The Application of Third Party Certification Programmed in Malaysia

Users will not transact business at a web site unless they are certain it is secure. They need to know the business is real and that their communications are private. One of the licensed Certification Authority (CA) in Malaysia is MSC Trustgate.com which was established in 1999. It provides security and trusted services to help companies build a secure network and application infrastructure for their transactions and communications over the network.

MSC Trustgate is an affiliate of VeriSign Inc. for the South East Asian region and a member of the VeriSign Trust Network. MSC Trustgate.com’s membership allows its customers to enjoy a globally recognized service that is compatible with the existing technological requirements. It offers market leading trust services, including authentication and validation, needed by websites, enterprises, and e-commerce service providers to conduct trusted and secure electronic commerce and communications over IP networks.

The affiliation also establishes strategic relationships with industry leaders, such as AT&T, British Telecommunications, Checkpoint Technologies, Cisco, Microsoft, Netscape, Network Associates, Network Solutions, RSA Security, and VISA, to enable widespread utilization of digital certificate services and to assure interoperability with a variety of applications and network equipment.

MSC Trustgate offer several products and services. First of all, they offer SSL certificate for Internet, Intranet and server security. Global Server ID adopts today's strongest encryption commercially available for secure communications via Server Gated Cryptography (SGC) technology. However, Secure Server ID protects the transfer of sensitive data on Web sites, intranets, and extranets using a minimum of 40-bit and up to 256-bit encryption.

Besides, MSC Trustgate also offer Managed Public Key Infrastructure (MPKI) service which is a fully integrated enterprise platform designed to secure intranet, extranet, and Internet applications by combining maximum flexibility, performance and scalability with high availability and security.

To ensure the confidential information remains private in transit, Digital ID is being offered for secure transactions, documents and e-mails. With MyTRUST, we can turns a SIM card into a Mobile Digital Identity for secure mobile banking and other financial services. Mobile digital signature provides non-repudiation on transactions under the Digital Signature Act, 1997.

Malaysian government has put in place a smart National Identity Card (MyKad) for every citizen. MyKad with PKI capability allows its holder to conduct online transaction with government agencies and private sectors. MyKey, is the MyKad PKI solution that works with physically MyKad, allow authentication online and to digitally sign documents or transactions and is accepted by the Malaysian government.

Security is the primary concern of entering into the new Internet economy. The ever-changing paradigm of e-commerce requires a well-mandated security infrastructure. The vision of Trustgate is clear which is to enable organizations to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world. Trustgate is determined to become the leading service provider of Internet utility company, thus complementing the aspiration of the MSC to be a world-class e-environment.

Phishing : Example and Prevention method

In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Paypal, eBay and online banks are common targets. Phishing is typically carried out by e-mail or instant messaging and often directs users to enter details at a website. Phishing is an example of social engineering techniques used to fool users.



For example, Paypal phishing, spelling mistakes in the e-mail and the presence of an IP address in the link are both clues that this is a phishing attempt. Another giveaway is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. Other signs that the message is a fraud are misspellings of simple words and the threat of consequences such as account suspension if the recipient fails to comply with the message's requests

There are some tips for on-line user to avoid getting hooked. If some of them have received email to ask for their personal or financial information, please do not reply such email or pop-up messages. In addtion, they are advised not to cut and paste a link from the message into their web browser because phisers can make links look like what they want to go but actually they send you to a different site. Besides, user might use the latest products and services to help warn and protect them from online scams. For instance, they can install the Microsoft phishing filter using Internet Explorer 7 or higher. The Internet Explorer 7 that include the Microsoft Phishing Filter helps to protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported phishing Web sites. If you use Internet Explorer 7 you will get another layer of protection with sites that use Extended Validation (EV) SSL Certificates.

Furthermore, the use of anti virus and anti-spyware software, as well as a firewall can reduced the risk of being phishing through the Internet. User should update such software regularly to ensure that the software can prevent the spyware or other unwanted software effectively.
If you have discovered any phishing mail, you can forward such mail to spam@uce.gov or to the company and bank impersonated in the phishing email. You may also report phishing email to the Anti- phishing working group at this email address reportphishing@antiphishing.org.

As a conclusion, we as the users should always be caution in opening any attachment or downloading any files from emails you receive, regardless of who sent them.

A Review on a post on Internet Security from My E-commerce blog

Nowadays, there are many threats of online security which intimidate the internet users, such as viruses, worms and Trojans. Internet users, especially those who like to shop on the Internet, feel alert and worry with these threats. Users cannot be assured that their personal data and financial information are safe from any unauthorized access through internet.

