Threat of online security: how safe is our data?

Types of threat
1) Vulnerability- It is software that can be directly used by a hacker to gain access to system or network.
2) Denial-of-service (DOS) attack- An attack on a website in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources.
3) Distributed denial-of-service (DDos) attack- An attack in which the attacker gains administrative access to as many computers on the internet as possible and uses the multiple computers to send a flood of data packets to the target computer.
4) Malware- a generic term for malicious software.
----1) virus- a piece of software code that inserts itself into a host.
2) Worm-a software program that runs independently, consuming the resources of its host in order to maintain itself.
3) Trojan horse-a program that appears to have a useful function but that contains a hidden function that presents a security risk.

For the last few years the Internet has become the playground of organized crime. Gangs can hide easily and steal personal data that can be worth a lot of money for very little time spent on their part in trying to obtain it. Hackers also are employing more professional approaches to maximize damage without being caught. These include division of labor by hacking expertise and wider use of black-market sites to hire programmers and purchase professional malware-writing tools.

NEWS

Technology November 12, 2007

In September, the names and contact information for tens of thousands of customers of Automatic Data Processing (ADP) and SunTrust Banks (STI) were stolen from Salesforce.com (CRM), which provides online customer management software for those two companies. The incident occurred after a hacker tricked a Salesforce employee into disclosing a password.

- Thursday, 10 April 2008

The number of viruses, worms and Trojans in circulation has topped the one million mark. This was revealed by security firm Symantec in the latest edition of its bi-annual Internet Security Threat Report. It shows second half of 2007 during which time the security firm detected 499,811 new malicious code threats. This figure was up 136% on the first six months of 2007. Throughout 2007 Symantec detected more than 711,912 novel threats which brings the total number of malicious programs that the security firm's anti-virus programs detect to 1,122,311. The report notes: "almost two thirds of all malicious code threats currently detected were created during 2007."

Virus Prevention Tips

- Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
-Do not open any files attached to an email unless you know what it is, even if it appears to come from a dear friend or someone you know. Some viruses can replicate themselves and spread through email. Better be safe than sorry and confirm that they really sent it.
-Do not open any files attached to an email if the subject line is questionable or unexpected. If the need to do so is there always save the file to your hard drive before doing so.
- Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam, which is unsolicited, intrusive mail that clogs up the network. - Do not download any files from strangers.

-Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site. If you're uncertain, don't download the file at all or download the file to a floppy and test it with your own anti-virus software.
- Update your anti-virus software regularly. Over 500 viruses are discovered each month, so you'll want to be protected. These updates should be at the least the products virus signature files. You may also need to update the product's scanning engine as well.

How to safeguard our personal and financial data?

Below are some steps to safeguard your personal and financial data:

1. Use a credit card with a small limit when mail-order and online purchase. Thus, it will prevent those dishonest clerk from getting your personal and financial data and information, at least those thieves will not rack up many bills.

2. When a person solicits you, you have to require the solicitor to send you a mail to check for legitimacy. You can curtail the solicitor’s phone you receive by placing your number on the National Do Not Call registry, it will not get rid by anybody. Organization such as charities, political groups, business companies are using.

3. Review your monthly statement is an easy thing that you can do to prevent your financial data been stolen. But not many people will do it. Not only review for any fraudulent charges but also find legitimate charges that are not necessary.

4. Prepare for disaster! It is most important to make sure you have safeguard yours and your family’s important documents. Keep those documents in a sealable plastic bags or you can rent a safety deposit box.

5. While you want to choose a password that easier to remember, please do not use something that a clever thief can figure out, such as your birth date, your name, family name and etc. A combination of number and symbols will be more safety.

6. Protect your computer security by using as many tools as you can to guard your information and data in the computer, such as passwords, firewalls, spyware and etc.

Phishing: Examples & its prevention methods

What is phishing?

Phishing also referred to as brand spoofing or carding, is a variation on ‘fishing’, the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

Phishing is an attempt to criminally & fraudulently acquired sensitive information, such as usernames, passwords & credit card details by fraud as a trustworthy entity in an electronic communication. Phishing is carried out by e-mail, ebay, paypal, bestbuy, msn, yahoo, Citibank, AOL & etc. It is an example of social engineering techniques used to fool users.

Example of phishing from e-mail:

Example of phishing from update credit card information:

Example of phishing that message from ebay member:


Example of phishing from yahoo!:

Example of phishing from Citibank:

The sender address looks like Citibank and the link appears to lead to Citibank's website. If you click on the link, you get a site that looks like a genuine Citibank website.

How to spot phishing scams:

1) Never reply to e-mail message that request your personal information.
2) Don’t click links in suspicious e-mail, the link might not be trustworthy.
3) Use the strong or different password for each of your accounts & change them frequently.
4) Don’t send personal information in regular e-mail messages.
5) Do the business only with companies you know & trust.
6) Help protect your PC, keep your PC updated & use antivirus software.
7) Monitor your transaction, using just one credit card for online purchases makes it easier to track your transactions.
8) Use credit cards for transactions on the internet instead of debit cards to avoid the big credit limit from your bank account.

Let’s all work together to prevent phishing scams. If you receive a suspicious e-mail, please report it. You can send it to the US Federal Trade Commission at spam@uce.gov or you can just click the ‘report as junk’ button on your e-mail program.