The application of 3rd party certification programme in Malaysia

The most famous application of 3rd party certification program in Malaysia is provided by the MSC Trustgate.com Sdn Bhd. MSC Trustgate.com Sdn Bhd was incorporated in 1999 and is a licensed Certification Authority (CA) under the operation of the Multimedia Super Corridor. Certification Authority is the body given the license to operate as a trusted third party in the issuance of digital certificates.

The objective of MSC Trustgate is to secure the open network communications from both locally and across the ASEAN region. Trustgate provide digital certification services such as digital certificates, cryptographic products and software development. The products and services of Trustgate are SSL Certificate, Managed PKI, Personal ID, MyTRUST, MyKAD ID, SSL VPN, Managed Security Services, VeriSign Certified Training and Application Development. The vision of Trustgate is to enable organizations to conduct their business securely over the internet, as much as what they have been enjoying in the physical world.

Digital certificate usually attach to an e-mail message or an embedded program in a web page that verifies that user or website is who they claim to be. The common functions of a digital certificate are user authentication, encryption and digital signatures. User authentication provides other security than using username and password. Its session management is stronger. Encryption can make the data transmission secured by using the information encrypted. The intended recipient of the data is only person to receive the message. Digital signatures are like the hand signature in the digital world. It can ensure the integrity of the data.

By using the digital certificate, the users will be able to make transaction on the internet without fear of having the personal data being stolen, information contaminated by third parties, and the transacting party denying any commercial commitment with the users. Furthermore, the digital certificates can assist the development of greater internet based activities.

The Website of MSC Trustgate:
http://www.msctrustgate.com/

-End of Post-

The threat of online security: How safe is our data?

Nowadays, the threat of online security has always trouble the user of inter net. It is a serious matter for internet user regardless of who you are as long as you have given out your private information such as name, credit card number or even bank accountnumber. Its say so because the moment you give out you information on the web, you are actually expose at the danger of losing personal data or theft of important data which maybe in form of business information, cash at your bank.

Furthermore, some of the illegal activities including hack into internet user’s computer through malicious software. Typically, these malicious software including virus, worm, rookit and Trojan horse application. These software are always can be found at the website that is more likely being trust by public to be visit even user surf the business website or download something from the web.

Also, the ‘private’ information of the user can also being track back notwithstanding the file has been deleted at the ‘recycle bin’. These fact show us that the data are actually available publicly for the ‘hacker’ once the data have been store in the computer.
In fact, the Trojan horse applications are also hard to be found through the software. For the internet user, the way to be protected from online threat including acquire a antivirus software product and also a firewall application. The benefit of using a firewall, is that even if your system were to become compromised, the design of the firewall's rules would prevent the connections from being allowed through it.

Phishing: Examples and its prevention methods.

Phising, is actually a variation on "fishing" but the idea behind this is almost the same as both of them are trying to tempt ‘fish/victim’ through the ‘bait’. The difference between them is that the ‘phising’ is trying to get the private or sensitive information criminally. A phishing technique was described in detail as early as year 1987, it can be carried out under the name of online business transaction website, such as Pay Pal, e Bay and online banks.

A phiser can conduct criminal activities by sending an email or instant –message to ask the potential victim ‘update their account’, ‘verify their user account’,or "confirm billing information" under illegal website such as e-bay, which in fact is an illegal website. The one who response in action to the email will then become the victim as the phiser can get the sensitive information through these ‘illegal website’. The phiser can do anything they wish for fraudulent purpose.

There are several different techniques to combat phishing, including legislation and technology created specifically to protect against phishing.

Internet user should not give out their private information easily on the web. They can always contact the company which the e-mail originates to confirm the action of ‘verify account'.
Use anti-phishing toolbars as it can display the domain name for the visited website.
The petname extension for Firefox lets users type in their own labels for websites, so they can later recognize when they have returned to the site. If the site is suspect, then the software may either warn the user or block the site outright
Another popular approach is to maintain a list of known phishing sites and to check websites against the list. Microsoft’s IE7 browser, Mozilla Firefox 2.0 , and Opera all contain this type of anti-phishing measure.
The users are also suggested to augmenting the login password.
Specialized spam filters can reduce the number of phishing e-mails that reach their addressees' inboxes. These approaches rely on machine learning and natural language processing approaches to classify phishing e-mails.
Several companies offer banks and other organizations likely to suffer from phishing scams round-the-clock services to monitor, analyze and assist in shutting down phishing websites Individuals can contribute by reporting phishing to both volunteer and industry groups such as Phish Tank.

how to safeguard our personal and financial data???

Data can be defined, or classified, with labels such as public, personal, sensitive, confidential, secret, top-secret, or other categories. The more valuable or sensitive the data, the more it needs to be protected. The following tips will help you to safeguard your personal and financial data:

1. Password-protect your access - Use a strong password or pass-phrase to protect access to your data.. A combination of uppercase and lowercase letters, numbers, and symbols will offer you more security.
2. Limit transportation and transmission of data - Refrain from transporting or transmitting sensitive/confidential data if you don't need to do so.
3. Restrict network or shared access - Do not allow anyone access to sensitive/personal data unless they specifically require access.
4. Temporary data storage - If you need to store sensitive/confidential data temporarily on a memory stick, laptop, or other device, remove that data from the device when you have finished.
5. Establish guidelines for computer use - If there are multiple people using your computer, especially children, make sure they understand how to use the computer and Internet safely. Setting boundaries and guidelines will help to protect your data.
6. Avoid accessing financial information in public - resist logging on to check your bank balance when working from a coffee shop that offers wireless access.
   Reference: http://www.msisac.org/awareness/news/2007-03.cfm