The application of 3rd party certification programme in Malaysia

Well today we going to talk about the application 3rd party certification programme in Malaysia, but who is the 3rd party? That is VeriSign who is the provider of internet infrastructure services for networked world and also help business and consumer engage in trusted communication and commerce.

Now the question is “who is the provider VeriSign services?” that is MSC Trustgate.com Sdn. Bhd. who have the agreement with VeriSign to resell the VeriSign® Identity Protection (VIP) and VeriSign® Unified Authentication Services to businesses to increase the protection for online identities of their customer. However, MSC Trustgate was incorporated in 1999 and has been joining VeriSign since 2000 focus on reselling the VeriSign services. Their vision is “To enable organizations to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world.” To know more about MSC Trustgate Sdn. Bhd. please visit this website http://www.msctrustgate.com/about_us.htm

"MSC Trustgate has proven to be a strong partner in security and trust services for individuals, enterprises, government and e-commerce organisations in Malaysia," said Ed Elliff, Director of Identity and Authentication Services, VeriSign Asia Pacific. "We believe it has the reputation to successfully extend our range of identity and authentication services in the Malaysian market."

Sources: VeriSign Extends Partnership with MSC Trustgate to Deliver Identity and Authentication Services in Malaysia (2008) Retrieved June 27, 2009, from http://www.verisign.co.nz/press/2008/20081020.html

What we going to do to have a VeriSign Service? Just copy and patse a small line of code to webpage then will show up the VeriSign Secured Seal picture at the webpage.

For more information you can visit this website to guide you http://www.msctrustgate.com/support/FAQSecSeal.htm

The way to safeguard our personal and financial data

In today’s world, people are largely dependent on computers and internet. Most of them are relying on online database to save and manage their personal information and also doing online financial transaction to make their life easier. However, information that transmitted over the internet has higher security risk as compared to internal networks. As the criminal become smarter and become more advanced day after day, therefore identity thefts are increasing with various techniques to steal identity from targets. In year 2003, there are 9.9 million people were victims of identity theft. Hence, in order to protect our personal and financial data, there are some tips for you to safeguard your data for being stolen.

Some of the tips to safeguard our privacy data

1. Install and update anti-virus program and use a firewall. In order to protect our computer from being attack by viruses and Trojan horses which may steal and modify the data in our computer, we should use an anti-virus program such as Karpersky, Avira AntiVir, Norton and etc. However, a firewall is a system designed to prevent unauthorized access to or from a private network. It considered as the first line of defense in protecting private information. We must keep our anti-virus program up to date for well protection.

2. Use anti-spyware and regularly scan computer for spyware. Anti-spyware is designed to prevent and detect unwanted and harmful spyware program and romove them from computer once detected. There are some anti-spyware softwares available including Sunbelt Software, TrendMicro and etc.

3. Use a strong password for sensitive files. The passwords which are related to any of our personal information such as date of birth, contact number, identity card number and etc is not encourage using as the password number. A strong password is more than 12 words and it consists of digit (0-9), alphabetic (a-z) and also some special character (@, ^, *, -, _, #).

4. Limit physical access. We should store our sensitive and confidential information in a physically secured device and allow only authorized users access and monitor to it.

5. Restrict network or shared access. We must not allow anyone access to confidential data unless needed. As we limit the authority to access to the confidential data, it also reduces the risk of both accidental and malicious exposure.

6. Encrypt stored sensitive and confidential data. All sensitive and confidential must be encrypted. Data can be protected by encrypting the entire storage drive or a portion selected by us, such as folder or individual files.

source from:

1.http://finance.yahoo.com/banking-budgeting/article/103893/Six-Ways-to-Safeguard-Your-Online-Assets

2.http://www.msisac.org/awareness/news/2007-03.cfm

Phishing: Examples and its prevention methods

Phishing is a technique used by perpetrator to acquire sensitive personal data or private information by sending fraudulent e-mail which appears to be a mail from legitimate businesses with a justifiable request. These authentic-looking-messages are designed to fool recipients into revealing personal data and information such as account number, username, passwords, credit card numbers and so on. The user of Paypal, eBay, Lelong.com and online banking is the common target. Therefore, once the recipient clicks on the link provided in the fraudulent e-mail, it will directly take he/she to the fake website to let the recipient to enter their personal data.

Example of phishing:

1. This is a fraudulent email targeted on eBay users.


















2. Example of fraudulent e-mail from Maybank





















3. phishing example targeted on paypal user




















Preventive method:
There are some tips to avoid being the victim of phishing scams:

1. Before submitting personal information or financial information through a website, look for the "lock" icon on the browser's status bar. If there is a "lock" icon, it means the information is secured during transmission.
2. Be cautious of email asking for updating personal information. Never ever click on the link within the text of the e-mail which ask us to update our personal data unless recipient has confirm his/her billing information.
3. If the recipient is unsure whether the e-mail is true, he/she can directly contact the particular company to answer the doubts.
4. If the recipient has unknowingly disclose their personal or financial information, they should contact the particular company or bank immediately.
5. Lastly, any suspicious e-mail can be forwarded to uce@ftc.gov to complaint about the fraudulent e-mail at www.ftc.gov.
   

The treat of online security: How safe is our data?

Electronic transactions and Web sites create business risks. Criminals around the world are stealing credit card information, bank account and other personal information in greater numbers than ever before. Thus, an E-commerce security consisting of multiple layers of defense is needed. There are two types of attacks - nontechnical and technical.

Non-technical attacks is an attack that uses chicanery to trick people into revealing sensitive information of performing actions that compromise the security of a network. Examples of non-technical attacks are pretexting and social engineering.

In contrast, software and systems knowledge are used to perpetrate technical attacks. A computer worm is an example of a technical attack. Hackers often use several software tools readily and freely available over the Internet and study hacker and security websites to learn vulnerabilities.

Malicious code: viruses, worms, and trojan horse
Malicious sometimes referred to as malware( for malicious software), it is classified by how it propagates( spread).

• virus: a piece of software code that inserts itself into a host, including the operating systems; running its host program activates the virus. A virus have two types of components. First, it has a propagation mechanism by which it spreads. Second, it has a payload that refers to what the virus does once it is executed. Some of the viruses simply infect and spread but some of others do substantial damage such as deleting the files or corrupting the hard drive.

• worm: a software program that runs independently, consuming the resources if its host in order to maintain itself, that is capable of propagating a complete working version of itself to another machine. Worms consist of a set of common base elements such as a warhead, a propagation engine, a payload, a target selection algorithm, and a scanning engine. The entire process takes seconds or less, which is why a worm can spread to thousands of machines.

• trojan horse: a program that appears to have a function but that contains a hidden function that presents a security risks. There are many types of Trojan horse programs. Basically, Trojan horse has two parts which is a server and a client. The server is the program that runs on the computer under attack while the client program is the program used by the person perpetrating the attack.
  

Lastly, the risks exposed by computer users is increasing with more advanced technology. Therefore, safeguards developed must always be up to date so that it could enhance the defense against online security treats.