How to safeguard our personal & financial data?

…?

Internet is a public network of nearly 50,000 networks connecting millions of computers throughout the world. When we register to become a member of those websites, we need to fill in our personal details. Those details may include name, date of birth, gender, address, telephone, e-mail address, occupation and etc. Below are some ways to protect our personal & financial data:

• Use and maintain anti-virus software - Protect your computer against viruses and Trojan horses that may steal or modify the data on your own computer by using anti-virus software .
• Regularly scan your computer for spyware - Use a legitimate anti-spyware program to scan your computer and remove any software programs that may affect the performance of your computer and give attackers access to your data.
• Avoid unused software programs - Do not clutter your computer with unnecessary software programs. If you have programs on your computer that you do not use, consider uninstalling them.
• Consider creating separate user accounts - If there are other people using your computer, they may accidentally access, modify, or delete your files.. Most operating systems have the option of creating a different user account for each user, and you can set the amount of access and privileges for each account.
• Establish guidelines for computer use - If there are multiple people using your computer, make sure they understand how to use the computer and internet safely. Setting boundaries and guidelines will help to protect your data.
• Use passwords and encrypt sensitive files - Passwords and other security features add layers of protection if used appropriately. By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. When you use encryption, it is important to remember your passwords or else you may lose your data.

Besides that, before submitting your name, email address, or other personal information on a web site, look for the site's privacy policy. This policy should state how the information will be used and whether or not the information will be distributed to other organizations. Companies sometimes share information with partner vendors who offer related products or may offer options to subscribe to particular mailing lists.

Additional steps to protect your privacy:

• Do not use your primary email address in online submissions -Submitting your email address could result in spam. If you do not want your primary email account flooded with unwanted messages, consider opening an additional email account for use online.
• Avoid submitting credit card information online - Some companies offer a phone number you can use to provide your credit card information. Although this does not guarantee that the information will not be compromised, it eliminates the possibility that attackers will be able to hijack it during the submission process.
• Avoid using debit cards for online purchases - Credit cards usually offer some protection against identity theft and may limit the monetary amount you will be responsible for paying. However, debit cards do not offer that protection because the charges are immediately deducted from your account, an attacker who obtains your account information may empty your bank account before you can realize it.

Link for:
5 free personal financial software-http://mount-kinabalu-borneo.com/blog/5-free-personal-financial-software-for-you.html
Understanding anti-virus software - http://www.us-cert.gov/cas/tips/ST04-005.html
Understanding firewall - http://www.us-cert.gov/cas/tips/ST04-004.html
Choosing & protecting passwords - http://www.us-cert.gov/cas/tips/ST04-002.html

Phishing:Examples and Its Prevention Methods

We are always heard about phishing, but what does that means?

Phishing is a type of deception (usually made through e-mail, instant message) to steal personal data such as credit card numbers, password.

Before we discuss further, let us look at how the stages the attackers does while executing a phishing attack.
1. Register a fake domain name [not mandatory]

2. Setup a look alike webpage
3. Send email to hundreds of users

These are the type of examples of phishing:

Fake Maybank 2u Portal

Fake Maybank 2u Portal

Real Maybank 2u Portal

Real Maybank 2u Portal

Example of phishing that message from eBay member

Example of phishing that message from yahoo

http://security.yahoo.com/article.html?aid=2006102502

http://www.thepaypalblog.com/weblog/2007/09/how-to-spot-a-p.html

How to prevent phishing?

1. Learn how to recognize phishing

i) "Dear Valued Customer."Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
ii)"Verify your account."Businesses should not ask you to send passwords, login names, or other personal information through e-mail.

iii)"If you don't respond within 48 hours, your account will be closed."These messages make you sense of urgency so that you'll respond as soon as possible. iv) Please don't click directly on any link from your email.
v) Read the URLs from right to left. The real domain name is at the end of the URL.

2. Install online anti-phishing software in user's computers Anti-phishing tools uses certain rules in their software, and checks a security of a Web site according to these rules. http://www.anti-phishing.info/anti-phishing-freeware.htm

3 Use internet explore 7 which included ncludes the Microsoft Phishing Filter and it can protect .you from Phish websie by warming or blocking you from reported phishing web Sites.http://www.microsoft.com/windows/products/winfamily/ie/default.mspx

4. Do not click links in emails. If in doubt, close your browser, reopen it, and type the web address for the site you want to visit directly into the Address bar.

The threats of online security.: How Safe is Our Data?

Introduction
Internet is about communication, and communication is inherently public. The privacy and security of consumer information to be two major issues that stem from the rapid growth in e-commerce, particularly in terms of consumer-related commerce on the Internet. In the last couple of years, by exploiting poorly secured legitimate websites, hackers have been able to plant the malicious code onto them, which then attempts to infect every visitor. One of the reasons the web is so popular is that legitimate websites can attract large numbers of visitors, all of whom are a potential victim. Many well known organizations and brands have fallen victim to this kind of attack during 2008. According to the some studies, one new infected Web page is discovered every 4.5 seconds. The examples are: In March 2008, a site selling tickets for the Euro 2008 football championship was hacked; in September 2008, Business Week magazine was infected with an SQL injection attack that attempted to download malware from a Russian-based server. In October 2008: An area of the Adobe website designed to offer support to video bloggers was compromised by an SQL injection attack.

