Thursday, June 25, 2009

The Threat of Online Security: How Safe is Our Data

Nowadays, people rely on the Internet to do their daily work. Although Internet has brought a lot of advantages to the users, but no doubt, there is also threat of online security increasing day to day.

There are few categories of threat:

1. Accidental actions
This category encompasses problems arising from basic lack of knowledge about online security concepts and includes issues such as poor password choices, accidental or erroneous business transactions, accidental disclosure, and erroneous or outdated software.
Related problems occur as a result of misconfigured security products and information leakage resulting from insecure information transfers.


2.Malicious attacks

  • Attack that specifically aims harm computers.
  • Types of Malicious attacks:

a.Computer Virus:

-It is the most common form of malicious code.
-It is a program that attaches itself to other program.
-Major types of virus:
i. File Infectors
ii. System or boot-record infectors
iii. Macro Viruses
iv. Multi-part

-Example of computer virus:
I.

Melissa” virus/worm - It will cause computer show down and face frequent failure.
II.

I Love You” virus - A small piece of code attached to electronic mail which will cause an e-mail send to everyone in an address book, then damaging victims' machines.

III.Trojan horse - Personal information will be stolen as Trojan track into the computer.


b.Denial of Service Attacks (DoS)

  • It is an attack on a web site that uses specialized software to send a flood of data packets to the target computer with the intention of overloading its resources and cause the network shut down.

c.Distributed denial-of-service attack (DDoS)

  • A DoS attacks that gains illegal administrative access to as many computers on the internet as possible and uses these multiple computers to send a flood of data pockets to the target computer.


3.Online fraud

  • It is a broad term covering Internet transactions that involve falsified information.
  • Types of Online fraud:

a.Identity Theft

-Electronic commerce information can be intercepted as a result of vulnerabilities in computer security. Thieves can then take information such as credit card numbers and misuse on it.

b.Data Theft

-A term used to describe not only the theft of information but also unauthorized perusal or manipulation of private data.


Ways to help prevent Threats of online security:

  • Use and update anti-virus software, anti spyware software and firewall frequently.
  • Be aware of email attachments from unknown sources.
  • Develop a strong password and change them frequently.
  • Do not download free software unless you have verified that it is legitimate.
  • Stay away from 'questionable' websites.
  • Be cautious of pop-ups.
  • Back up your data frequently.
  • Always delete cookies in the computer to prevent track on the history/password.

In conclusion, we should prepare well before online to secure us being threat of online security.

Related Links: http://www.bsagovernment.com/downloads/MajorOnlineThreats.pdf http://www.vermontpcsolutions.com/articles/10-free-ways-to-help-prevent-malware-threats.html

Phishing: Examples and Its Prevention Methods

Phishing is a new word produced from ‘fishing’, it refers to a new type of network attack where the attacker creates a replica of an existing Web page to fool users (e.g., by using specially designed e-mails or instant messages) into submitting personal, financial, or password by masquerading as a trustworthy person or business in an electronic communication. This information then can be used for future target advertisements or even identity theft attacks (e.g., transfer money from victims’ bank account).

Example 1: Phishing email / Phishing website


A frequently used attack method is to send phishing e-mails to potential victims, which seemed to be sent by banks, online organizations, or ISPs. In these e-mails, they will makeup some causes such as password of your credit card had been mis-entered for many times, or they are providing upgrading services, to allure you visit their Web site to conform or modify your account number and password through the hyperlink provided in the e-mail. You will then be linked to a counterfeited Web site after clicking those links. Legitimate organizations would never request this information of you via email.



Example 2: JavaScript Obfuscation

There is a trend in phishing today to make an attempt to further fooling a victim in believing he/she is on a trusted page, at say, Netbank. Unmodified, a copied Netbank site will look like this on the phisher’s hosting server:



The location bar, which takes up approximately 2% of the screen height, accounts for virtually that all of the indication that a Web site is genuine. This is easily circumvented with a well known JavaScript vulnerability posted on the Bugtraq security mailing list in May of 2004, which uses a floating pop-up frame to change the address bar to the familiar:



The ability to produce “chromeless” frames outside the browser window using the window open JavaScript function continues to be available to Web developers, but thankfully, are now blocked by recent versions of Internet Explorer’s and Mozilla Firefox’s built-in “pop-up blockers,”.

