Friday, June 26, 2009

The Application of 3rd Party Certification Programme in Malaysia

E-commerce has been developed and widely used by the internet users since many years ago. However, security and lack of trust on the e-commerce are the main concern among the internet users. Phishing is one of the example in security issue. Hence we need a well-mandated security infrastructure on e-commerce websites in order to enhance the confidence among of the internet users on them.

As a result, there is a security practice on e-commerce websites called certification programme. It can be called "third party certification programme" because it is performed by a third party. It is also called Certificate Authorities (CA). Third party cerification is an accessment carried out to ensure compliance with a publicly available technical specification. Importantly, the accessment is carried out by an independent, third party organization that is qualified and licensed to issue certification when the accessment is successfully completed.

This means that rather than an organization or company claiming to comply with industry standards, they have taken their commitment to quality further and invited in an external third party to verify that their product or service does indeed complywith the industry standards. There are two main certificate authorities involve in third party certification programme in Malaysia, which are MSC Trustgate and Verisign.

MSC Sdn Bhd is a licensed Certification Authority (CA) operating within the Multimedia Super Corridor. MSC Trustgate was incorporated in 1999 to meet the growing need for secure open network communications and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region. Trustgate is licensed under the Digital Signature Act 1997 (DSA), a Malaysia law that sets a global precedent for the mandate of a CA. As a CA, Trustgate core's business is to provide digital certification services, including digital certificates, cryptographic products, and software development. The products and services of Trustgate are SSL Certificates, MyKAD ID, MyTrust, Managed PKI, SSL PKN, Personal ID, Managed Security Services, Verisign Certified Training and Development. It provides security solution for individuals, enterprises, government and e-commerce services providers using digital certificates, digital signature, encryption and decryption as this is the primary concern of entering into the new Internet economy. The vision of Trustgate is to enable organizations to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world.

Except of MSC Trustgate, Verisign Secure Site is used to ensure data confidentiality and integrity, it leading Secure Sockets Layer (SSL) Certificate Authority which also enabling the security of e-commerce, communications and interactions for websites, intranets and extranets. It provides security solutions to protect an organization's consumers, brand, website and network. By Verisign, all information transmitted through Internet is encryptedusing the 128-bit SSL protocal. SSL is a secure way of transferring information between 2 computer on the Internet using encryption. Strong end to end encryption is also adopted within the bank's computer networks and resources.

Verisign infrastructure helps organizations to deliver in the Any Era and realize the maximum profit. It is also towards that goal that we focus our company, our technology, our services and our people. It helps companies and consumers all over the world to engage in trusted communications and commerce.

The Diagram below shows how Verisign tackle spamming and its solutions:

In conclusion, the establishment of Certificate Authorities is important and they play vital role not only to catalysts the growth of e-commerce but also to inspect the security of e-commerce websites as it provides a safe and secure protection. More e-consumer can now shop and purchase online cafe-free while their personal information or confidentiality is protected.


The Threat of Online Security : How Safe is Our Data ?

Do you ever think that how safe is your data? Nowadays, people often create, store and manage critical information through computer. All kinds of activity from banking to storing company's personal details are done through internet. Consequently, it is important for users to aware that computer security plays a major role in protecting their data from loss, damage and misuse.

In today's world, you need to worry about security for your PC in a whole different way. Spyware, adware, viruses and trojans are lucking online, waiting to infect your computer. These threats evolve over time and always find a better way to better the security software. Therefore, it is important to update security softwares frequently to keep our data safe from these threats.
Here are some of the threats to your PC :

1. Spyware

Spyware is a type of malware that is installed surreptitiously on personal computer to collect information about users, their computer or browsing habits without their informed consent. Spyware is usually engineered to watch your online activity and uncover security flaws. The best way to avoid spyware is to avoid the sites and e-mails that leave it on your PC. There are a number of programs available that offer spyware removal and detection and can be downloaded for free at sites such as

2. Identity Theft

Identity theft occurs when a criminal uses anoher person's personal information to take on that person's identity.There have variety of methods that hackers can steal your information through the PC. Once this information is gained, it will be used to make online purchases using your credit card data, divert paychecks and create false documents. Usually, the top internet security software comes with some protection against this problem. An internet security suite may be your best bet to protect youronline information. The quick tips to protect yourself against online ID theft is never provide your credit card info to any site that does not offer multiple forms of internet security to protect your transaction.

