The Applicaiton of 3rd Party Certification Program In Malaysia

In a virtual world nowadays, people are having doubt on sending and receiving sensitive information. Unsecured websites or web pages has indeed creating worries of a large numbers of Internet users when they were required to update their profiles, online payments and etc. Thus, Secured Sockets Layer (SSL) came out with the best solutions that gain all web users’ trust by getting an SSL Certificate for their website. SSL is a technology developed by Netscape and being adopted by all vendors who are producing products that were related to Web software for the exchange between client and servers.

MSC Trustgate.com Sdn Bhd is the first to be the third party certification program in Malaysia. MSC Trustgate.com Sdn Bhd is a licensed Certification Authority (CA) operating within the Multimedia Super Corridor. Certification Authority is the body given the license to operate as a trusted third party in the issuance of digital certificates. MSC Trustgate.com Sdn Bhd was incorporated in 1999 to meet the growing need for secure open network communications and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region.

They also offered complete security solutions and leading trust services that were needed by individuals, enterprises, government and e-commerce service providers using digital certificates, digital signatures, encryption and decryption. Trustgate is licensed under the Digital Signature Act 1997 (DSA), a Malaysia law that sets a global precedent for the mandate of a CA. The products and services of Trustgate are SSL Certificate, Managed PKI, Personal ID, MyTRUST, MyKAD ID, SSL VPN, Managed Security Services, VeriSign Certified Training and Application Development. The vision of Trustgate is to enable organizations to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world.
VeriSign is the leading Secure Sockets Layer (SSL) Certificate Authority under Trust.com which also enabling the security of e-commerce, communications, and interactions for Websites, Intranets, and extranets. It provides security solutions to protect an organization’s consumers, brand, Website and network.

VeriSign will review the credentials and check through all the background of organization to ensure that the claim of organization before issuing any server certificate. The browser will verify its business purpose through ID automatically when browser connects to a legitimate site with VeriSign SSL Certificates. After that, information received by Web visitor is identical to encryption between browser and server and no modification is taken place.

Digital certificate usually attached to an e-mail message or an embedded program in a web page that verifies user or websites who they claim to be. The common functions of a digital certificate are user authentication, encryption and digital signatures. User authentication provides other security than using username and password. Its session management is stronger. Encryption can make the data transmission secured by using the information encrypted. The intended recipient of the data is the only person to receive the message. Digital signatures are like the hand signature in the digital world. It can even ensure the integrity of the data.

By using the digital certificate, users will be able to make transaction on the Internet without fear of having their personal data being stolen, information contaminated by third parties and transacting party denying any commercial commitment with the users. Hence, the digital certificates can assist the development of greater Internet based activities.

With the increasing of phishing on Internet, all web users want to make sure that whether they have a good business deal with a trusted party. All the security needed because they are afraid that their personal information for instance ID number, passwords, credit card numbers and etc. will be stolen by those illegal companies that does not exist.

In the nutshell, certification from third party is needed to ensure their information travelled over the Internet that reached the intended recipient and safe. Most of the banks in Malaysia have their proof of security by showing their verified certificate on their e-banking website in order to avoid phishing.

Last but not least, VeriSign is one of the trusted brands on Internet for furthering enhances operation of e-commerce. These were because it gives confidence to end users in communicating online and online business transactions. In return, the company will receive accurate information that customers might not refuse later. They also provide additional protection against the misuse and expiring certificates.

Lastly, by applying third party certification there will be more secured for online shoppers to purchase their products or items without being worried anymore. They can now shop freely and safely as well.

Phishing : Examples And Its Prevention Methods

1. What is phishing?
   
   The action of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
   
   

Example of phishing
For example, in year 2003 there is a proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.

Prevention method:

1.Regarding emails: DO NOT trust emails urgently requesting personal financial information !

2.Be sure not to call any number or use any link in the suspected email as this may put you in the hands of those responsible for the phishing attack.

3.Be suspicious of impersonal emails.

