Tuesday, February 10, 2009

A review on a post on e-tailing from My E-Commerce blog.



I’m pretty sure of those who live in big city nowadays are very familiar with the usage of Touch ‘n Go. It’s almost a necessity especially for those who drive and work in the Kuala Lumpur. You will definitely have to pay if you are using the highways, (ie. PLUS, NKVE, SMART, LDP, SPRINT and etc.) to reach your destination in the shortest time and cut short the distance. It’s easy and fast, but we got to pay. So, there will always have pros and cons.


As it is mentioned in the Touch ‘n Go website, http://www.touchngo.com.my Touch ‘n Go card is an electronic purse can be used in all highways, selected parking sites and theme park. It uses the contactless smartcard technology. User should not have problem using it as long it is pre loaded with electronic card. Besides, the smart card is also applicable in the public transport like Rapid KL, KTM and etc. Card users also get to make payment using the card when u purchase food or stuff in some the participating outlets like Burger King, Caltex convenience stores and etc.

Frankly, till now I have not heard from any of my friends that they are using the smart card to purchase in those stores though the service was introduced in last April. Is it a success? I’m not sure about that. However, I pretty sure it can be carried out successfully in future if the government strongly support and make effort in the smartcard service. If that thing succeeds, it will create a cashless society where everyone is using the smart card. Theft and robbery cases will also reduce tremendously, I guess.

As we know the Touch ‘n Go Sdn Bhd. is emulating the success of Octopus card which is used in Hong Kong. Octopus card was launched in 1997 and has since grown into a widely used payment system for all public transport, supermarkets, fast food restaurants, on street parking meters, car parks and other point of sale applications. The global award winning Octopus cards are being used by 95% of the population of Hong Kong and are generating 10 million daily transactions. Please visit http://www.octopus.com.hk for more information.

I believe the Touch ‘N Go smart card will bring more convenience and safety to the people in the coming days. I’m hoping for the day to come as I’m quite supportive with the cashless society.




Phishing

What is phishing?

Phishing is the act of sending an e-mail to a people claiming to be an established legitimate enterprise in an attempt to trick the user into surrendering private information for the purposes of identity theft. The e-mail is designed to fools and directs the user to visit a website where they are asked to update their personal information, such as passwords and credit card, and bank account numbers, that the legitimate organization already has. The website, however, is fake and set up only to steal the user’s information.

Here are some examples of phishing scams such as :

1. Washington Mutual Bank phishing e-mail
http://z.about.com/d/antivirus/1/5/x/1/wmb_phish.jpg

This is a phishing scam targeting Washington Mutual Bank customers. This phish claims that Washington Mutual Bank is adopting new security measures which require Bank customers to confirm their ATM card details. As with other phishing scams, the victim is directed to visit a fraudulent site and any information entered on that site is sent to the attacker.


2. PayPal phishing email

http://z.about.com/d/antivirus/1/5/5/2/paypal_phish.jpg

3. eBay phishing scam
http://z.about.com/d/antivirus/1/0/v/1/ebay_phish.jpg

PayPal and eBay were two of the earliest targets of phishing scams. In the example above, PayPal phishing scams tries to trick recipients by pretending to be some sort of security alert. Claiming that someone 'from a foreign IP address' attempted to login to your PayPal account, the email urges recipients to confirm their account details via the link provided. As with other phishing scams, the displayed link is a fake one.

The eBay phishing email even includes the eBay logo in an attempt to gain trust of users. The email warns that a billing error may have been made on the account and urges the eBay member to login and verify the charges.

4. Citibank phishing scam
http://z.about.com/d/antivirus/1/5/u/1/citibank_phish.jpg

The attacker claims to be acting in the interests of safety and integrity for the online banking community. Of course, in order to do so, you are instructed to visit a fake website and enter critical financial details that the attacker will then use to disrupt the very safety and integrity they claim to be protecting.

How to Spot A Phishing Scam?

At first glance, it may not be obvious to the recipients that what is in their inbox is not a legitimate e-mail from a company with whom they do business. The "From" field of the e-mail may have the .com address of the company mentioned in the e-mail, and the clickable link may also appear to be taking you to the company's Web site, but will in fact take you to a spoof Web site. Looks can be deceiving, but with phishing scams the e-mail is never from who is appears to be!

1. The "From Field" appears to be from the legitimate company mentioned in the e-mail. It is important to note, however, that it is very simple to change the "from" information in any e-mail client. While we're not going to tell you how, rest assured it can be done in a matter of seconds!

2. The e-mail will usually contain logos or images that have been taken from the Web site of the company mentioned in the scam e-mail.

