Friday, June 20, 2008

Firm Use the Cyber Thugs to Attack Competitors

Distributed denial-of-service (DDoS) can become a useful tool by the legitimate firms to damage their competitors’ website or servers. However, it only take place in internet.


DDoS attack is an attempt that attacker gain the illegal administrative access to as large amount of compromised systems on the internet as possible to attack a single target. It purposes is to make the computer resource unavailable to its intended users or potential users. The common method of DDoS attack involves the flood of incoming messages to the target systems with external communications requests. Thus, the target system cannot respond to legitimate requests as soon as possible or cannot responds to the valid applications effectively and efficiency.


Normally, the DDoS attack will force the targeted system to reset or close down for few hours even for few days in order to repairs and restore. This is because DDoS attack will consume all the resources of the targeted system that it can no longer provide its intended services or as a communication media between the users and the targeted system.


DDoS attack always used in the business industry on the internet. This attack will seriously influence the operating of the competitors’ computer system especially those websites that major revenue is rely on the online selling or transaction fees. Once the website closes down for few hours or few days, the million in dollar per day will be loss. Furthermore, reputation of the company and the confident of the users will loss due to the DDoS attack to the company system. Thus, most of the companies are afraid to become the target system of DDoS.

How To Safeguard Our Personal and Finaicial Data?


Performance of computer systems and networking have becoming more advance nowadays. It allows corporate to record, store and retrieve huge amounts of data faster and more efficiently than ever before. However, these capabilities have raised the concerns about the privacy of individuals in large networked information technology environments as online threats increased. There are several ways to safeguard our personal and financial data from network.

Firstly, we can download or purchase some software to guard against online threats in order to protect our computer from hackers and spyware. They are easily acquired either from the internet or from the local computer shops. Thus, it will be convenient for all the users to acquire. For examples of those software are
Norton Antivirus, McAfee VirusScan, avast!, Girsoft AVG, NOD (Eset) and Spyware Terminator.


Beside that, we should never post our personal information in the chat rooms or on websites as well as enter full information in the online registration forms. This is because it can make you a target for identity theft, stalking or even harassment. In addition, we should never use E-mail or unsecured instant massage(IM) to transmit confidential information because E-mail and free instant massage communications are easily intercepted. Hence, it is not a secure process for transmitting personal information.


Then, a strong financial software password is also one of the methods to improve security of our personal and financial information privacy. A password should not contain personal information and change it constantly. It should be combination of numbers and alphabet. In addition, we should dispose our confidential information properly. It is recommended to dispose the materials in electronic formats (on CD or computer) so the information cannot retrieve by others.

Next, we should never reply to an E-mail, pop-up message that asks for personal or financial information in order to avoid phishing scams. Social engineers often use phishing to impersonate well-known banks, online retailers or credit card companies. They use fraudulent E-mails and websites to fool recipients into divulging personal financial data such as credit card numbers, account passwords and social security numbers.

In nutshell, it is advisable that we should protect or safeguard our personal and financial data properly. No matter how sophisticated the Information Technology, we can never be a foolproof!

Phishing: Examples and its Prevention Methods

Phishing may refer as brand spoofing or carding. It is a technique used by the social engineering to gain personal information from recipients for the purposes of identity theft through the fraudulent e-mail messages.

Normally, E-mail of phishing sends to the people who are new to the internet or who are not aware of phishing frauds. These E-mails contain a link that would look like the real link but in fact not. When the users direct click on the link , they are spoof by phishers. PayPal, eBay, MSN, Yahoo, Best Buy
and online retail store are often the target of phisher. It may also from anywhere that a person may have to register and supply financial information when register for an account. The link of E-mail may not be obvious to recipients. Thus, those recipients should be careful on not directly click on the links in the E-mail that especially sent by the bank or credit card company. They should call up the company using the listed number provided in the bank statement and not from the phone number provided in the E-mail.


The phisher may also create fraudulent website to required victim to fill in their details such as their names, bank account number, pin number, credit card number, social security number to register and log in. The appearance of the fraudulent website seemed to be similar to the real website. Thus, visitors may not aware of it. As the result, phisher is able to obtain the secure information from the visitor. Therefore, users should verify the website through the sign from www.Verisign.com to avoid the possibility of landing on a spoof website.

Beside that, users may install anti phishing software to protect from frauds and scams by the phishers. Some companies may also use augmenting password logins to prevent the phishing. For example, the Bank of America’s website ID is one of several banks that ask users to select a personal image and display the selected image with any forms that request a password. In addition, users of the bank’s online services are also instructs to enter a password only when they see the image they selected.

Here are some relevent websites and articles:-

http://www.antiphishing.org/
http://www.mozilla.org/security/phishing-test.html
http://www.mailfrontier.com/docs/SurefirePhishingTips.pdf

The Threat of Online Security: How Safe Is Our Data?

Internet has become a critical infrastructure between one another. An individual may use the internet to make their payment while the corporate may use it to deal with their customers or suppliers. Thus, there are a lots personnel and confidential data involved during the transaction.

In e-commerce, online security always been question by the users especially the rate of threat in online security increased recently. Those threats may refer to malicious codes which are virus, Trojan horses and worms.
Viruses are the best known in the malicious code categories. It is a piece of software code that inserts itself into an operating system in order to propagate it. However, it does not run independently. It required user to move them from one machine to another.

Then,
Trojan horse is a program that appears to have a useful function but in fact it contains a hidden function that presents a security risk. It normally will give the attacker some degree of control over the user’s machine. This control allows the attacker to remotely access and commands to the user’s machine. The data that usually targeted by Trojan horse are usernames and passwords. In addition, Trojan horse may also make the user’s machine become part of a Distributed Denial of Service (DDoS) network where they used to attack other users.

Worm is a type of malicious code that runs independently. It consumes resources of its host and it is capable of propagating the complete working version of itself into another machine. This mean once the worm has attacks the machine and take it over, the worm itself will scan for and attack other machine. Thus, there is not human intervention is required to spread a worm across a network. Besides, the entire process only takes seconds or less to spread over thousand of machines.

In nutshell, proper safeguards should be undertaken by the user to protect their data. They may download antivirus program or any other program to guard against those security problems.

Related info:-

http://www.infosecwriters.com/text_resources/pdf/Mal_Codes_in_Depth.pdf