Wednesday, October 22, 2008

Email hoax

Hoax is a deliberate action that tricks people to believe that something is true when it is not. Email hoaxes usually contain false information that ask the user to perform an “ emergency action “, like sending to as much user as they can, which make the spreading of the hoax more successful.

Unlike spam mail, hoaxes email is almost impossible to be filter. The only defense against e-mail hoaxes is just to ignore them. Any email that appears as thought It could not be true probably is not true.

Example of a email hoax:

-------------------------------------------------------------------------------------

> >
> >> http://www.snopes.com/computer/virus/postcard.asp
> >>
>
> Hi All, I checked with Norton Anti-Virus, and
> >> they are gearing up for this virus!
> >> I checked Snopes (URL above:), and it is for
> >> real!!
> >> Get this E-mail message sent around to your
> >> contacts ASAP.
> >>
> >> PLEASE FORWARD THIS WARNING AMONG FRIENDS,
> >> FAMILY AND CONTACTS!
> >>
> >> You should be alert during the next few days.
> >> Do not open any message with an attachment entitled
> >> 'POSTCARD FROM HALLMARK,' regardless of who sent it
> >> to you.
> >>
> >> It is a virus which opens A POSTCARD IMAGE,
> >> which 'burns' the whole hard disc C of your
> >> computer.
> >>
> >> This virus will be received from someone who
> >> has your e-mail address in his/her contact list.
> >>
> >> This is the reason why you need to send this
> >> e-mail to all your contacts It is better to receive this
> >> message 25 times than to receive the virus and open it.
> >>
> >> If you receive a mail called'
> >> POSTCARD,' even though sent to you by a friend, do not
> >> open it! Shut down your computer immediately.
> >>
> >> This is the worst virus announced by CNN. It
> >> has been classified by Microsoft as the most destructive
> >> virus ever.
> >>
> >> This virus was discovered by McAfee yesterday,
> >> and there is no repair yet for this kind of virus.
> >>
> >> This virus simply destroys the Zero Sector of
> >> the Hard Disc, where the vital information is kept.
> >>
> >> COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS.
> >> REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US
> >>
> >> Snopes lists all the names it could come in.
> >>
> >>
> >>
>
-------------------------------------------------------------------------------------
For more information about the above email pls visit

http://www.hoax-slayer.com/postcard-virus-hoax.shtml

Wednesday, October 15, 2008

Authenticaiton Methods - Username and Password

Username and password is one of the most common authentication methods and because it is common, this methods can be the weakest type of authentication.

Nowadays computer chips are more and more advanced and powerful which makes password cracking faster and easier. Other than password cracking program, password guessing is also an effective way to breaking into a systems. Therefore we need to construct a stronger password and change it every 2 -3 months.

Not only password should be protected, username is equally important as password, username should be kept as confidential as a password because once the intruders knows the username, half of the battle is already won.

For more password protection guide please visit:

Password Protection Guide

Wednesday, October 8, 2008

Authentication Methods - Biometrics

One of the most recent popular and effective authentication methods is biometric identifiers which make use of our unique physical characteristics, and it is an example of authentication based on what you are. Common example includes:

• Fingerprints
• Voice patterns
• Retina scan
• Hand geometry
• Face
• Iris scan

The most common biometrics used is the fingerprints. A fingerprint is made of a series of ridges and furrows on the surface of the finger. Fingerprint matching can be divided into two categories: minutiae-based and correlation based. Minutiae-based techniques locate the minutiae point and convert them into a unique series of numbers, and store the information as a template. However, using minutiae based technique may have some difficulties as it is not easy to extract the minutiae point accurately when the fingerprint is of low quality. Correlation-based technique uses one precise location on the finger print to create a template.

Although biometric uses our unique characteristics and is very difficult to duplicate but is possible. Intruders can simply lifting a fingerprint from a glass to copy the fingerprint. Biometric is more recommended to use along with a password- what you know + what you are.

Biometric device is expensive to implement but once it has implemented it can overcome the problem of users forgetting their log in password and reduce the numbers of calls to the help desk about forgetting password and reset password.

Tuesday, October 7, 2008

Authentication categories

Authentication is a process of proving identity. Authentication can be classified into three categories:

• What you know
• What you have
• What you are

What you know is a type of authentication that based on knowledge that only knows by the authorized person or user. One of the examples is PIN or password. We need password to log in our accounts and password is a unique knowledge that only knows by our self.

What you have is a type of authentication that based on something that you have. A bit similar with what you know but the information is not stored into in your brain but a device that can be holding on your hand. A smart card, car keys or identity card are methods of authentication by what you have.

What you are is a type of authentication based on a person’s unique characteristic. For example, fingerprint, voice recognition and iris scan. Authentication by what you are can be an effective means of screening out impostors as it is not easy to duplicate human unique characteristics.

Saturday, October 4, 2008

Importance of Information Security

Information security is always the first concern and requirement on network planning. It is important to any organization, business or even individual because it can prevent data theft, legal consequences and less productivity.

In business, preventing data theft is usually cite as the primary goal of information security because data theft can lead to the lost of business. A business can lose up to a few millions of dollars after an attack on information security or when the confidential information falls in the hand of competitor. In some countries it is against the law if businesses or organization failed to protect the privacy of electronic data.

