A review on a post on Internet Security from My E-commerce blog

Choosing a Good Password and Keep Your Passward Secret!

I have been reading a lot about the issue of password no longer is a good security. However, we still need passwords for many applications. It is the common method that we use to keep our data confidential. Therefore, we have to choose a good password to keep our computer data safe and secure.

The most serious threat related to password is offline password guessing. As computers have become faster, the guessers also being able to test hundreds of thousands of passwords per second. Based on some findings, most of the people form their password by common dictionary words that we commonly used such as nouns (“apple” or “orange”) rather than complex words. Some of the people form their passwords with person‘s first name, pet name, numerical password such as IC number and birth of date). Besides that, many people use same password for every account that they own. These are the reasons why password has become insecure and hackers can break their users account easily.

In my opinion, password should be the combination of words, numbers, and symbols to promise a good security. This kind of password can be easy to remember. A good password might be “H#appy$life” or “g$reatda$y”. Besides that, password can also be created by using the first letter from each word in a phrase. For example, 'e commerce is an interesting subject' become “eciais”. For more creative password, we can create a password from parts of words pasted together, such as “doworbhap” for don’t worry be happy or “rewh&blu” for red, white and blue. Adding numbers and keyboard symbols like asterisks to passwords makes them even more secure. For example, “3ciai$” would be a better password than “eciais”.

We can create password by using certain characters to represent a letter. For instance “hueyjing”. Change the letter 'u' to '^'; letter 'e' to '3'; letter 'i' to '!'; and letter 'g' to '9'; and we will get the password as “h^3yj!n9”. We also can combine uppercase and lower case letters to make our password more unique.

For security purpose, we must keep our password as secret. Password should never be written down. If really need to do so, do not keep password list in computer or any obvious place. Be cautious when you are entering you password, as there may be someone looking at you. To be more secure, we should change our passwords at least once a month.

In conclusion, password is a traditional way to make sure our data was protected. We still have to use password to safeguard our data although there are other security methods such as biometric identification. Although biometric identification is more efficient than password, it is more expensive. Therefore, keep in mind that unique,secrecy password will help protect our data!

For more information, you can review the website below:
http://www.darkreading.com/blog/archives/2009/02/phpbb_password.html

How to safeguard our personal and financial data?

In this new century, many people are relying on computer and Internet to do their chores, including their working tasks. More advance online technology is being developed from time to time to make our daily life more convenient, such as e- banking, e- commerce, and so on. However, since data is sent back and forth through various servers where personal and information and financial data are housed, data that is moving from one server to another server may be intercepted and recorded. Besides that, such personal and financial information that are stored in our computer are also vulnerable to exposure and may be illegally used by people. Therefore, certain safeguards should be used to protect your personal and financial information.

One of the safeguard will be using and maintaining antivirus software and firewall. Antivirus softwares can protect our computers against viruses, worms, and Trojan Horses from stealing or modifying your data on your computer. It is important to always keep our antivirus up to date, and if possible to turn on the automatic update option For example, Norton antivirus and AVG antivirus. Firewall can protect our computers and data from unauthorized intrusions.

Besides that, we should also regulary scan our computer for spyware an adware.These hidden files enable attackers to gain access to your data. Thus, it is necessary to have a legitimate anti-spyware program to scan and remove those files.

We should also consider creating separate user accounts. If your computer is being used by many users, it may be chances that other users may accidentally access, modify, or delete your files. By having separate user accounts, it gives you additional protection.

Next, it is better to always use usernames and passwords. We should create passwords that would be hard for others to guess. If possible, use a combination of numbers and letters. We should avoid using passwords such as identity card number and date of birth. It is also important not to write the password down and carry it in wallet or briefcase. We should also not reveal those passwords to anyone.

When we want to send data to others, it is better to use encryption technique. Encryption is a process of converting readable data into unreadable characters. By encrypting files, unauthorized people will not able to view the data even if they can physically access it.

In addition, we should dispose off sensitive information properly. We should not dispose our ATM or credit card receipts in a public place. We should also ensure that we erase unwanted files in our computer completely and not just simply deleting them. For credit card and bank statements, we should shred, rather than toss those documents.

Other safeguards include:

• avoid clicking on pop-up ads or downloading information from unknown sites
• use your own computer instead of a workplace or public computer to access financial and other sensitive personal information.
• Log out any website’s account rather than just simply closing the account window

We should always follow good security to protect our personal and financial data. For more security tips, you may refer to this website:

http://www.us-cert.gov/cas/tips/

References:
http://finance.yahoo.com/banking-budgeting/article/103893/Six-Ways-to-Safeguard-Your-Online-Assets

http://www.us-cert.gov/cas/tips/ST06-008.html

Phishing: Examples and its prevention methods

As the world has become so dependent on the Internet, it gives chances for crimes to exist such as data being hacked by unauthorized people. Well, phishing is only one of the crime that happen in the worldwide.

