Saturday, June 27, 2009

Review on a post on internet security

First of all, I would like to share news in China:
“22 year-old hacker from Hunan steals over 7million RMB from banks”
There is a 22 year-old unemployed man with only a junior high-school education being a hacker and steal money from banks. He purchased a hacking software which used to infiltrate the main computers and websites of Chinese banks to insert “Trojan horse”, and steal the identification numbers, bank account numbers, bank codes, mobile phone numbers and other personal information of banking customers. Thus, he successfully steal over 7 million RMB from the over 300 accounts!

From this news, it means that, nowadays, it is easy to be a hacker, and even easier being hacked! In this e-century, hackers are everywhere. They can hack into your MSN, yahoo, hotmail or others personal websites. That is why we have to learn how to avoid from being hacked! I always receive message from my friends’ msn messenger, sent me some website address link while the sender is appear offline! I feel weird and just ignore it. But, this is actually the hackers who try to send out virus after hacked the user’s msn account. However, after my friend change the password, these things did not happen again.

After reading the password security post in E-Commerce blog, I finally understand why a lot of people being hacked by hacker. They did not care about the security of password. Some people use their name, date of birth as the password that could be easily found out by everyone. Although it may be easier to remember the password, we should change the password every month to avoid hacker. Besides, avoid using the same password for every applications or account login.

I would like to share some ways to create a secure password and STOP being hacked to protect your private personal information. 1. Avoid using personal information: never use your name, spouse name, or date of birth as your password.
2. Do not use real words: try to create your own words that could not find in dictionary.
3. Mix different character types: create a password which include different type of character such as ‘#’ or ‘&’.
4. Use a pass phrase: think a sentence or line from song, and create a password using the first letter from each word.
For example: “I like to wear Nike shoes” we can change it to:‘il2wns’
5. Use password management tools: password management tools can remember password securely and easier for user.

The post I review:
1.
http://ecommerze.blogspot.com/search/label/Internet%20Security
2.
http://chinanewswrap.com/2009/06/24/22-year-old-hacker-from-hunan-steals-over-7-million-rmb-from-banks/

How to safeguard our personal& financial data?

How safe is our data? Do you know how to protect your data? For me, I only know the basic way to protect my data. Nowadays, my way to protect data is outdated, because there is a lot of software that can easily hack into my data or computer. Hacker is the “most professional people” that steal the data; they can easily steal data without your knowledge. As this is very dangerous for the innocence people, that is you and me, because we don’t know have strong knowledge in protecting our data. In order to adapt to current situation, we need to start to protect our data now.

There are some ways to safeguard our data:
1) Set up password
Setting up password is the most basic way to protect data, but the others can still steal your data if your password can be guessed. We avoid using password such as birthday, name and identity card number, this type of password is can be easily guessed by other people. Besides that, we should not use repeating word in a password e.g. Betty. The length of the password is also very important, we need to set password that is at least 7 words long. Nowadays, when setting up the password there will be an identification of the strengtheners of your password. Remember to set the password that is strong enough to avoid stealing of data. 2) Firewall
A firewall is a part of a computer system or network that is designed to block unauthorized access. Firewalls are usually used to prevent unauthorized users from accessing private networks, especially
intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that are unauthorized. Firewall is suitable for individual or organization use. There is a lot of firewall software that are available in the internet; you can download it for free. 3) Antivirus Software
A computer virus is a
computer program that can copy itself and infect a computer without the permission of the owner. Virus can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer. In order to avoid virus hacking our computer, we need to install antivirus software. The software must be very strong enough to “kill” the virus. Besides that, we need to update antivirus software everyday, so there will be strong protection for our data. 4) Log in, log out
When you log in to some website, the website may keep your username and password. This may be dangerous when you using public device to log on to that website. Others may steal your data without your knowledge. So, when you log in to one website, you need to make sure that you have clear the data. This will ensure that your data will not be hack by others. Besides that, when you sign in to one account, you need to ensure that you have sign out from that account, because some people will directly close the window and they think that the account will be automatically sign out. Some website will automatically sign out your account but not all. You need to make sure that you have signed out to the account and make a double check by log in another time to that website.

Friday, June 26, 2009

The threat of Online Security:How safe is our data?

