The application of 3rd party certification programme in Malaysia

Posted by w3n on Saturday, June 27, 2009
/ Comments: (4)
The application of third party certification programme in Malaysia

What is means by third party certification programme?? It means that who issue the digital certificate services. In Malaysia, the most famous application of third party certification programme is MSC Trustgate.com Sdn Bhd. MSC Trustgate.com Sdn Bhd was incorporated in 1999 and it is a licensed Certification Authority (CA) under the operation of the Multimedia Super Corridor. The Certification Authority offers complete security solution and leading the trust services that are needed by enterprises, government, individuals and e-commerce service providers using digital certificates, signatures, encryption and decryption. MSC Trustgate is secure to open network communication in both locally and across the ASEAN region and to become the catalyst for growth of e-commerce.

The vision of Trustgate is “To enable organizations to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world.”

Trustgate provide the product and services which are SSL Certificate, Managed PKL, Personal ID, MyTRUST, MyKAD ID, SSL VPN, Managed Security Services, VeriSign Certified Training and Application Development.

The MyTRUST for mobile phone is for secure mobile banking and other financial services. This service is ease and conveniences to users via their mobile phone to digital sign any transaction. The mobile digital signature is provides the non-repudiation on transactions. PKI-enabled SIM cards are preloaded with MyTRUST application and a digital certificate from a licensed CA.
MyKAD PKI (MyKey)

The Malaysian government has provided a smart National Identify Card “MyKad” to every citizen. MyKey is the MyKad PKI solution that works with physically MyKad. Malaysian government was accepted digitally sign documents or transactions through online. And MyKad with PKI capability allows holder to conduct online transaction with private sector and government agencies.

The SSL Certificate service is to enhance the security of server. MSC Trustgate provide Global server ID and secure server ID be their server security.
The Website of MSC Trustgate:http://www.msctrustgate.com/

How we safeguard our personal and financial data

Posted by Kakaroto Tokshiwa fong kin wai
/ Comments: (2)

Today's technology is so advance and updating continuously. Everyone is relying on the technology to search for information, do online transactions, send personal and financial data and etc. It is a greater use for education and business because it improves people’s lives and makes our life easier.


Internet is a public network connecting millions of computers throughout the world. Many of us do financial dealings through internet but we do not realize that those online criminals would do anything to steal our money using the internet. For an example, filling up the registration form via online to become a membership for that website in which they are interested in. By doing this, they have to provide personal information such as name, date of birth, gender, address, telephone, e-mail address, occupation and etc. Other examples are eBay, Amazon, and Citibank.


Personal Financial Information means any records containing a customer’s sensitive personal information whether in paper, electronic, or another form, that is handled by the institution. When the people make an online purchasing, they have to enter sensitive personal information. Therefore, sometimes our personal and financial information will be accessible by the public. For our safety on Internet, we must know some of precautions and safeguards.



Here are a few approaches on how to safeguard our personal and financial data:

*Do not reveal any personal information, especially password, to anyone. When the public accidentally know your password, they may or will going to access your Financial Data Center by entering your password without your consent. Therefore, we must always remember to log out properly before living the financial data center after using it.

*Closing the browser window. We have to close the browser window after using it to prevent other users reading our personal information.

*Password-protect your access. Use a strong password or pass-phrase to protect access to your data. It is hardly for the hackers to remember and has difficulty to access.

*Install antispyware and antivirus software. It is a must to install such software to clean computer and protect personal information and financial data, etc. For instance, Norton and Avast.

*Install firewall. Firewall program will help to prevent from hackers and viruses from entering into the computer. Today, most of the new computers come with firewalls integrated into their operating systems.

*Access control mechanism. It limits the actions that can be performed by an authenticated person or group and determines who can use the network resource and what resource can be used.

*Limit transportation and transmission of data. Do not transporting or transmitting sensitive or confidential data if it is not necessary to do so. For instance, do not use email or instant messaging to send your sensitive or confidential data. Even if it is necessary to send sensitive or confidential data, make sure that there is a high proper security level.