Here is a quick checklist to bear in mind during our surfing, we should alert to the risks of phishing:
1. If you receive a mail that asks you to take immediate action, such as "to restore access to your bank account…." please don't click the link. Never has the bank will ask you to give them your user ID and password online. If in suspect something, speak with the bank directly to find out the truth.
2. Be alert in all Internet activities. Therefore be aware that there are unscrupulous elements out there trying to extract your personal details for their nefarious uses.
3. Check whether anything all right by log in to your account regularly.
4. Ensure your web browser is the latest version with all security patches updated to help you to detect and block the phishing. Web sites by using various spam filters to enhance the security of the web sites.
5. Do not filling out forms in email messages, especially if the form requires you to fill in personal detail information.
6. Never leave personal accounts unattended for long period of time (even for a month). Make it a habit to check your debit/credit of account and if you notice anything unusual, get clarification immediately.

7. Never reveal your personal information to anyone; however although genuine or trustful requester may sound. Personal details should only know by you and is your personal asset. It is better to be careful a bite.

Related links:
http://internet.suite101.com/article.cfm/avoid_phishing_attempts

http://research.microsoft.com/en-us/um/people/chguo/phishing.pdf

http://y2u.co.uk/Knowledge_Information/Technology/RN_Computer_Phishing_Scam.htm

http://www.phishtank.com/what_is_phishing.php

http://www.planbsecurity.net/wp/503167001_PhishingDetectionandPrevention.pdf

How to Safeguard Our Personal and Financial Data?


Are you taking steps to protect your personal and financial information? How do you safeguard? Nowadays, we will rely on computer to save our personal data and doing financial transactions such as e-banking by using computer in order to save our time. After all, if the information falls into person with bad intention, it can lead to fraud or identity theft. Therefore, do you think that safeguards that you done are sufficient enough to protect your personal and financial information?

There are some ways to safeguard our personal and financial data:


1. User ID
Avoid identifying information in user IDs, such as first initial and full last name. We should use a substitute name that avoids any reference to your name, job or other personal attributes can make tracking more difficult. Besides, we shall not use the same ID across multiple services.

2. Encryption and password security
Whenever we are transmitting data over private or public networks, we should assume that somebody could be eavesdropping on the packet data that we sent and receive. Therefore, when we transmitting sensitive data, we should use some form of encryption to protect our data. Besides, we should use stronger password to protect our access data. For example, use longer password or a combination of numeric and alphabet passwords. By using encryption and password security, we can ensure that no unauthorized people can view our data if they can physically access it.

3. Install and update antivirus and antispyware programs
Make sure antivirus and antispyware programs are well installed to protect our computer against viruses and Trojan horse from stealing or modifying our data on computer. In addition, we also need to keep our virus definitions up to date. Besides, we should regularly scan our computer system for spyware because spyware may affect performance of our computer.

4. Avoid accessing financial information in public
We should not access financial information and do any financial transaction in public such as coffee shop or cyber café that offers wireless access. It is because we do not know whether there have been installed spyware in their computer and hacker can easily get our information if there is no a strong firewall.


Related Links:
http://technorati.com/tag/personal-data
http://www.msisac.org/awareness/news/2007-03.cfm

Application of 3rd Party Certification Programme in Malaysia

3rd party certification program is used to ensure that the original content of an electronic document is safeguarded from being changed by unauthorized person. Certificate Authorities (CAs) are third parties that issue digital certificates which used to authenticate websites, individuals and software companies.



MSC Trustgate is a licensed Certification Authority (CA) in Malaysia since 1999. They offer security solutions that are needed by individuals, enterprises, government, and e-commerce service providers using digital certificates, digital signatures, encryption and decryption.

It’s very important for an organization to ensure the security of their confidential data. Therefore, they can use certificates to secure their data and manage identification credentials from users and computers within and outside your organization. Examples of the certificates are:

Public Key Infrastructure (PKI)
PKI is a combination of software, encryption technologies, processes and services which safeguard communications and business transaction. It is done by exchanging digital certificates between authenticated users and trusted resources. By using PKI, an organization can achieve its objective of Confidentiality, Integrity, Authenticity and Non-repudiation of data.

Digital ID
Everyday, there are millions of transactions being carried out over the unsecured network. These transactions normally contain information such as customer’s details, company’s pricing decision and other highly confidential information. Such information can be easily altered if not properly encrypted. Examples of Digital ID are CryptoSuite and Secured E-mail.

