The application of 3rd party certification

What is 3rd party certification?

There are various types of SSL Certificate Authority that are available in Malaysia. VeriSign is one of them which enable security of e-commerce, communications, and interactions for Web sites, intranets, and extranets.

Secure Sockets Layer (SSL) is the leading security protocol on the Internet. It is a protocol developed by Netscape for transmitting private documents via the internet. SSL is widely used to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data.

Customers merely want to protect themselves. But how can they rely on SSL for assurance that they are doing business with valid organization and not an un-trusted third party?
To solve their problem, VeriSign have some sub-system program (Asset Layer Protected) to support the overall system work.

Customer Protection
A trusted provider provides an Easy-to-use authentication and transparent fraud detection to protect online transactions without slowing down the transactions.

Brand Protection
Domain names, Web sites, and digital logos present the company’s brand. Early detection and fast response to misuse preserves brand equity and helps stop counterfeiting.

Web Site Security
It gives consumers the confidence to transact online by displaying the green address bar in the latest high-security browser with Extended Validation SSL on the Web site.

Network Security
An authentication solution for the enterprise, Web applications, and e-mail combined with comprehensive network protection that helps reducing risk while meeting compliance requirements.

Expert Assistance and Intelligence
Security consulting and advanced intelligence reporting that help consumers assess analysis and update a layered approach to secure business assets.

Supply Chain Visibility
Provides convenience to large retailers and suppliers when they need to open networks to partners, affiliates, and customers to enhance services and speed operations while keeping confidential data secured.

VeriSign believes that by increasing trust, transaction can be increased. Thus, its mission is “Providing trust for the Internet and Electronic Commerce through our Digital Authentication services and products”

VeriSign security experts help balance risk, cost and users’ experiences to apply the most effective security approach to users’ unique business. By this, it can increase the consumers’ trusts. It secures over 750,000 Web servers worldwide, including 93% of the Fortune 500 and the world’s 40 largest banks.

Phishing - example and prevention methods

Phishing is an attempt to acquire sensitive information (such as usernames, passwords and credit card details) criminally and fraudulently, by masquerading as a trustworthy entity in an electronic communication. It is typically carried out by e-mail or instant messaging, and often directs users to enter details at a website, although phone contact has also been used.

What is the example?
One of the examples is identity theft which is becoming more popular, because of the readiness with which unsuspecting people often divulge personal information to phishers, including credit card numbers, social security numbers, and mothers' maiden names. Once this information is acquired, the phishers may use a person's details to create fake accounts in a victim's name. They can then ruin the victims' credit, or even deny the victims access to their own accounts.

What are the prevention methods?
There are several different techniques to combat phishing, in social as well as technology aspect.

Social aspect
Train people to recognize phishing attempts, and to deal with them. People can take steps to avoid phishing attempts by slightly modifying their browsing habits.

Technical aspect
Helping to identify legitimate sites
Some anti-phishing toolbars might display the domain name for the visited website. For example, some websites let users to type in their own labels for the particular websites, so that they can later recognize when they returned to the site. If the site is suspect, then the software may either warn the user or block the site outright.

Augmenting password logins
A method to prevent simple phishing of transaction numbers (TANs) is to associate each TAN with a "lock number". The bank's server sends the lock number as a challenge, and the user provides the corresponding TAN as the response. The server selects the key-lock pair randomly from the list to prevent acquiring two consecutive TANs. Lock numbers are not sequential, so that phishers can only guess correct lock numbers.

Eliminating phishing mail
Specialized spam filters can reduce the number of phishing e-mails that reach their addressees' inboxes. These approaches rely on machine learning and natural language processing approaches to classify phishing e-mails.

Monitoring and takedown
Several companies offer banks and other organizations likely to suffer from phishing scams round-the-clock services to monitor, analyze and assist in shutting down phishing websites. Individuals can contribute by reporting phishing to both volunteer and industry groups, such as PhishTalk.
1)http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci916037,00.html
2)http://www.symantec.com/norton/security_response/phishing.jsp

How to safeguard our personal and financial data

Nowadays, online shopping has become a popular way to purchase goods which offers a convenience that is not available from any other shopping outlet. We can search for goods from various vendors, compare prices with a few simple mouse clicks and make purchases without waiting in line. However, the internet is also convenient for attackers to access the personal and financial information of unsuspecting shoppers. This information enables the attackers to commit numerous forms of fraud such as transfer all the money available in the victim’s account to their account, using the victim’s financial account to apply for loan, make purchase using victim’s financial account or even selling the information to someone else.

Therefore, as an intelligent online shopper, it is important to take steps to protect ourselves when shopping online. The following are some of the ways to keep us being protected against attacker:

Use and maintain anti-virus software, a firewall, and anti-spyware software
Install anti-virus software, firewall, and anti-spyware software in our computer to protect us against viruses and Trojan horses that may steal or modify the data on our computer. Use also legitimate anti-spyware program to scan computer and remove spyware or adware hidden in software program which may give attackers access to our data and make sure to keep our virus definitions up to date frequently.

Keep software, particularly web browser, up to date
Keep our web browser up to date on a regular basis. Many operating systems offer automatic updates. If this option is available, we should enable it.

Shop with companies that we know
Try not to make any transaction with those merchants that you are not familiar because some attackers may try to trick you by creating malicious web sites that appear to be legitimate. If you have to do so, you must make sure you are interacting with a reputable vendor, ask for a paper catalog or brochure to get a better idea of their merchandise and services, and determine the company’s refund and return policies before you place your order.

Check privacy policies
Before providing personal or financial information, check the websites privacy policy. Make sure you understand how your information will be stored and used.

Keep your password private
When you establish a password, try to be creative such as using a combination of letters, numbers and even symbols. Avoid using a telephone number, identity card number, birth date or numbers that someone could easily guess.

Make sure your information is being encrypted
Indications that your information will be encrypted include a URL that begins with “https:” instead of “http:” and a lock in the bottom right corner of the window.

Be wary of emails requesting information
Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate business will not send this type of information through email.