For more details can refer to the link below: http://www.msisac.org/awareness/news/2007-03.cfm

As a conclusion, it is very important for everyone to know about safeguard to prevent us from falling into the traps. Individuals should pay more attention on their personal and financial data because online hackers are everywhere.


Referred links:

http://www.msisac.org/awareness/news/2007-03.cfm

http://www.goarticles.com/cgi-bin/showa.cgi?C=1491881

http://www.fool.com/personal-finance/general/2006/09/23/safeguard-your-financial-life.aspx

http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202428911153


A review on a post on Internet Security from My E-Commerce blog

Posted by ~i am tomato~
/ Comments: (6)

After reading the post, "Favourite password used online" on my E-Commerce blog, http://ecommerze.blogspot.com/search/label/Internet%20Security,I had a brief idea on how to choose a better protection password.

First of all, let me summarize the post. It is about a survey on 28000 passwords from a popular website. According to the survey, 16% of the users choose to use their own name, spouse's name or child's as their password while 14% of them like to use the numbers that are easy and nice to remember such as "1234" or "12345678". There are also 4% of them prefer to use the words like " password" or "password1" as their password. Other than that, password usually used by the users are like "qwerty" or "iloveu".

This is not a surprise for me after I knew these series of passwords as these are common and everyone is still doing it now. As we all know, most of the people around us choose these combination as passwords because they are easy to type and remember. Thus, we will always keep ourselves easy to access to our data.

But, is that really a good thing for us? Although it is easy to remember, it gives an opportunity to the online hacker to hack into our account as well as manipulate our information. In addition, if your password is made up of your name, date of birth or IC number, people who close to you or know you well will easily hack into your account and access your account.

Is there any solution from being hacked easily?? Yes, there is. One of the solution posted in My E-Commerce blog is to choose a password that is longer than 8 characters with one capital letter and one symbol. It is perfectly good solution. Then the hacker has trouble to figure out the password.

Unfortunately, there is another bad side. A long password with capital letter and symbols, you will easily forgot the password. Let have an example, if a person who have different password for different website access and the password is long, do you think that he can remember all the password? For sure, it is hard to remember all the password and have difficulty in accessing the account. In spite, he may need to write down all the passwords.


For me, I feel that the password that we choose should not have any important meaning or related to you. In such case, no one will know your password even the people who close to you. Then, they can't hack into your account.

In short, a password is a secret word or a string of characters used for authentication so it is very sensitive. Everyone is remind to set a password wisely and keep it as a secret. This is all depends on the users how they use and keep the passwords.

Phishing: Examples and its prevention methods

Posted by SoK-E on Friday, June 26, 2009
/ Comments: (5)

It is essential for the computer users to know the term of phishing. Phishing refers to a person or a group of cyber-criminals who create an imitation or a copy of an existing legitimate Web Page to trick users into providing sensitive personal information such as personal IDs, passwords, card numbers and PINs.


Phishing is a fraudulent attempt via email and done it by spamming which means send million of emails to a huge target population with one mouse click. Normally the phishers will include upsetting or exciting statements in the email so that the recipients will react immediately without thinking. This is the way to increase the number of responses.


Typically, the user will receive phishing email from well known business or organization such as Internet service provider (ISP), bank, online payment service or even a government agency.

Following are the few examples of phishing:

  • EBay Phishing
  • A scammer sends out a million of emails to his email list as his first step. Once the end user receives the email and click on the link in the email, the end user will be taken to a site which is look like eBay designed by the scammer. The end user will attempt to login. Unfortunately, the scammer has get the username and password from the end user. Besides that, the scammer may also claim to be eBay or PayPal and request username and password. Usually the victims are novice users.

  • HSBC Bank Phishing
  • The customer received the email claiming that the customer's account has been suspended. If the customer want to prevent his account from being suspended, he is required to verify some information by clicking on the link and then verify it. Without knowing, the information has been send to the scammer.


  • Coca-cola Phishing
  • The scammer disguised popular commercial company’s name and send email with attachment to the recipient saying that the recipient has won the prize. In order to claim the prize, recipient is requires to provide personal information using a free Yahoo! email address.