Computer plays a major role in our daily life. Without computer, a lot of tasks couldn’t be done. For example, we need a computer to do assignments, communicate, do online shopping, news feed, and to find information. However, the doubt on how safe is the data disclosed still remains an issue to all Internet users. Crimes don’t only exist in real world but also in Internet. Worries on whether private information such as credit card number will be misused, stolen, loss, or damage still remains. Threat such as phishing, information theft, hackers, viruses and worm are concerns of traders as well. Therefore, traders are still trying their very best to prevent their customers’ information from being stolen, loss, misuse, as well as damage.

1. Phishing

Phishing is an act of obtaining access to passwords, identity details, and credit card information by posing as a trustworthy website such as Maybank2u, Amazon, eBay, and Public Bank through emails or Instant Messaging. Phishing concept is similar to ‘fishing’ whereby the theft leads to bait used to gain personal and financial information. Not only steals information, sometimes phishers also infect the computer with viruses or worm.

2. Information Theft

Similar to phishing, information theft is also a crime of stealing private information thru the Internet. Most popular information theft is the credit card number theft. The use of credit card has widened as people do their purchases online. It is the easiest area to use fraudulent as it has no extra identification number to use. Website without proper security such as free hosting websites is main target. Therefore, purchasing from a trusted entity is much safer.

3. Hackers

Black hat hackers are individual that breaks into others computer system to access forbidden information and cause some damages. However white hat hackers are those that work for big corporation to test out their latest website in order to offer a safe website and program to the public. For example, Maybank hires hackers to try out their website, http://www.maybank2u.com/ to make sure their security are safe enough and there are no loop holes for hackers to break into their system and steal and damages their information.

4. Computer Virus

Computer virus corrupts files and programs in a computer, causing the files and program damages. It infects a computer without the permission or knowledge of the computer owner. Types of viruses include Trojan horse, worms, most rootkits, spyware, crimeware and many more. Computer may be infected by virus thru clicking on website pop up, email links, corrupted files, pendrive, downloads, as well as programs. Installation of anti virus software can minimize the risk of virus attack on ones computer.


Therefore, users are advice to be careful when they are doing any online transaction. Get confirmation from the bank before disclosing any important data such as password and user ID. Moreover, important data in the computer may be abused if one lost their laptops or computer files are corrupted. Therefore, users are advise not to keep personal data such as ATM password, e banking password, or even credit card number in the computer system, but rather write it down on a notebook.

Phishing

Phishing is a fraudulent technique to steal the identity of a company to acquire the sensitive and confidential information of its customers. For examples, the customers’ personal information such as username or password.

Spy-phishing is a phishing technique with spyware programs which target on online banking and other websites. The phisher normally uses SPAM, malicious websites, email and instant messaging to trick users and login into their personal account so that they are able to steal their information. This information is then sending to the fraudster who then uses it, mostly for bank and credit card fraud. This is the most common phishing tactic nowadays.

Phishing has become more and more serious fraud nowadays. As users of the online application, we must protect and prevent ourselves from getting into those tricks.

Firstly, users must verify the authenticity and security of the websites. A user must login to their account by using the company’s official website rather than login through any hyperlink or email. Most of the banking websites are now warning their users not to login through any email or hyperlink and ignore email that require the users to update their personal information. Also, never reply to any email or pop up messages from company that ask for personal information.

Users must secure their computers with the antivirus software and firewall software. They have to ensure all of the software is updated frequently before they conduct any online activities. However, the users are highly recommended to install online anti-phishing software. There are two type of anti-phishing software: blacklist/ white list based and rule- based. The blacklist/ white list based will warn the users whenever they visit those phishing sites while the rule- based will check the security of the visited web site according to the rules established.
On the other hand, education can be provided and users are acknowledged regarding the danger of phishing. The users are taught to understand what phishing is and how phishing can attack and endanger them. The users must also be alert to identify and detect the phishing email. They may block the sites to prevent the phishing attack.

Last but not the least; users can block the phishing email by using anti spam software or spam filter. This filter could scan the contents as well as the information of the email to determine whether the email is sent by the identified sender and thus decreasing the phishing attack.

Example of phishing email of Citibank: