry it in your wallet or briefcase.

Above are some ways for safeguarding our important data. It is very essential so that our important data would not leak away. Prevention is better than cure. Therefore it is better to safeguard our data before it is being stolen.


References:

- http://amazingcommerce.wordpress.com/2008/06/18/how-to-safeguard-our-personal-and-financial-data/
- http://www.msisac.org/awareness/news/2007-03.cfm



Prepared By : Lee Boon Keat

The threat of online security: How safe is our data?

Online security can distinguish between two types of attacks; nontechnical attack and technical attack.

Nontechnical attack is an attack that uses some form of deception or persuasion to trick people into revealing sensitive information or performing actions that compromise the security of a network. Social engineering is one of the nontechnical attacks that use social pressures to trick computer users into compromising computer networks. Phishing is an attack that attempt to trick individuals into revealing credentials. It is a technique that uses fraudulent e-mail messages that appear as legitimate business to gain personal information for purpose of theft. Nontechnical attack can be counter by education and training; policies and procedures; and penetration testing.

Technical attack is an attack perpetrated using software and systems knowledge or expertise. Examples of technical attack are denial of service (DOS) attack, distributed denial of service (DDoS) attack, virus, worm, macro virus or macro worm and Trojan horse.
DOS is an attack that bombards system until it crashes or cannot respond. Attacker will uses specialized software to send flood of data packets to the target computer.
Virus is pieces of software code that require host program be run to activate it. Virus will inserts itself into host and propagate when it spreads. Virus will delete files or corrupt the hard drive.
Worm can spread itself without human intervention. It consumes the resources of its host in order to maintain itself, worm able to self-propagate and degrade network performance.
Marco virus or macro worm is a virus or worm that executes when the application object that contains macro is opened or a particular procedure is executed.
Trojan horse is a program that appears as useful function but contains hidden function that presents security risks. This program will allow other people to access and control a person’s computer over the internet.

Secure a data is troublesome for Internet users. There is no right to privacy at international borders, says by Chris Soghoian. Firewall and antivirus software installed will only protect against attacks from Internet. What happens when confidential files in laptop is lost or stolen.
Encrypt is one of the best and easy ways to protect our data. With Encrypting File System (EFS), we can protect private customer and financial information. When encrypt file or folder, it will turn into a format that can’t be read by other without the encryption key. This case appears to be an example of people simply bypassing existing rules. The article notes that an initial attempt to encrypt the data failed, and no further attempt was made.


References:

- www.symantec.com/business/theme.jsp?themeid=threatreport
- http://news.cnet.com/8301-13739_3-9935170-46.html
- http://blogcritics.org/archives/2006/12/11/193220.php
- http://www.bio-itworld.com/BioIT_Content.aspx?id=74012


Prepared By : Tang Chee Seng