Therefore, Digital ID provides protection to this information so that such information remains private in its transferring process by signing and encrypting transaction. It uses private key and public key performs following operations that supplement PKI:

Authentication
  • Verification of real identity of an individual, computer, computer program & E-Commerce websites.
Privacy
  • Assurance of confidential data remains private

Authorization

  • Assurance that only authorized users have rights access to private data

Integrity

  • Assurance that stored data have not been amended without authorization

Non-repudiation

  • Assurance that online users cannot falsely deny or repudiate their transaction

VeriSign



Furthermore, VeriSign is also one of the programs used by organization in Malaysia. MSC Trustgate is the first company in Asia which appointed as VeriSign Authorized Training Centre. VeriSign provides various types of security products such as digital certificates, payment processing, managed firewalls to mobile call roaming, toll free call database queries and downloadable digital content for mobile devices.


MyKey




Besides Organization, Malaysian Government is also applying 3rd party certification program in National Identity Card (MyKad) of every citizen. MyKey is the PKI solution that works with our MyKad which allows us to conduct several Internet activities such as online submission of tax return, online banking and digitally sign documents.

Thursday, June 18, 2009

History and Evolution of E-Commerce

E-Commerce is also known as ecommerce, electronic commerce or E-Business. Unlike the traditional method of commerce, E-Commerce is the act and science of buying, selling or exchanging products, services and information over the internet. Internet shopping has become one of the popular activities around us. With E-commerce, everyone can shop at anytime they want.

The meaning of E-commerce has changed over the 30 years. In 1970s Electronic Date Interchange (EDI) and Electronic Funds Transfer (EFT) were first developed. EDI and EFT allowed business companies to exchange business information, do transaction, and send commercial documents electronically. Next, e-commerce also formed in 1980s in the growth and acceptance of credit cards, automated teller machine (ATM) and telephone banking.

In 1990, World Wide Web(WWW), which was proposed by Tim Berners had became more commercialized and anyone in the world started taking part in it. After that, Mosaic web-browser became the first ‘point and click’ browser and it was quickly adapted into a downloadable browser. In 1994s, a simple browser to surf the internet and a safe online transaction technology called Secure Socket Layer (SSL) was provided by Netscape.

Amazon (http://www.amazon.com/) and eBay (http://www.ebay.com/) were the first Internet companies to allow electronic transaction. The two websites are launched in 1995s. Besides that, DSL was also developed in 1998s and allowed quicker access and a persistent connection to internet. For addition, the development of Red Hat Linux was also another major step in e-commerce growth.

In 2000s, people began to define the term ecommerce as the process of purchasing of goods and services available over the Internet using secure connections and electronic payment services. There were a great number of business companies in United States and Western Europe represented their services in the world wide web (WWW).

Evolution of ecommerce is a history of a new, virtual world which is evolving according to the customer advantage. It is a world which we are all building together brick by brick, laying a secure foundation for the future generations. I strongly believe that e-commerce will keep on developing popular stages until anyone can just buy thing and shop from home.


eBay – An example of E-commerce Success and Its Causes.

In my opinion, an example of e-commerce success is eBay which is a famous website visited by many people. The eBay was born over Labor Day weekend in 1995, when Pierre Omidyar, a computer programmer, wrote the code for an auction website that he ran from his home computer. Today, Omidyar's hobby is known as eBay, the world's largest online marketplace - where practically anyone can practically sell anything at any time. With a presence in 39 markets, including the U.S., and approximately 84 million active users worldwide, eBay has changed the face of Internet commerce.

eBay might be the first example where a commerce site has actually been built around a community where people are exchanging information and exchanging goods, services and merchandise. It is a software program that allows people, in one spot, to list down items of various interest and various degrees. It also allows people to be able to come to that very same site and look at what are available for sale and bid and buy those items. It uses the auction process as the method for establishing how merchandise is valued and eventually how it is exchanged between buyer and seller.

All eBay users can browse through listed items in a fully autamated way. The items are arranged according to topics, where each type of auction has its own category. They are having both steamlined and globalised traditional person-to-person trading. Their facilities are easy for buyers to explore and enable sellers list item for sale immediately within minutes of registering, the binding contracts of the auction is between the winning bidder and the seller only.

The causes the make eBay success is that it allows people to often times connect to some very fond and special early childhood memories. It allows people to make that connection and relive a lot of very vivid and very fond memories that they had from an earlier period of time. It could be anything from collecting baseball cards to toy soldiers to Barbie dolls to doll houses, and so on.

Another factor to consider is, people enjoy with the experience of the shopping bazaar. They enjoy the hunt, looking around for merchandise and they really enjoy the competition of the bidding process. Everybody likes to get a bargain, I think, in some way, shape, or form, likes to haggle a little bit over the price. The eBay auction format allows users to do that. The other thing is that as it has grown, it has become a very practical place to buy and sell collectibles or commoditie.