3. Spam Mail

Spam by e-mail is a type of spam that involves sending identical or nearly identical messages to thousand ( or millions ) of recipients. Spam mail itself is not dangerous. However, it can have malicious links that can do everything from cause your PC to be infected by a virus, introduce spyware, and attract more spam. A good internet spam filter is usually a good option. The auick internet security tip is when typing your address into the net, try to use a combination of 13 letters and numbers. This will make it difficult for address to be added spam mail list.

4. Phishing Mail

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is normally carried out by e-mail or instant messaging an it often directs users to enter details at a fake website whose look and feel are almost similar to the real one. The scammers will then use this personal information for their own purposes, or sell the information to other criminal parties. The best way to avoid phishing attacks is not to click any e-mails that you believe to be suspicious. Besides that, you may also update your web browser with phishing detection. Internet security software package such as Webroot's Spysweeper and ZoneAlarm Internet Security Suite have great phishing detection systems.

5. Virus

Computer virus is a self-replicating or self-reproducing program that are designed to spread from one computer to another computer and to interfere with computer operation. Virus are one of several types of malicious software or malware. A basic rule is that computer virus cannot directly damage hardware, but only software. Viruses are most easily spread by attachments in e-mail messages or instant messaging messages. Viruses can be disguised as attachment of funny images, greeting cards, or audio and video files. Besides that, viruses also can spread through downloads on the the internet.

References :

Wednesday, June 24, 2009

How to safeguard our personal and financial data?

Nowadays, the popularity of using computer are increasing especially for the personal and financial data. Unfortunately, the hacker who is break into computer for the threat and fraud also increase. So as a user of computer need to safeguard our own personal and financial data so that their personal data will not give the hacker an opportunity to hack especially use for criminal use and not be a victim.

The steps to safeguard our personal and financial data are:

Password are the key for us to acess our personal data information that we would not wish to give other to acess it. We need to create a strong password and keep them well protected so that other will not easily steal our personal and financial data. Example of strong password are make it lengthy, combine letters, numbers, and symbols which are use the entire keyboard. Remember that never use sequences or repeated character or other information that easily guess by others as our password.

Private and Confidential mean that never disclosure our personal information and financial data to others especially our password. Always must keep our passwords hidden from friends or family member especially children that who could pass them to other less thrustworthy individuals. We also need to avoid accessing financial information in public which place that provide wireless connection because we never know that firewall are provide or not.It also encourage hackers to hack into our confidential data and steal information from the wireless connectioan area.

Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. When we access internet we must make sure that the computer is provide this software program.

Anti-virus software is used to prevent, detect, and remove malware, including computer virus, worms and trojan horses that may steal or modify the data on our own computer and leave our vulnerable . Besides install anti-virus software we need constantly update the anti-virus program so that can detect the latest malware and to avoid the attackers take the advantage of the outdated anti-virus software.

The important thing that we must always remember that have a habit to log out before we close our browser which contains our personal information. There will no reputable company will ask for your password, account number, or other log-in information via e-mail or instant message. Last but not least, never open an attachment or click on a link sent to you by an unknown person. Because the attachments can contain viruses and links that can lead unsuspecting users to dummy sites where they are asked to input financial information.

Conclusion it is very important for everbody to taken an appropriate safeguard to protect our personal and financial data.

Password: An Internet Security

Obviously, the most common internet protection used by users is password. It is a secret word or series of characters that used for authentication, to prove identity or to access to the resources required. Whenever user login to the computer account, retrieving e-mail, accessing some database, network, accessing programs and even booking ticket online, users are required to enter the password. The common use of password resulted by its characteristic of short enough for memorized and easy to type.

The next thing we try to discuss here is the extent of which the password is able to secure. Basically, password has some significance disadvantages. It can easily be stolen or forgotten. Even if it is not being stolen, the common available password is easily and efficiently be guessed by attacker. Therefore, the availability of system that impose time-out of several seconds after a small number of failed password entry attempts can prevent from unauthorization access. Another issue is that an individual might distribute his or her password intentionally to friends. This type of authentication becomes useless as anyone can access easily.

Formation of different types of password itself is important to secure the internet access. There are several types of password. For instance, password that formed by the multiple words is called as
passphrase while the secret information that formed by purely numeric is called as passcode. According to the research done by Information Week, almost 16% of online users used passphrase of their own, spouse or child name as password. This might because such passphrase will not be forgotten. 14% of users used “1234” or “12345678” as passcode. This type of passcode is easy and nice. 4% of users used “password” as password. These three types of password are easy to guess and unsecured.

Thus, some web security suggests a better protection by choosing a password that consists of at least 8 characters or more include one capital letter and symbol, and, the most important thing to remember : Do not simply give your friends your password.