A review on a post on Internet Security from My E-Commerce blog with the title of “more than 1 million computer viruses in circulation now” has stated that there are more than a million of computer viruses, worms and Trojans in circulation, according to the Symantec bi-annual Internet Security Threat Report. This may be due to the hard works of the cyber criminal groups around the world.

According to the post, there are a total of 711, 912 new malicious code threats found in 2007. In total to date so far, Symantec had detected 1,122,311 malware. This shows that almost 2/3 of the malware were created in 2007 alone. Malware is a kind of software created to damage the computer system without owner’s informed permission. This term comes from the words “malicious” and “software”. Malware includes computer viruses, worms, Trojan horses, most rootkits, spyware, dishonest adware, as well as other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant.

According to the post, most of the viruses are targeted at the Microsoft Windows’ based PC. On the other hand, some security firms had also reported a significant increment in the number of viruses online. Those reports indicate that threats of online security are getting serious as days pass. In order to protect our computer system from threats, we should install an anti-virus program with better quality; never visit websites that contain lots of viruses, such as illegal websites; keep personal data and financial information confidentially, and the last but not least, never open unsecured and unauthorized website. With these protections and avoidance, our computer will be staying away from any online threats.

How to Safeguard our Personal and Financial Data?

Nowadays, threats of online security getting serious as days pass. Internet users cannot assure that their personal information and financial data are as secure as previous time. In order to avoid any unauthorized access from internet, variety of safeguards must be taken in order to protect our personal and financial data.

Personal firewalls and security software packages which include anti-virus, anti-spam, and spyware detection features are a must for those who engages in online financial transactions. Users need to make sure that their computers have the latest security patches, and make sure that they are the only person that can access to the online brokerage account on a secure web page by using encryption.

Firewalls are the software and hardware products that intended to define, control and limit the access to a website, network or computer system. Firewalls help users to protect their data and help them to prevent unauthorized access via internet. Besides, most web browsers have the ability to communicate securely with a website by encrypting the information as it passes across the Internet. This method of communication is called Secure Socket Layer (SSL). Users can keep their personal information and financial data confidentially by this method.

Moreover, using security tokens can make an identity thief harder to access to a user’s online brokerage account. This is because these small number-generating devices offer a second layer of security for internet users. Besides, internet users must be smart in creating their password. The best passwords are ones that are difficult to guess. For example, try to use a password that consists of a combination of numbers, letters, punctuation, and special characters. Users should change their password regularly and use a different password for each of their accounts. Do not even share password with others and never reply to "phishing" emails with your password or other sensitive information.

Last but not least, users must always remember to log out completely when done using their online account. Log out completely can terminate the online session and help to prevent others from gaining access to users’ account information. Online security is everyone’s responsibility. We cannot predict the unauthorized access and damage through internet anytime. Therefore, we must take the safeguarding of our information seriously.

The Threat of Online Security: How Safe is Our Data?

Nowadays, online service plays a pretty important role in human’s daily lives. Internet users can access information through the websites, to correspond with faraway friends through email, to meet people through online messenger, and to discuss their interests with like-minded people through forum. Furthermore, people can advertise and sell their products through the Internet. However, there are some new risks while using the Internet, among them are the risks that the important information will be lost, stolen, corrupted, or misused.

Computer virus is one of the threats to the online security, the safety or our data may be doubted if data is infected by virus. A computer virus is a computer program that can copy itself and infect a computer without consent and knowledge of the computer users. Viruses can either spread from one computer to another through CD or USB drive, or spread through network services such as instant messaging or file sharing program.

Spyware is another program that threatens the security and safety of our data. It is computer software that is installed secretly on a personal computer to monitor or control over the user’s interaction with the computer, without the permission of the user. Spyware can change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet of other programs. It can even install additional computer settings, redirect Web browser activity, or access websites blindly that will cause more harmful viruses without the knowledge of the user.

Hacking is an activity specializing in obtaining unauthorized access to systems through skills, tactics and detailed knowledge. These days, the mass media often uses the term “hacker” as synonymous with a computer intruder. There are several recurring tools of the trade and techniques used by the computer criminals such as spoofing and sniffing attack, denial of service (DoS) attack, identity theft, vulnerability scanner, and etc. Our data may not be safe if our computers are hacked by hackers.

We cannot determine how safe our data is if there are some threats in the online security. What we can do is try our best to protect our data from leaking out. However, online security system should be improved from time to time so that the confidentiality, integrity and availability of our data and information can be retained and maintained.