Related links:
http://www.ecommercetimes.com/story/2127.html
http://www.ebay.com/
http://news.ebay.com/about.cfm
http://www.scribd.com/doc/1020018/Seven-Secrets-to-eBay-Success

eToys - An example of an E-Commerce Failure and Its Causes


eToys.com (1997-2001)
I was reading the Dot.com failures website. I notice that eToys.com is one of the top 10 dot-com flops. eToys.com is a retail website which sells toys via e-commerce. eToys was launched in October 1997, with funding from Sequoia Capital, Highland Capital Partners and Idealab. Like many other dot-com companies, the company that owned the eToys site filed for chapter 11 protection toward the end of the Internet bubble on March 7, 2001. At the same time, KayBee Toys (KB Toys) acquired the bulk of eToys’ remaining assets for $5million. The eToys.com website was eventually reopened by eToys Direct Inc., a descendant of Internet startup and KB Toys partner Brainplay.com, and a subsidiary of Parent Company. It continues to market toys by mail order under eToys name through both the website and printed catalogs. On 22 December 2008 eToys Direct filed for Chapter 11 bankruptcy and it was acquired by Toys “R” Us in February 2009.

There are some reasons why eToys has failed:
1. Disrespecting competitors
One eToys senior manager reportedly boasted at the height of the Internet boom. What eToys forgot on the way to bankruptcy is that Toys “R” Us had even more powerful advantages, such as established customers, experienced in the toy business, and the heft to ensure supplies of hard-to-get hot toys. As eToys learned, disrespect is the first step to disaster.

2. B2C E-Business failures
eToys failed to appreciate the fact that theirs was a new service to the customers. The management must carefully handle both the front and the back-end of their businesses efficiently and effectively. During the 1999 holiday season, eToys was accused of falling short of one of its initial goals-speedy and reliable customer service. Thousands of customers complained that their orders were either late in arriving at their destination or contained the wrong merchandise.

3. Expensive advertising campaigns
Marketing tactics are what helped make eToys strong. It became a household name for unique, yet very pricey, print advertisements and commercials, which appealed to both parents and children. This resulted in eToys not being able to adequately meet the needs of its customers.

Revenue Model for Google, Amazon.com and eBay

Revenue model is a description of how an organization will earn revenue. There are different techniques used in E-commerce in earning revenue. Some of the examples of revenue models are as follow:
1. Sales are revenue generated from selling of good and services over publishers’ websites
2. Transaction fees are commissions earned based on the volume of transactions made. It can be either of a fixed value or levied per transaction.
3. Subscription fees are monthly or yearly amount paid by customers to get some types of service.
4. Advertising fees are amount charged by publishers from advertisers who place a banner on their websites.
5. Affiliate fees commissions publishers received for referring customers to others’ websites. Examples of affiliate fees may included:
a) Cost per thousand impressions (CPM) is frequently used in advertising to represent cost per thousand. Each CPM will only be charged when an advertisement is pop-up on users’ screens for 100 times.
b) Cost per click (CPC) is amount of money paid by an advertiser to publishers. Cost will be charged for a single click on its advertisement that brings one visitor to its website.
c) Cost per action (CPA) is an online advertising pricing model where advertisers pay for each action done by visitors linked to the advertisement. Examples of action such as requesting or buying a product.
6. Other revenue sources. For example, some websites allow people to play games or watch sports in real time for a fee. E.g.:
http://www.espn.com/.

Now, let’s look at the revenue model of various websites.




Google does not sell goods or services as it is only a content provider. Therefore, most of its revenue is from advertising. There are two sub-parts of Google which are Google Adwords and Google AdSense.
Google Adwords (
www.google.com.my/AdWords) earns its revenue mainly from advertising of products. It is using cost per click model whereby advertisers will only need to pay if people click on their advertisement. When a person searches for information, advertisements with the relevant keywords will appear either at the right side of screen or above the search results.





On the other hand, Google AdSense (https://www.google.com/adsense/) is an advertisement application operated by Google. Website owners can sign up for this program to enable their texts, images or advertisements to be appeared on their websites. Google often earn revenue either by using cost per click or cost per thousand impressions.





Amazon is one of the biggest companies which sell goods over Internet. It started its business by selling books and now expanded to sale of CDs, software, video games, video games and so on. As Amazon is selling various types of products, it may earn revenue from sales of products. Furthermore, Amazon partners’ websites can display its books directly on their websites and send interested customers to its website when visitors are ready to buy it. After that, Amazon will pay a commission for the sale to the site owner.







eBay is a worldwide auction website since 3 September 1995. It is now managed by an American Internet, eBay Inc.. eBay is an online auction and shopping website where people and businesses can buy and sell various goods and services globally. Majority of its sales are taken place by auctioning. Customer who bid for a product at highest price will be able to get the product. Now, eBay is also using a substantial segment of listings in the “Buy It Now”. This gives visitors chances to purchase an item immediately before bidding begins. Through these, eBay can earn transaction fees by charging commission from sellers who sold their product successfully.

