Saturday, June 21, 2008

The application of 3rd party certification programme in Malaysia

Third Party Certification program is a program to identify identity of a user in a company to prevent information of the company to been hack by other people.

The applicaton of 3rd party certification program in malaysia was shown or used by MSCTRUSTGATE. MSC TRUSTGATE is is a licensed certification authority operating out of the multimedia super corridor. It was incorporated in 1999. Trustgate was licensed under digital signature act 1997 hence the core business of Trustagate is to provide digital certification services.

Trustgate was implemented Managed Public Key Infrastructure (MPKI) service. MPKI is a system designed to help company to secure intranet, extranet, and Internet applications by maximize the company performance, and scalability with high availability and security.

The MPKI allow company to efficiently establish a robust Public Key Infrastructure (PKI) and Certification Authority (CA) system with complete control over security policies, PKI hierarchies, authentication models, and certificate lifecycle management. Trustgate’s high-availability certificate processing services, the service enables faster deployment and lower operating costs while providing an open platform that integrates with off-the-shelf solutions. hence it allow the company to save cost from providing own PKI.

Organizations can set up their own multiple digital certification program quickly, easily and economically, through our flexible managed service. With Managed PKI, you can issue 250 or more digital certificates to customers, suppliers, partners, or employees. This solution helps to protect on-line transactions, digitally sign them and control the access to intranets and extranets.

By providing 3rd party certification program it will enhance customer trust because of:

  1. Efficient of management of digital certificates.
    • Customer authorization for digital certificate and certificate issuance is done via Web-based service. Both customer and administrator services are browser-based and accessed via the Web. hence it will boost customer trust because them can access our the digital certification and can inquiry about the certificate through online.
  2. Complete control over digital certificate issuance, usage, certificate content.
    • By having this application customer would have complete control over the service level and certificate unlike other public CA deployment model which customer only can rely on the public CA. in addition by providing such services it will enhance customer trust because customer can know what is
  3. Easy to use and manage with Web-based user and administrator services.
    1. Customer can register or apply for extra certification through via web hence it will enable the customer to more believe on the third party programme because so easy to used and doesnt have huge procedure to follow in order to register it.
  4. Scalability.
    • Customer will have a better solution provided by the administrator if got certain or any threats happen toward the company system. then the customer can contact the administrator hence the administrator will provide a solution to the customer to solve the problem. hence it will increase customer trust because efficient and effective managed of the program.

Phishing: Examples and its prevention methods

Phishing is one of the 21st century crimes. Phishing is an online fraud technique used by criminals to acquire sensitive or private personal information, such as usernames, passwords and credit card details. It uses social engineering to create a misrepresented electronic identity to attack individuals. It is typically carried out by e-mail and often directs users to enter their details information at a website to steal users personal identity data financial account information. Online credit card banks, e-commerce online shopping site, or bank charity are the target of phishing.

The table below shows the example of how phishing attacks users to get their personal information:

1. Example of phishing e-mail attacks PayPal users.

The clues to know the phishing attempt is the spelling mistakes (http://www.paypal.com/securitytips) in the e-mail address and the presence of an IP address in the link under the yellow box. As we know, the e-mail address should include the symbol of ‘@paypal.com’. Moreover, there is lack of personal greeting and the threat of ‘account suspension’ if the recipient fails to comply with the message requirement.

http://en.wikipedia.org/wiki/Image:Paypal_Phishing.png

2. Example of phishing scam e-mail message attacks Woodgrove bank.

From the table below, there is also the spelling mistake of e-mail address and the URL address which will link the users to the ‘spoofed’ websites (copycat sites) and the people who sent the fake website will have the users account information.


http://www.microsoft.com/protect/yourself/phishing/identify.mspx

In order to prevent the disclosure of personal information, there are several ways to protect our information from the attack of phishing:

1. Users are advised that never reply to e-mail messages that request your personal information. If you do reply the message which has the characteristics of the table above, you are allowed the people to have all of your account information.
2. Do not click links in suspicious e-mail if you have doubt the website is fake. You should visit the website by typing the URL address into browser and be avoided that do not copy and paste the links from the suspicious message into the browser.
3. Make business transactions with the companies that we are know and trust. A well-known, established company will set up the privacy security tools to protect their customers’ information access by others.
4. Monitor your transaction. Users are advised that to review the bank statement or the order confirmations as we have received them. This is to make sure that the amount charged in the statement is the transaction that we made recently.

This is some of the ways to protect users’ personal information. There is still having many ways that can avoid the attack of pushing. The most important way to prevent the phishing is the awareness of users when they are using their e-mail.

Friday, June 20, 2008

The Threat of Online Security: How Safe Is Our Data?

Nowadays, the internet activities like e-commerce are become more popular in our country; it brings a lot of advantages to the users, such as instant delivery and cheaper products and services. However, in some cases the organizations are experience cyber attacks from inside and outside of the organization.

