Friday, June 20, 2008

REVIEW:INTERNET SECURITY

After reviewing the post (http://ecommerze.blogspot.com/2008/04/more-than-1-million-computer-viruses-in.html) I realized that using computers can create headache and make me feel not to use computers at all. But computers cannot be omitted from being used as it is becoming an essential tool in our daily life. What I notice from this post, it is not secure to perform internet transaction due to unauthorized access or damage to computer systems via internet transaction. It could be Denial-of-service (DoS) attack, virus, worms, Trojan horses, crackers, hackers, malware, spyware, and other attacks.

I even realized how dangerous computer viruses can be and the problems encounter by computer users such as data lost, important information being deleted, computer system breakdown, and others. The most common attack for me would be virus which is defined as a computer program that can copy itself, change computer settings and slow computer down without the knowledge of the user. The most common way these viruses come into contact is through online whereby, the user who may surfing the internet for some information may be unaware of the risk contacting with virus. Virus can also be transferred through device such as thumbdrive or could be due to some incomplete coding. Over the years, many types of viruses have been discovered such as e-mail worm, file infecting virus, or macro virus.

In order to prevent virus attack, a user should install a reliable antivirus software that helps to eliminate, identify, or neutralize wide range of threats, including worms, phishing attacks, trojan horses and other malware. Installing a good antivirus is not sufficient, the virus definition should be updated regularly and it is advised to scan the computer at least 2 to 3 times per week before switching off the computer off. Furthermore, always remember to scan those portable drives before opening it eventhough you assume it is clean from those viruses.

Tuesday, June 17, 2008

Ways to Safeguard your personal and financial data

As you know internet brings a lot of benefits to users . You can perform online transaction via internet for instance online banking and shopping just to name two. These are significantly convenient as compared to traditional way in terms of time saving and petrol saving indeed especially when during peak hour. However, Internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting user. Attackers may use other people’s private information for their own financial gain, either by making purchases themselves or by selling the information to someone else. Thus it is vital that users take some precaution steps to prevent their vital data from being stolen.

The followings are some ways to help internet user to protect their essential data.

1. Use and maintain anti-virus software, a firewall, and anti-spyware software regularly
It is strongly recommended to use anti-virus software and a firewall in your computer as it helps to protect you against viruses and Trojan horses that may steal the data on your computer and leave you vulnerable. Besides, whenever possible make sure you keep the virus definitions up to date. Use a legitimate anti-spyware program to scan your computer and remove any sypware
or adware hidden in software programs as it may also gives attackers access to your data.Review 2008 top ten internet security software.

Watch this!




2. Keep software up to date especially web browser
Install software patches in your computer so that attackers cannot take advantage of known problems or vulnerabilities. Patches are updates that fix a particular problem or vulnerability within a program. It repairs holes in software programs.

3. Evaluate your software's settings
The default settings of the majority software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is particularly crucial to check the settings for software that connects to the Internet such as browsers, email clients and so forth. Apply the highest level of security available that still gives you the functionality you need.

4. Develop a strong password
Through a strong password may add layers of protection from attackers. Avoid using readily available information, such as your mother's maiden name, your birthday.

5. Be cautious of emails requesting information
Never open an attachment or click on a link by an unknown party. Attachments can contain viruses and links can lead unsuspecting users to dummy sites where they are asked to input financial information or requesting you to confirm purchase or account information. Legitimate businesses will not request this type of information through email.

6. Dealing with reputable vendors
It is encouraged to interact with a reputable, established vendor before providing any personal or financial information as many attackers are trying to trick via creating malicious web sites that appear to be legitimate. Hence you should verify the legitimacy before supplying any information

7. Make certain that your information is being encrypted
Many sites use secure sockets layer (SSL) to encrypt information. Indications that your information will be encrypted include a URL that begins with "https:" instead of "http:" and a lock icon in the bottom right corner of the window.
Credit:

The Threat of Online Security





How Safe
is Our Data??


Most of us know full well the degree to which our lives can be affected as a result of others getting their hands on our data. Financial fraud and identity theft have become commonplace these days, with fraudsters using increasingly sophisticated methods to try and get a hold of our details. In fact, fraudsters can use all sorts of documents or items that belong to us in order to commit a crime or steal an identity and information.

However, worryingly many of us fail to take precautions to minimize the chances of our data falling into the wrong hands. Although numerous measures have been taken to prevent data theft and misuse, our data online is still insecure, and we are still susceptible to viruses, worms, and Trojan Horses.

Our data still faces threats from:

Virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way computer works without the user’s knowledge or permission. Once the virus infects the computer, it can spread throughout and may damage files and system software.


Worm is a program that copies itself repeatedly, for example in memory or on network, using up resources and possibly shutting down the computer or network. It exploits vulnerabilities in operating systems (OSs), network services, and applications to propagate and cause damage



Trojan horses(named after a Greek myth) is a program that hides within or appear to be legitimate, but in fact contain malware such as keyloggers

and spyware


The countermeasures developed for detecting viruses can often detect other forms of malware as well.A nother effective, but easily overlooked, countermeasure is security awareness training. It is common knowledge now that you should not open an email attachment sent from someone you do not know. Less well known are tips such as avoiding sites that may harbor malware, such as peer-to-peer file sharing sites, and not downloading browser plug-ins that may be Trojan horses. Keeping users aware of the changing tricks and techniques used by malware developers and cyber-attackers is an effective complement to the technical countermeasures that are essential to preserving information assets.

Just for laughs.......

Credit:

Monday, June 16, 2008

Phishing:Examples and its prevention methods

Fishing..Phishing...What??!
The average home computer user like us is always bamboozled by technology jargon which is used to warn people about the most serious security threats online. This is what we called 'Geek speak' confuses net users..Hehe.
So what is phishing all about?Well according to Wikipedia.org , "Phishing" in computing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. PayPal, eBay and online banks are common targets.In layman's terms,Phishing is basically describe as faked e-mail scams.

Wants to know more?There's couple of example of banks in Malaysia becoming the victims of Phishing.

RHB BANK
In the year of 2006, nonetheless,RHB Bank was once a target of phishing scam. Fake e-mails are widely sent to mislead customers.Example of email sent by unauthorized party.
Example :

Remark:Click to enlarge

CITIBANK
On 2 September 2004,a Citibank phishing email began making the rounds via email in Malaysia, warning Citibank customers of possible fraud affecting their accounts and urging them to login to check the status.
Example:

Remark :Click to enlarge

We always say prevention is better than cure, there's step for computer users like us to avoid being phished.

  1. Dont ever trust emails urgently requesting personal financial information.Phishers want you to react immediately and therefore include upsetting or exciting statements which trigger fear or happiness.They may falsely claim suspicious withdrawals from your banking account or present you as the winner of a lottery(so don't be silly,there's no free lunch in the world).
  2. Do not fill any forms in email messages that ask for personal financial information
    Typicall phishing scams or hoaxes ask for information such as usernames, passwords, credit card numbers, social security numbers through an online form.
  3. Be suspicious of email links.The link from the email is the key to successful phishing scamming which will send you to the phishers own internet site with an online registration of account information. If the link in question shows www.hacker.com it is likely to scare of most of its target audience. One way the scammers have to go about this is to buy a new domain with an apparent link similarity to the bank or e-commerce it’s trying to be portrayed. For example,www.citibnkupdates.com.

Just a couple a game i would like to share with you guys.
Lets see how you good are you in differentiating legitimate site or just another phishing scams

Remark:Click on the image to play

A video on Phishing



credit: