Internet Security

Nowadays performing online banking transaction is very easy. It can be accessed anytime and anywhere. However there is also more security issue when performing this transaction. Below 10 points to remember when performing online banking.

1. Always access Bank's Internet banking by typing in the correct URL:
Never click on a link in an email to take you to a website and enter personal details either in the email or website

2. Password and PIN security:
You should always be wary if you receive unsolicited emails or calls asking you to disclose any personal details or card numbers. This information should be kept secret at all times. Be cautious about disclosing personal information to individuals you do not know. Please remember that Standard Chartered Bank would never contact you directly to ask you to disclose your PIN or all your password information.

3. If it sounds too good to be true - it probably is:
Don't be conned by convincing emails offering you the chance to make some easy money. As with most things if it looks too good to be true, it probably is! Be cautious of unsolicited emails from overseas - it is much harder to prove legitimacy of the organisations behind the emails.

Internet Explorer 7.0 vs. Safari 3.0 vs. Firefox 3.0 Comparison in security perspective

1. Cross site scripting (XSS)
The “most prevalent and pernicious” Web application security vulnerability, XSS flaws happen when an application sends user data to a Web browser without first validating or encoding the content. This lets hackers execute malicious scripts in a browser, letting them hijack user sessions, deface Web sites, insert hostile content and conduct phishing and malware attacks.

2. Injection flaws
When user-supplied data is sent to interpreters as part of a command or query, hackers trick the interpreter — which interprets text-based commands — into executing unintended commands. “Injection flaws allow attackers to create, read, update, or delete any arbitrary data available to the application,” OWASP writes. “In the worst-case scenario, these flaws allow an attacker to completely compromise the application and the underlying systems, even bypassing deeply nested firewalled environments.”

3. Malicious file execution
Hackers can perform remote code execution, remote installation of rootkits, or completely compromise a system. Any type of Web application is vulnerable if it accepts filenames or files from users. The vulnerability may be most common with PHP, a widely used scripting language for Web development.

4. Insecure direct object reference
Attackers manipulate direct object references to gain unauthorized access to other objects. It happens when URLs or form parameters contain references to objects such as files, directories, database records or keys.

Hackers have turned the harvesting of personal information from Monster.com and other large US jobsites into a lucrative black market business

A Russian gang called Phreak has created an online tool that extracts personal details from CVs posted onto sites including Monster.com, AOL Jobs, Ajcjobs.com, Careerbuilder.com, Careermag.com, Computerjobs.com, Hotjobs.com, Jobcontrolcenter.com, Jobvertise.com and Militaryhire.com. As a result the personal information (names, email addresses, home addresses and current employers) on hundreds of thousands of jobseakers has been placed at risk, according to net security firm PrevX.

Phreak has begun selling its "identity harvesting services" to fraudsters, charging $600 for data that might be applied to targeted phishing attacks, ID fraud or other nefarious purposes. Would-be clients are able to contact the gang on ICQ. For a fee the gang will filter its database for entries that refer to a particular country or particular employer.

The reliability of digital certificates and digital signatures is dependent on the authenticity of the key used to verify the signature and the reliability of the technical environment.

The utility of a digital signature as an authenticating tool is limited by the ability of the recipient to ensure the authenticity of the key used to verify the signature. For example, if the sender uses a private key to sign an unencrypted message, the receiver can verify the sender if the receiver knows the sender’s public key. To rely on the authenticity of that public key, the receiver must first retrieve it from some trusted source other than the sender. If an imposter is forging a message from the sender, he will send his own public key as well, claiming that it actually belongs to the sender. Since the imposter has the private key corresponding to the public key he sends to the receiver, when the receiver attempts to verify the signature of the forged message, it will result in a confirmation of the message’s authenticity even though it is not from the real sender.

Basically there are five key requirements for choosing the right mobile solution provider consist of:
- Enterprise-class security
- Application optimization with real-time push synchronization
- Broad handheld support and device-level integration
- Robust fleet management tools
- Flexible service and support

Based on research by Motorola group, Wireless access to enterprise information is going mainstream-driven largely by the needs and requests of individual employees within the enterprise. But while the need for wireless access is coming from the bottom up, the management of wireless access needs to be driven from the top down. Otherwise enterprises may find that wireless information access is a complex, chaotic and expensive endeavor with only ambiguous benefits. The key to turning wireless information access into a strategic IT initiative that delivers tangible ROI is developing an enterprise wireless information access strategy.

The widespread area of 802.11 network coverage zones is one of the major reasons for rising security concerns and interest: An attacker can be positioned where no one expects him or her to be and stay well away from the network's physical premises. Another reason is the widespread use of 802.11 networks themselves: By 2006 the number of shipped 802.11-enabled hardware devices is estimated to exceed 40 million units, even as the prices on these units keep falling. After 802.11g products hit the market, the price for many 802.11b client cards dropped to the cost level of 100BaseT Ethernet client cards. Of course there is a great speed disadvantage (5–7 Mbps on 802.11b vs. 100 Mbps on switched fast Ethernet), but not every network has high-speed requirements, and in many cases wireless deployment will be preferable. These cases include old houses in Europe protected as a part of the National Heritage. In such houses, drilling through obstacles to lay the cabling is prohibited by law. Another case is offices positioned on opposite sides of a busy street, highway, or office park. Finally, the last loop provider services via wireless are basically a replacement for the cable or xDSL link and 802.11b "pipe" is not likely to be a bottleneck in such cases, taking into account common xDSL or cable network bandwidth.

Rich Brewer of International Data Corp. (IDC) commented during Directions '99 that "the perception is that most hack attacks come from political activities and professional industrial thieves, but the reality is that approximately 70 percent of attacks come from within a company. Most security breaches are committed through a bunch of holes, enabling hackers to steal assets and, more important, ideas."[Managing a Network Vulnerability Assessment, Thomas R. Peltier, Justin Peltier and John A. Blackley ]

"Hackers are benefiting from a company's silence," Brewer said, adding that "according to the FBI, fewer than 3 percent of hack attacks were detected last year, and out of those, fewer than 1 percent were reported to the FBI." To defend against hack attacks, "products alone can't save" companies.

E-mail spam, also known as "bulk e-mail" or "junk e-mail," is a subset of spam that involves nearly identical messages sent to numerous recipients by e-mail. A common synonym for spam is unsolicited bulk e-mail (UBE). Definitions of spam usually include the aspects that email is unsolicited and sent in bulk.[1][2][3][4][5] "UCE" refers specifically to "unsolicited commercial e-mail."

E-mail spam has existed since the beginning of the Internet, and has grown to about 90 billion messages a day, although about 80% is sent by fewer than 200 spammers. Botnets, virus infected computers, account for about 80% of spam. Laws against spam have been sporadically implemented, with some being opt-out laws and others being opt-in. The total amount of spam has leveled off slightly in recent years. The cost of spam is borne mostly by the recipient, so it is a form of postage due advertising.