The threat of online security includes viruses, phishing, Trojan horse, denial of service attacks (DOS), hacker, cracker, and identity and data theft. Virus is a piece of software code that inserts itself into a host, including the operating systems to spread over and harm our computer. Anti-virus software can help to prevent viruses by scanning new files and emails, and also check existing files and folders regularly. Different viruses need different removal methods, users should get a suitable virus scanner to help them.

Phishing is a technique used by those attackers to gain other personal information such as account numbers and password through fraudulent email messages. Trojan horse is a program that appears to have a useful function but contains a hidden function that presents a security risk, it will try to plant virus into the computer. Spyware is the software that can monitor online activity and sends information to a remote server.

Denial of service attacks is an attack on website in which attacker uses specialized software to send a flood of data packets to the target computer with the bad intentions. It becomes more sophisticated compare to the previous years; it starts to involve multiple computers to attack another computer. Hacker is individual who intends to gain unauthorized access to a computer system. However, cracker is individual who intends to gain unauthorized access to a computer system with criminal intentions.

The threat identity and data theft is a major form of online fraud, it becomes more common nowadays. Attackers will try to get other personal information such as credit card numbers to apply for the loans, purchase products through the internet and so on.

As a conclusion, as a user we need a good back up system to safeguard our data. Anti-virus software also needed for the scanning process, users should update it regularly in order to ensure its effectiveness.

Week4: How to safeguard our personal and financial data


Nowadays, technology has become more and more important in our life. People use the computer systems and networking to record, store and retrieve their personal and financial data. This advanced technology has made the data processing faster and efficiently. However, there are many unauthorized people are trying to hack into the system and steal the private information. In order to avoid private information being stolen, we have to safeguard our personal data.

There are some of the ways to safeguard our personal and financial data:
Firstly, we can use password. Password is the most popular and traditional method that used to protect our account. However, we should avoid using the password that easy to guess by people such as birth date, phone number, family name and so on, and we should never try to disclose our personal information to anyone.

Secondly, when the financial data is transmitted from one location to another, we should encrypt the information before send it out. This is a secure ways to protect our data from stolen by others, because the outsiders are unable to read the encrypted message, only you and the party who received your message can read through the information.

Online-shopping is getting more and more famous today, before you decide to buy something online, users have to login to their registered account to make an order; registered account contains of all the user’s personal and financial information, therefore, users must remember to log out their personal account after using it in order to avoid other people misuse of your private data.

Besides that, we also should protect the personal and financial data that store in our computer. We can use many tools to safeguard our computer information such as firewalls, anti-virus software, antispyware and etc. These security tools will help to prevent any unauthorized people to hack into our computer system.

Also, we should keep our credit cards and ATM cards properly. Check clearly to ensure that it is always with you. If you realized that your personal cards are disappear, must make report to polis and the related bank immediately to cancel off your service, this is to avoid the other people misuse your account money.

There still have many ways to protect our personal and financial data. We should work together to protect our private information so that can decrease the magnitude of harm which resulting from loss, misuse and unauthorized access.

~~written by siew wan~~

Monday, June 16, 2008

Discuss how E-commerce can reduce cycle time, improve employees' empowerment and facilitate customer support





There are many benefits created by using e-commerce. Cycle time reduction is one of the benefits of e-commerce. Cycle time is defined as the time is being taken from start to finish producing one unit product or the time it takes to provide a service from beginning through completion. Cycle time can help companies shorten its delivery time. This is how a company worked to serve customers by using of e-commerce. A customer was decided to buy goods and placed an order on the online transaction server. At the same time, the customer is able to check the status of their order within seconds. If we are using traditional manual order entry, it takes a few minutes to complete the task because it needs to go through a few of departments to ensure the quantity of the goods. E-commerce helps to reduce the cycle time by eliminate use of phone, fax or other paper-based ordering processes and all the requisitions and purchase orders are generated and transferred in real time online. Reduction of cycle time can speed up the ordering process.

Employees are the crucial stakeholders in every company. Therefore, it is important to give employees’ empowerment on the business process. Employees’ empowerment means giving employees responsibility and authority to make decisions regarding all aspects of product development. E-commerce can help to improve employees’ empowerment by providing employees greater and easier access to information through intranet. Any updated information or other departments’ information will be viewed by employees. This enable employees to make better decisions for the company. Besides that, online training is also a part of the employees' empowerment. Employees can be trained without taking leave and travelling to the place. It can help to save company's training cost.

Customer is the important element for a company to be success. So that customer services should not be ignored and it should treat as core business of company. E-commerce can help to facilitate customer support by implementing a wide range of technological solutions and communication opportunities. In the past, customers would view the updated products list in the printed catalog sent by seller in a period. Furthermore, customers also placed an order via the phone and wait until the company’s purchasing department processed and shipped the order. Nowadays customers not only can frequently view the updated products through online, the order also can be placed faster in a few of minutes and the product required can be delivered faster to the customer.