Nowadays, e-commerce is used widely all around the world. In the developed country, the usage of e-commerce is extremely high as compare to Malaysia. The main reason that Malaysian does not practice e-commerce in daily life is because they feel unsecure. They worried that their personal details will be disclosed in the internet since there are lots of fake website existed.
Therefore, 3rd party certification programme took place to ensure the securities of users where a digital certificate issued. A digital certificate is a digital document that validates the identity of the certificate’s owner. Certificate Authority (CA), a trusted party, issued the digital certificates to users or to organizations. Furthermore, the digital certificate will valid for a certain period of time.
Digital certificates rely on public key cryptography for their own authentication. When a digital certificate is issued, the issuing certification authority signs the certificate with its own private key. To validate the authenticity of a digital certificate, a user can obtain that certification authority’s public key and use it against the certificate to determine if it was signed by the certification authority.
For a digital certificate to be useful, it has to be structured in an understandable and reliable way so that the information within the certificate can be easily retrieved and understood. The S/MIME standard specifies that digital certificates used for S/MIME conform to the International Telecommunications Union (ITU) X.509 standard. S/MIME version 3 specifically requires that digital certificates conform to version 3 of X.509. Because S/MIME relies on an established, recognized standard for the structure of digital certificates, the S/MIME standard builds on that standard’s growth and thus increases its acceptance. The X.509 standard specifies that digital certificates contain standardized information. Specifically, X.509 version 3 certificates contain version number, serial number, certificate algorithm identifier, issuer name, validity period, subject name, subject public key information, issuer unique identifier, subject unique identifier, extension and certification authority’s digital signature.
MSC Trustgate
The most popular 3rd party certification programme in Malaysia, MSC Trustgate.com Sdn Bhd, is corporate in 1999. It is licensed under the Digital Signature Act 1997 (DSA), a Malaysia law that sets a global precedent for the mandate of a Certificate Authority. The vision of the corporate is “To enable organization to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world.” Followings are some of the products and services in MSC Trustgate:
As a conclusion, a secure infrastructure is essential on the E-commerce in order to protect the publishers and users. The establishment of Certificate Authority plays a vital role not only to issue digital certificate but also have to ensure the security of E-commerce website. We, as an Internet users, must be aware with the security trademark to prevent from become a victim of security issues.
The application of 3rd party certification programme in Malaysia
How to safeguard our personal and financial data?
We live in an increasingly online world. Many transactions can be done through internet, such as online banking, booking, buying, auction and etc. However, it raise the issues that hacker who to hack into computer in order to theft those confidential data. So, keeping our personal and financial data as secure as possible. In the following, some guidelines learn to keep our private personal and financial data safe online.
1. Choose your PIN wisely. While we want to choose something we’ll remember, we don’t want it to be something that a clever thief could figure out just by learning our birth date or your child’s name. A combination of uppercase and lowercase letters, numbers, and symbols will offer us more security.
2. Secure network. If we have a wireless network at home or workplace, make sure that it is secure. A hacker can gain access to anything you do over an unsecured network in a matter of seconds. If we look at the documentation for wireless router, we’ll be able to find out how to lock router and encrypt our information. It won’t affect the way we use wireless network, but it will keep intruders from getting a hold of info.
3. Don’t reuse passwords. As tempting as it may be to reuse passwords, it’s a really good practice to use a different password for every account we access online. This way, if someone does find out what our password is for one credit card, they won’t also be able to access our checking, brokerage and email accounts. It may take a little more organization to use different passwords for each site, but it can help marginalize the effects of unauthorized access to your accounts.
4. Don’t put private information on public computers. If we’re away from home, make sure not to save private information onto a computer used by the public. If we’re accessing a private account at the library or cyber cafĂ©, make sure to log out completely from our accounts, and never choose to save login information (like username or password) on these computer.
5. Protect computer’s security. Use as many tools as you can to guard our computer information from the nefarious. Failing to protect our computer is just as bad as leaving your door unlocked, your windows wide open, and a sign on the mat, saying, “Burglars, come on in.”
Phishing: Examples and its prevention methods
Phishing is the process of attempting information illegally and fraudulently through the internet such as the usernames, passwords and credit card details by creating a fake websites which mislead the real company’s customers to enter their details at the website. Examples like the PayPal, eBay, and online banks. These are many examples of phishing e-mail such as showing below. 
For more examples, visit the link below.
Below are the methods that can prevent phishing:
Eliminating phishing mail
Specialized spam filters can reduce the number of phishing e-mails that reach their addressees inboxes. These approaches rely on machine learning and natural language processing approaches to classify phishing e-mails.
Monitoring and takedown
Several companies offer banks and other organizations likely to suffer from phishing scams round-the-clock services to monitor, analyze and assist in shutting down phishing websites. Individuals can contribute by reporting phishing to both volunteer and industry groups, such as Phistank.