The major online security attacks fall under several general categories: and accidental actions and malicious attacks.

Accidental actions
This category include the problems arising from basic lack of knowledge about online security concepts and includes such the issues like poor password choices, accidental or erroneous business transactions and accidental disclosure.Related problems occur as a result of misconfigured security products and information leakage resulting from insecure information transfers. Education and prudence are considered as key defenses in limiting the frequency and extent of such events, since this form of cyber vulnerability avoidable.

Malicious attacks
Attacks that specifically aim to do harm are known as malicious attacks. They can be further broken down into attacks caused by malicious code and those caused by intentional misrepresentation. . Malicious code, on the other hand, is some sort of malware that can directly or indirectly affect the online security. It include computer viruses, data theft, and Denial of Service (DOS) attacks.

How to protect our data?
We should communicate only with people and Web sites we trust, while making it as difficult as possible for people we aren't addressing to listen in. We need to secure our computers, control our outbound traffic, encrypt our information and protect our identity.Ultimately, the biggest security threats to your online privacy are your own bad habits. As computers become more connected and more information is stored online, it becomes even more critical that we follow good password practices. That means no pet names, no names of children or favorite sports teams either—and certainly don't make your password "password" it's the first thing hackers check. To learn to make stronger passwords, try a few of your favorites at Password Meter, a Web utility that tests the strength of your passwords as you type them in and rates their security.

Passwords, firewalls and spyware checkers will form a bulwark around your computer, but just as fences, locks and security systems would not keep out a determined burglar, somehow these digital strategies can also fail. So, the best defense is to encrypt your drive. Encryption algorithms are the same sort of stuff that protects top-secret government documents and corporate trade secrets. The open-source TrueCrypt encryption software is free for download and can encrypt files. You should also make sure to encrypt your Wi-Fi router. Choose WPA encryption if your router has the option. This is far more secure than the older WEP option. This will reasonably guarantee that the only person accessing your network is you.

IBM TV Focus: Online Security Threats

related links: Chinese hackers- No site is safe
Defense officials still concerned about data lost in 2007 network attack
Online security threat always present

A review on a post on Internet Security from My E-Commerce blog

After had a review on a post on Internet Security from My E-Commerce blog - New Spamming Tactics, I found that the post only disclose three spamming tactics which are PDF Spam, Piggyback Spam and Greeting Card Spam.

Actually, there are not only three tactics in realistic. For examples, Medication Spam, Replica Item Spam, Software Spam, Bank Phishing, Images Spam and others.


Spamming
Spam is defined as unsolicited bulk messages sent through the electronic messaging systems. However, how the senders get the email address? They can get it through the name card, website and search engine. There become the easier ways for get the contact and send out the junk e-mail.


Types of spam
Among of the forms of spam, e-mail spam is most widely being recognized which known as junk e-mail. Its term also applied to similar abuses in other media, there are included instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, mobile phone messaging spam, Internet forum spam, junk fax transmissions, Online classified ads spam and file sharing network spam.


Spamming Tactics
The spamming tactics is recognized by the spammers who create electronic spam in order to outsmart the anti-spam software. The anti spam software is used and helps to reduce the influx of the unsolicited e-mails.

From the post, the new tactics are PDF Spam, Piggyback Spam and Greeting Card Spam. As a conclusion from related spams, if realize the e-mails are sent by an unknown person or suspended infected by viruses, the best solution is choosing delete it immediately and not encouraged to open it. Sometimes, when you click links, it may actually lead to a downloaded file which in turn may install malware or spyware.



Recommendations

Nowadays with the modern of full of the IT, a lot of spamming tactics be created and caused the users need to delete spam mails everytime when login to mailbox and check mails. However, there will have its own solution such as using anti spam software.

I want to highligh and recommend a company that has provide a very good of antispam solution for the hosting client which is TCPAccess Dot Com.

TCPAccess Dot Com is proudly to announce new TCPAccess Premium Mail Protection solution in handle the problem of spam mails. The solution above is monitor by our staff daily and round the clock to detect latest spam mail. By multi-level filtering method, help clients to reduce the number of spam mail received by 98% and the staffs showed very high performance in their duties.

News -Spam Volumes Drop by Two-Thirds After Firm Goes Offline

According to the CBL-observed Effects of the McColo Outage, the Internet hosting company McColo Corporation was disconnected (by its Internet access providers) from the Internet on November 11 at approximately 21:30 hours GMT. Many people working in anti-spam/malware/phish were well aware of the issues being tracked back to McColo. They knew the magnitude of these issues, and could make reasonably sound theoretical predictions of what would happen if McColo was disconnected.

The volume of junk e-mail sent worldwide plummeted after a Web hosting firm identified by the computer security community as a major host of organizations engaged in spam activity was taken offline. In accord with the experts said, the precipitous drop-off in spam comes from Internet providers unplugging McColo Corporation, a hosting provider in Northern California that was the home base for machines responsible for coordinating the sending of roughly 75 percent of all spam each day.
Related links:

1. http://cbl.abuseat.org/mccolo.html
2. http://www.tcpaccess.com/index.php?p=antispam
3. http://ecommerze.blogspot.com/search/label/Internet%20Security
4. http://voices.washingtonpost.com/securityfix/2008/11/spam_volumes_drop_by_23_after.html