  • IRS Tax Refund Phishing Scam
  • An email sent to recipient claiming that there is a tax refund and eligible to receive this particular amount. Therefore, recipient has to click on the link in the email and complete the form. By filling up the form, you will be refunded within 12 days. Actually, all this things are fake and false link.


  • Hotmail Phishing
  • Hotmail phishing emails are circulating among Hotmail users. The email stated that you have to submit your login information via email or click on the link or else they will close down all unused accounts. After following the instructions, your account will not be interrupted and back to normal. However, Hotmail does not ask for login information.


Following are some basic prevetion methods to avoid being phished:

  • Do not trust the email especially regarding personal financial information. Delete it immediately from your inbox or check and report directly to the bank or the company about the email that you have received.
  • Do not call the number or click on the link given in the email. Log into your online accounts regularly to ensure that all transactions are legitimate conducted.
  • Never fill up the form in the email messages which is ask for personal financial information. Bank companies will never ask for that.
  • Roll the mouse over the link and see if it matches what appears in the email. If there is a discrepency, do not click on the link.
  • Use Web Browser to visit secure website when submitting credit card or other sensitive information.
  • Check the web address in the browers address bar that showing “https://” rather than “http://”. The ‘s’ here means secure. Then, a padlock icon will appear in the bottom right corner of the browser window.


In conclusion, everyone has to be aware and able to identify various kind of phishing. Phishing has become one of the fastest growing crimes on the internet. Therefore, it is important for us to know how the phishing being conducted and in what kind of ways. In addition, we must know the prevention methods to protect ourself from being phished.


Sources from:

http://antivirus.about.com/od/emailscams/ss/phishing_2.htm
http://kb.cadzow.com.au:15384/cadzow/details.aspx?ID=1422
http://www.phishtank.com/what_is_phishing.php
http://spam-ip.com/phishing-examples.php
http://www.makeitsecure.org/en/phishing.html
http://www.hotscams.com/articles/27/1/Fake-Coca-Cola-Lottery-Scam-178226-GBP-Winnings/Page1.html
http://www.anti-phishing.info/avoid-phishing.html
http://www.makeitsecure.org/en/videoHelp_phishing_anim.html (an animation video of phishing)

The threat of online security: How safe is our data?

Posted by waihuan
/ Comments: (2)
Nowadays, web-based services, including social networks such as Facebook, Friendster, and MySpace, are becoming prime targets for hackers to seek our personal information data.

In September 2008, the names and contact information for tens of thousands of customers of Automatic Data Processing (ADP) and SunTrust Banks (STI) were stolen from Salesforce.com (CRM), which provides online customer management software for those two companies. The incident occurred after a hacker tricked a Salesforce employee into disclosing a password... (continue link to: www.businessweek.com/technology/content/nov2007/tc2007119_234494.htm)

People nowadays are more relies on computer to save their personal information and important business data. The risk is, once the PC is connected to the internet, hackers might be able to hack in and steal any data from any computer by several ways. Some common examples such as downloading free videos, musics, games from online sharing site may increase the chances for hacker to hack in your computer. Nowadays, hackers are exploring these kind of sharing site to hack into computer, because online sharing site is one type of hot website that people visit frequently.

To prevent any leaking of personal or important data, purchase or install of non-FOC antivirus and firewall software is the most effective solution. Normally, free anti-viruses is just for prevent vulgar viruses and threats, but unable to scan those advanced viruses and spywares. The common non-FOC anti-viruses such as Kaspersky, Bitdefender, AVG antivirus 8, and McAfee VirusScan. AVG anti-virus also provide free anti-virus, AVG Free series, which is common use by people who prefer FOC anti-virus, but if you try to compare the quality of AVG Free and AVG Antivirus(upgraded from AVG Free, or direct purchase) you will know the differences ^^"

This is the ranking of anti-virus for year 2009

For further info, please click on this link
http://webabout.org/2009/02/03/2009-antivirus-software-product-ranking-review.html

Don't ever underestimate the threats of viruses and hackers, they could bring unexpected lost to you anytime. Do running the daily computer scanning process using the anti-virus system and always activate your firewall.
E-Generation, be smart and be discreet to protect our PC from now!!