In an attack of information security it can also affect the productivity of employees due to time and resources has been divert to the clean-up effort. Take a company with 500 employees as an example. If the time needed to clean-up and attack before it can go back to normal daily process is 2 days.

500 x 16 (Average of one employee working 8 hours a day) = 8000

If average per hour salary of each employee is $20

$20 x 8000 Hr = $ 160 000 lost on salaries.

This is only a very small portion on information attacks lost.In Information attacks lost which will also include the lost of reputation, trust between companies, legal consequences and the future business operation can totally bring down a business.

Thursday, October 2, 2008

Social Engineering

Social engineering is another form of intrusion that attacks human weakness without the use of any technical skills that we need to break into a network. Social engineering is one of the most difficult to defense security as it is attacking our human nature (being helpful, fear and trust). Social engineering can be dividing into two types: Computer- based and Human-based.

Types of social engineering attacks:

Computer-based
• Phishing
• Spam mail
• Email attachment
• Pop up windows

Human-based
• Dumpster diving
• Shoulder surfing
• Eavesdropping
• Pretend to be a “legitimate “employee.

Phishing is an attack where the attacker will send out an email that linked to a website that looks similar with the real website to gather information. Usually asking for username and passwords, once the information is keyed in, it will send to the intruders.

Do note that banks usually won’t ask you to change your password without you requesting.

Dumpster diving involves digging through the trash for information such as telephone contacts, list of passwords , telephone bill, employee’s information, job scope and job title. This information is sufficient to launch an attack to the target company.

Example of Social engineering:

An intruder calls a user to pretend to be from the IT department “HI, this is Michael from the IT department. We are doing a disc clean up at our file server as it is running out of space. We need to verify your account so that files safe under your user account will remind undelete. Files in account that doesn’t validate in 5 minutes will be deleted. Can you provide me your username and password so that I can help you to do the validation? “In a panic, scare that the file will be deleted soon, user then provides the intruders the Username and password letting him to have clear access to the corporate network.

Monday, September 29, 2008

Information Security

In today world which information is transferring using cable and satellite, it has become very convenient for us to transfer or send information to the other end of the world. Email message can just be send within seconds but how is the data been transfer? In the other end who is reading the message? Can other people steal the information in the middle of the transfer? Will the message reach the other end? This entire question is concern about Information Security.

What is information security? Information security ensures that digital document which is typically processed by a computer and stored on removable devices such as CD or DVD is well protected, Transmitting Information that transfer over the network such as LAN or the internet is secure.

Information has value and the value of the information come from its characteristics. The three characteristic of information which must be protected are Confidentiality, integrity and availability. Confidentiality refers to the documents or information will only can view by authorized personnel. Integrity ensures that the information is correct and has not been alter by unauthorized person. Availability ensures that data is available for access or download whenever an authorized person needs to retrieve them.

Sunday, September 28, 2008

Is hacking illegal?

Yes, hacking without a permission is illegal. Hacking is a term to define breaking into others people computer network without the knowledge of the owner with or without bad intention.

In the other hand, hacking legally means breaking into computer systems with the permission of the owner. This will be done when an organisation wanted to test their network for vulnerabilities and fix it before a hacker will do it in the same way.In the IT industry this is call the penetration testing.

Saturday, September 20, 2008

how to protect your password?

Photobucket
From the new paper 19 sept 2009

Who hacked my email?

NO. Actually not people hacked your email or may be yes,but the chance is small. Most probabbly iS that your password has been crack, steal or known by people.They probably use your password to gain access to your accounts.To prevent at least follow some of the guideline below:

oDon’t reveal a password to anyone, this include your boss, your superior and the IT administrator.

oDon’t use a password for multiple accounts.

oDon’t share your password with anyone.

oDon’t reveal or hint the format or way that you construct your password.

oDon’t use the remember password feature in of application.

oDon’t write down your password on a sticky note and “ hide” somewhere

oDon’t write your password in any questionnaire.

Email account is always very personal or at work,confidential. So we dont want our privacy to be view by others. Start praticing to use strong and secure password.

Sunday, September 14, 2008

Password

Password is a string of unique characters that you provide usually with a username to get authenticate before accesing a certian place.

However a weak password can be easily crack or guess by people to be use to gain access to your account. so building a strong password is always recommended. A strong password meet ALL of the foloowing:

oContain both lower case and upper case character, (e.g. a, b, c…, A, B, C….)

oContain both numbers and punctuation characters. (e.g. 1, 2, 3…! @ , #, $)

oPassword must be at least 10 characters

Web Browser

A web broswer is an application software that allows users to access and view web pages on the world wide web(WWW).

The most widely use broswer are Internet Explorer(IE), Mozilla, Opera, Netscape and safari.

Saturday, September 13, 2008

Virus

In computer language, virus is a computer program or a piece of code that can manipulate itself without the knowledge of the user. A virus might destroy your data on your HDD, make your computer performance slow and even spread itself to all your email contacts.

Virus can easily spread through email attachment, removeable media such as floppy disk or thumbdrive. virus can also be spread through downloading file on the internet.

The most common way to protect your computer being infected is to install an anti-virus software and update at least twice a week(i personally update everyday)and do not download email attachment if you don't know who is the sender.