Helping to identify legitimate sites
Since phishing is based on impersonation, preventing it depends on some reliable way to determine a website's real identity. For example, some anti-phishing toolbars display the domain name for the visited website. The pet name extension for Firefox lets users type in their own labels for websites, so they can later recognize when they have returned to the site. If the site is suspect, then the software may either warn the user or block the site outright.Browsers alerting users to fraudulent websites
Another popular approach to fighting phishing is to maintain a list of known phishing sites and to check websites against the list. Microsoft's IE7 browser, Mozilla Firefox 2.0, and Opera all contain this type of anti-phishing measure. Firefox 2 uses Google anti-phishing software. Opera 9.1 uses live blacklists from PhishTank and GeoTrust, as well as live whitelists from GeoTrust. Some implementations of this approach send the visited URLs to a central service to be checked, which has raised concerns about privacy. According to a report by Mozilla in late 2006, Firefox 2 was found to be more effective than Internet Explorer 7 at detecting fraudulent sites in a study by an independent software testing company.
An approach introduced in mid-2006 involves switching to a special DNS service that filters out known phishing domains: this will work with any browser, and is similar in principle to using a hosts file to block web adverts.
To mitigate the problem of phishing sites impersonating a victim site by embedding its images (such as logos), several site owners have altered the images to send a message to the visitor that a site may be fraudulent. The image may be moved to a new filename and the original permanently replaced, or a server can detect that the image was not requested as part of normal browsing, and instead send a warning image.
Augmenting password logins
A method to prevent simple phishing of transaction numbers (TANs) is to associate each TAN with a "lock number". The bank's server sends the lock number as a challenge, and the user provides the corresponding TAN as the response. The server selects the key-lock pair randomly from the list to prevent acquiring two consecutive TANs. Lock numbers are not sequential, so that phishers can only guess correct lock numbers.
The threat of online security: How safe is our data?
Do you ever think that how safe is your data? Nowadays, people often create, store and manage critical information through computer. All kinds of activity from banking to storing company's personal details are done through internet. Consequently, it is important for users to aware that computer security plays a major role in protecting their data from loss, damage and misuse.In today's world, you need to worry about security for your PC in a whole different way. Spyware, adware, viruses and trojans are lucking online, waiting to infect your computer. These threats evolve over time and always find a better way to better the security software. Therefore, it is important to update security softwares frequently to keep our data safe from these threats. Here are some of the threats to your PC :
1. Spyware
Spyware is a type of malware that is installed surreptitiously on personal computer to collect information about users, their computer or browsing habits without their informed consent. Spyware is usually engineered to watch your online activity and uncover security flaws. The best way to avoid spyware is to avoid the sites and e-mails that leave it on your PC. There are a number of programs available that offer spyware removal and detection and can be downloaded for free at sites such as download.com.
2. Identity Theft
Identity theft occurs when a criminal uses anoher person's personal information to take on that person's identity.There have variety of methods that hackers can steal your information through the PC. Once this information is gained, it will be used to make online purchases using your credit card data, divert paychecks and create false documents. Usually, the top internet security software comes with some protection against this problem. An internet security suite may be your best bet to protect youronline information. The quick tips to protect yourself against online ID theft is never provide your credit card info to any site that does not offer multiple forms of internet security to protect your transaction.
3. Spam Mail
Spam by e-mail is a type of spam that involves sending identical or nearly identical messages to thousand ( or millions ) of recipients. Spam mail itself is not dangerous. However, it can have malicious links that can do everything from cause your PC to be infected by a virus, introduce spyware, and attract more spam. A good internet spam filter is usually a good option. The auick internet security tip is when typing your address into the net, try to use a combination of 13 letters and numbers. This will make it difficult for address to be added spam mail list.
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is normally carried out by e-mail or instant messaging an it often directs users to enter details at a fake website whose look and feel are almost similar to the real one. The scammers will then use this personal information for their own purposes, or sell the information to other criminal parties. The best way to avoid phishing attacks is not to click any e-mails that you believe to be suspicious. Besides that, you may also update your web browser with phishing detection. Internet security software package such as Webroot's Spysweeper and ZoneAlarm Internet Security Suite have great phishing detection systems.
5. Virus
Computer virus is a self-replicating or self-reproducing program that are designed to spread from one computer to another computer and to interfere with computer operation. Virus are one of several types of malicious software or malware. A basic rule is that computer virus cannot directly damage hardware, but only software. Viruses are most easily spread by attachments in e-mail messages or instant messaging messages. Viruses can be disguised as attachment of funny images, greeting cards, or audio and video files. Besides that, viruses also can spread through downloads on the the internet.
References :
Subscribe to:
Posts (Atom)