4.NEVER fill out forms in email messages that ask for personal financial information

5. Be suspicious of email links. Never trust it! There are ways to "spoof it" !

6. Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser

7. Regularly log into your online accounts

8. Ensure that your browser is up to date and security patches applied at http://www.microsoft.com/security/

9. Help stop phisching by reporting "phishing attacks" or “spoofed” e-mails to the following groups:

(i) Forward the email to reportphishing@antiphishing.com
(ii) Forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com") when forwarding spoofed messages, always include the entire original email with its original header information intact.

The Threat of Online Security : How SAFE is our Data ?

Online security threats are one of the biggest challenges on the Internet. The problem is that every day there are new viruses and security threats that are launched all over the Internet, which means you need programs that can be updated continuously and don't just target one specific type of problem.

The best ways you can do if you get on the Internet at all is to use security software and hardware such as firewalls and authentication servers, as this is the most effective way to protect your computer and your personal information. It's best if you choose hardware and software that will update itself each time you are on the Internet, without you having to remember. It's also very important that you choose your passwords carefully, so that those that might want access to your information won't be able to guess as to what password you might use.

There are some of the main online security threats and the cautions of each :

1. Web servers and services ~ Default HTTP (Web) servers have had several vulnerabilities, and numerous patches have been issued over the past several years.
Cautions : Make sure all your patches are up to date, and do not use default configurations or default demonstration applications. These vulnerabilities may lead to denial-of-service attacks and other types of threats.

2. Windows authentication ~ Most Windows systems use passwords, but passwords can be easily guessed or stolen.
Cautions : Creating stronger, more difficult to guess passwords, not using default passwords, and following a recommended passwords policy will prevent password attacks.


3. Web browsers ~ Your window to the Internet, a Web browser contains many vulnerabilities. Common exploits may include disclosure of "cookies" with personal information, the execution of rogue code that could compromise a system, and exposure of locally-stored files.
Cautions : Configuring the browser's security settings for a setting higher than the default value will prevent most Web browser attacks.


4. Mail client ~ Attackers can use the mail client on a computer to spread worms or viruses, by including them as attachments in emails.
Cautions : Configuring the main servers appropriately, and blocking attachments such as .exe or .vbs files, will prevent most mail client attacks.

5. Instant messaging ~ Many corporations also block employees from using instant messaging, not only because of the technical threats but also because of the possibility of lost productivity.

Cautions : Configuring IM properly, applying all the latest patches, and taking control over any file transfers that occur over IM will prevent most attacks.

Cases Review :
1. MasterCard fingers partner in 40m card security breach

2. Florida laptop loss sparks ID theft fears

How to safeguard our personal and financial info?

How can we avoid "thefts" from the website? There are several ways to protect our personal and financial info, such as:

1) Password Protection
Strong passwords are hard for other members to guess with a combination of numbers and letters if possible. Do not write it down and carry in the wallet or briefcase.

2) Install and update antispyware and antivirus
The antivirus programs include Symantec, Norton Antivirus and AVG antivirus. This viruses may steal or modify the data on your own computer. Keep this programs up-to-date is necessary to have well protection.

3) Install a firewall
Most new computers come with firewall integrated into their operation systems in order to allow "good" people to access.

4) Regularly scan your computer for spyware
Spyware in the software programs may affect the performance of your computer and give attackers access to your data. Use a legitimate anti spyware to scan and remove any infected files.

5) Avoid access financial information in public
Cyber cafe, wireless access place are the venue that have to prevent from logging to check bank balance. Remember to close the browser window or log out before leaving as to prevent other users read the personal information.


6) Keep your credit cards carefully
Make sure waiter or waitress handle the card to you when shopping or eating out. Then take the card as well as the receipt and do not throw it away in a public place. Keep the card that you actually use only.

7) Avoid clicking on pop up advertisement and download information from unknown websites.

Wish all of us have a safe and secure journey when using internet!!!!