Wednesday, June 10, 2009

Wong Ngan Teng

My name is Wong Ngan Teng, a BAC Year 3 Trimester 1 student. This is my first blog entry for our E-Commerce group assignment. Writing blogs is not my forte, so many apologies for my poor writing skills.

Normally I spend my free time eating, sleeping, watching tv…. anything other than studying! I seldom engaged in Internet activities. Usually, I will only access the Internet when I’m searching for information to complete my assignments. Therefore, there are not many websites I have always visited.

Among the more frequent websites that I visit are
www.yahoo.com, www.google.com , www.wikipeida.org which I use to search for information. Other than that, I will also log in to www.facebook.com and access my personal e-mail account via www.hotmail.com regularly to get updated news from my friends and ex-schoolmates.

That’s all for the description of my life with the simple and basic use of Internet. I hope that I will gain more knowledge about Internet or E-commerce after completing this group assignment.

Thank you for spending time in reading my self-introduction. =)

Lim Wan Leng

Just to have a brief introduction about myself. I am Lim Wan Leng. I come from Malacca, a historical city which I miss always. I am a cheerful person who like happiness a lot. My hobbies are travelling, shopping, listening to the music, singing, learning new thing and chit-chatting with friends by using window live messenger.

The top website I visit the most are:

1.
Yahoo

I visit it to check mail. There are many interesting and important information I get from those mail sending by others.
2.
Google
This web has helped a lot in my studies as it provides a lot of information that are useful in my assignment.
3.
Facebook
By visiting facebook, I get to keep in touch with my friends and family members at any time and any place. No matter how long the distance we are, we will still get the updated photo and information from them.
4.
Blogger
As most of my close friend using this to write their blog, I am always visiting it to read the blogs written by my friends to update myself with their latest news.
5.
Cari
This is the forum I visit the most because it have a lot of recent news discussion. I can get those updated news from it even I am just stay at home.

That's all for my brief introduction.
To Know me more?Please add my msn at lwanl0408@hotmail.com

Tuesday, June 9, 2009

Kam Pei Sun

Hi, my name is Kam Pei Sun, this is the first time for me writing a blog post and create a blog. I am 21 years old and I was born in Kuala Lumpur. My family member consist of my father, mother, elder sister, two younger sisters, younger brother and me. Currently, I am studying at Universiti Tunku Abdul Rahman in Sungai Long for the course of Bachelor of Commerce (Hons) Accounting in year 3 trimester 1.

I would like to introduce some of the websites that I visited the most.
1.
http://www.google.com/
I like to visit this website because by typing the topic I needed to search, I can easily find and obtain the information that I desired.

2
.
http://www.yahoo.com/
I also like to visit this website to search data and information needed for my assignment.

3.
http://wble.utar.edu.my/
I visit this website to check news uploaded by lecturer or tutor and print out the lecture notes and tutorial question paper from this website.

4.
http://www.youtube.com/
I visit this website to watch the most view videos uploaded on You Tube. This website allows us to free download the video clip as we like.

5.
http://www.hotmail.com/
I like to check my mail by visit this website. I can get funny and meaningful mails from my friends.

Chua Fend Ru

Hello, everybody. My name is Chua Fend Ru, usually my friend call me Fendi. I am a quit noisy person especially when my “mood” is good. I stay in Tangkak, Johor and my hometown famous with the shop of fabric. Now I study in Utar accounting course, why I choosing this course? Actually my personally like calculation more than science course. When I free I like to watch movie, I actually like a "homegirl", I like to stay home to online seeing those movie I like so much, and sometimes I also enjoy the feeling of shopping when my saving allow me to do so. Now, study in Utar make me feel so tension because we have a lot of assignment, mid term test and final test . So, i hope all of us can try our best to graduate.

The five internets that I visit the most are the:
1.
http://www.friendster.com/ -Throughout this website my friend can know me more.
2.
http://www.hotmail.com/ – This is the place I receive most of my mail to know the updated event.
3.
http://www.facebook.com/ – The new website that everybody hits with, I can chit chat with my friend and so on.
4.
http://www.dygod.com/ – This website I strongly recommend because most of the new movie are available here but take care of those virus.
5.
http://www.google.com/ – this is the web that helps me to search most of the info that help me to complete my assignment.