What is phishing?

Phishing is a crimeware technique used by unauthorized party to steal the identity of a target company to its customers. Phishing can be an act of sending an e-email to users, falsely claiming to be an established authorized companies with the effort to scam the user into giving freely their private information. It is also known as identity theft. Phishing created a hard challenges for the existing e-commerce enterprises and those enterprises entering e-commerce network.

The most common target for phishing is Paypal, eBay and online banks. For example, a recent phishing happened in Canada, where a loss amounting to $ 10 million occured. U.S. banks, a credit and debit card distribution company and a payment processor had been hack by an Israeli hacker, Ehud Tenenbaum.

How phishing work ?

For the first step of phishing, the phishers will decide which business to be their target and determine how to steal its customers' e-mail addresses. The technique usually used by those phishers as spammers are mass-mailing and address collection.

For the second step, phishers will then create method for delivering the message and collecting the data. The methods which are mostly used are through e-mail address and a web page.

The third step will be the action of sending the false message that appears to be from a
established legitimate enterprise.

Finally, the phishers will be able to access and record the data of the victims once they enter into the web pages or popup windows. With the information that they obtained, various illegal activity can be done by them.

Example of phishing:

1)

2)

3)
4)

How to prevent phishing?

In order to prevent phishing from occuring, the following prevention can be taken:
1) Understand how phishing work. By understanding how it works, users will be more alert in safeguarding their private information or data. You may refer to the article of 'How to defeat phishers relating to the e-mail sent from ebay".

2) Use the outlook 2003 to filter out phishing email. This outlook 2003 is designed with a built-in Junk E-mail folder that does a good job by removing out spam. Therefore, this can help to prevent phisher from getting a chance to hack users' private information.

3) Users must always be aware of the emails and certain internet message received. In other words, they must not simply trust any information that appears in the website.

4) Users might also acquire anti-phishing service that helps in detecting and blocking phishing site to safeguard their confidencial information and date. An example of anti-phishing services is PowerShark Anti-phishing solution

5) Another prevention that users can apply is to do business or any transaction with the companies that you trust. This will reduce the risk of becoming another victim of phishers.

Reference:

Turban, E., King, D., Mckay, J., Marshall, P., Lee, J., & Viehland, D. (2008). Electronic Commerce: A Managerial Perspective 2008 (International Edition). Upper saddle River, NJ: Pearson-Education International.

The threat of online security: How safe is our data?

Nowadays, the implementation of technologies is becoming more and more advance as years passed. Businesses are evolving in the e-commerce world and everything has become more conveniet and effective. In addition, computer has become a necessary component for users to manage their personal data and daily tasks. Yet; with this high reliability on technologies, it creates chances for threats to occur. One of the hottest issues for companies and users is the safety of data in the Internet.

There are many types of threats and attacks in the Internet and it is a challenge to be faced. So far, the potential threats and attacks that had been discovered are as follow:

a) Nontechnical attacks – where a perpetrator uses some form of tricks to persuade
users to reveal their information or performing actions. An example of this type of attack is social engineering attacks.

b) Technical attacks – using software and systems knowledge or expertise to perpetrate an
attack.

c

Denial-of-service (Dos) attack – an attack that happens in website where an attacker uses
specialized software to send a flood of data packets to the
target computer with the plan to overloading its resources.
In other words, it is an attempt to make a computer resource
unavailable to its intended users, as defined by Wikipedia.



d)Virus – it is a computer program that can copy itself and infect the computer without obtaining
the permission or knowledge of the owner.

e) Worm – a software program that runs independently, consuming the resources of its host in
order to maintain itself, and is capable of propagating a complete working version of itself into another machine.

f) Trojon horse – it is a program that appears to be a useful function but it contains a hidden function that will introduce a security risk. An example for this threat is trojon horse virus.

g) Macro virus/ Marco worm – it is a virus or worm that executes when the application object
that contains the marco is opened or a particular procedure is executed.

Therefore, looking at the existence of all these threats and attacks, it is obvious that data that users transfered or presented online is not safeguarded. In order to protect our data and information in the Internet, security on internet should be implemented. Security success can be categorised into three component, which are:

a) Confidentiality – users' private or sensitive information should be kept nicely and avoid their
disclosure to unauthorized individual, entities, or processes.
b) Integrity – it means ensuring that the data uploaded by users is under protection and free from the risk of threat.
c) Availability – this is to ensure that the access of data, the website, or other e-commerce data
service is timely, available, reliable, and restricted to authorized user.

Reference:
Turban, E., King, D., McKay, J., marshall, P., Lee, J., & Viehland, D. (2008). Electronic Commerce: A Managerial Perspective 2008 (International Edition). Upper Saddle River, NJ: Pearson-Education International.