3. The e-mail will contain a clickable link with text suggesting you use the inserted link to validate your information. In the image you will see that once the hyperlink is highlighted, the bottom left of the screen shows the real Web site address to which you will go. Note that the hyperlink does NOT point to the legitimate Citibank Web site URL.

In this instance, the text you click is "here", However, this may also state something like "Log-in to Citibank" or "www.citibank.com/secure" to be even more misleading. This clickable area is only text and can be changed to anything the sender wants it to read.

There are several steps you can take to keep from being a victim of phishing, including these:

* Be cautious of email asking for your personal information
* Don’t click on the link within emails that ask for your personal information
* Never enter personal information in a pop-up screen
* Protect your computer with spam filters, antivirus and antispyware software, and a firewall
* Only open email attachments you are expecting and know what they contain

Monday, February 9, 2009

how safe is our data???



Nowadays, people rely on computers to create, store and manage critical information. Consequently, it is important for users to aware that the threat of computer security. Computer security plays a major role in protecting our data from theft. Similarly, online security has been online trader’s main concern in protecting their websites from potential threats, such as phishing, information theft, virus, and etc. These potential threats will destroy our data.

However, the increasingly developed technologies sarcastically increase the risk every computer user faced. Everyone who owns a computer with internet connection is able to equip themselves with ‘hacking’ knowledge by making some research online. Internet provides the opportunities for users to share the knowledge without filtering the content. Therefore, everyone can learn skills to harm the online security via internet and therefore increase the risk.
With all the thousands of security solutions that are available, why is protecting sensitive data so difficult? Why are security breaches so common? A dizzying assortment of technical solutions are available: network firewalls, personal firewalls, operating system patching solutions, anti-virus, anti-spy ware, intrusion-detection or intrusion-prevention systems, and security management systems. Shouldn’t we be able to keep our most sensitive data safe?
The answer to this question needs to be a resounding yes! But were failing to take some necessary steps. Computer and network security is not only about purchasing the latest security technology. Yes, technical solutions have their place, but we need to take a hard look at another area: personal responsibility. We all must accept personal responsibility for the ways our computers are used and how we handle the data were responsible for. We must begin introducing changes within our institutions and corporations and in our personal behaviors to truly address the growing computer security threats, the risks to an institutions reputation, and the heightening security legislation. We must know the sensitivity of the data that are in our control and the risks to which we expose those data when making poor computing decisions.

In conclusion, safeguards developed must be always up to date to enhance the defenses against online security threats. In the same time, users must be educated and informed about the crucial damages and loss caused by imposing online security threats.

Sunday, February 8, 2009

The application of 3rd party certification programme in Malaysia

A 3rd party certification programme will ensure that access to an enterprises electronic commerce system and data is restricted only to authorized individuals in conformity with its disclosed security policies. The Security Principle sets out an overall objective for the security of data transmitted over the Internet and stored on an e-commerce system. The most famous application of 3rd party certification program in Malaysia is provided by the MSC Trustgate.com Sdn Bhd.

MSC Trustgate.com Sdn Bhd is a licensed Certification Authority (CA) operating within the Multimedia Super Corridor. MSC Trustgate was incorporated in 1999 to meet the growing need for secure open network communications and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region. At present, MSC Trustgate has 12 million in paid up capital. The example of the products such as SSL Certificate, Managed PKI, Personal ID, MyKAD ID, MyTRUST , SSL, VPN, Managed Security Services, VeriSign Certified Training and Application Development.

One example of the product: Managed PKI (MPKI) is a fully integrated enterprise platform designed to secure intranet, extranet, and Internet applications by combining maximum flexibility, performance, and scalability with high availability and security. The service allow enterprise to quickly and cost-effectively establish a robust PKI and Certification Authority (CA) system with complete control over security policies, PKI hierarchies, authentication models, and certificate lifecycle management. Linked to Trustgate’s robust, high-availability certificate processing services, the service enables faster deployment and lower operating costs while providing an open platform that integrates with off-the-shelf solutions. Trustgate allows enterprise to easily deploy a PKI while relieving itself from the high expense of designing, provisioning, staffing, and maintaining its own PKI backbone. Organizations can set up their own multiple digital certification program quickly, easily and economically, through our flexible managed service. With Managed PKI, you can issue 250 or more digital certificates to customers, suppliers, partners, or employees. This solution helps to protect on-line transactions, digitally sign them and control the access to intranets and extranets.

Their vision: “To enable organizations to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world.”

In my opinion, a company may taken a competitive advantage in a faster growth of the e-Commerce marketplace by gaining their customers' trust with participated in the WebTrust Program.



Reference : http://www.msctrustgate.com/