The application of 3rd party certification programme in Malaysia

Are you have done any online transaction before? To make us feel free and safe to make any transaction in online, the security is the most important factor.

3^rd party certification programme is way that can ensure the security in the online transaction. A trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; they use this trust to secure their own interactions. Certification Authority (CA) is an entity that issues digital certificate for use by other parties. A public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth

In Malaysia, MSC Trustgate.com Sdn Bhd is a licensed CA operating within the Multimedia Super Corridor. Trustgate is licensed under the Digital Signature Act 1997 (DSA), a Malaysia law that sets a global precedent for the mandate of a CA. As a CA, Trustgate’s core business is to provide digital certification services, including digital certificates, cryptographic products, and software development. They are providing several of services and products for example SSL Certificate, Managed PKI, Personal ID, MyKAD ID, My TRUST and other

MyKey, is the MyKad PKI solution that works with our physically MyKad, allowing us to authenticate yourself online and to digitally sign documents or transactions and is accepted by the Malaysian government. Therefore we can do you transaction online with government safety and reliably.

Managed PKI (MPKI) service allows company to quickly and cost-effectively develop a robust PKI and Certification Authority (CA) system with complete control over security policies, PKI hierarchies, authentication models, and certificate lifecycle management. Therefore the company need not develop the PKI by themselves from the scratch.

When we do the online transaction, we will always send out the highly confidential information such as credit card details, IC number, and password. Such information can be easily viewed or altered in transit if not properly encrypted. To avoid our confidential information be modify or view in transit, we can use Digital ID to sign & encrypt your transactions. Digital ID from MSC Trustgate.com is governed by the Digital Signature Act 1997. Without a legitimate Digital ID in your electronic transaction, ourcontract is not admissible in court in the case of dispute.

With MyTRUST, we can turn a SIM card into a Mobile Digital Identity for secure mobile banking and other financial services. Mobile digital signature provides non-repudiation on transactions under the Digital Signature Act, 1997. It runs on Wireless PKI platform and Mobile Operator infrastructure. PKI-enabled SIM cards are preloaded with MyTrust application and a digital certificate from a licensed Certification Authority. Users are able to digitally sign any transaction with ease and convenience via their mobile phone.

SSL Certificate a digital certificates which is an electronic file that enable secure confidential communications and identifies individuals and web sites on the internet uniquely by serving as sort of a digital passport or credential. It can ensure that information traveled over the Internet reaches the intended recipients and is safe from intruders. Trustgate has provided 2 type SSL Certificates to its customers.

First, Global Server ID, it adopts today's strongest encryption commercially available for secure communications via Server Gated Cryptography (SGC) technology. GSID authenticates the customer’s web sites and enables 128- or 256-bit encryption to secure communications and transactions between the site and its visitors. Every purchase of GSID comes with a VeriSign Secured Seal that the customers can display on their web site. The seal is an instant proof that the web site is genuine because customers have been verified by the World Leader of SSL Provider.

Second, Secure Server ID , it protects the transfer of sensitive data on Web sites, intranets, and extranet s using a minimum of 40-bit and up to 256-bit encryption. It also includes VeriSign Secured Seal.

Reference:
http://www.msctrustgate.com/
http://en.wikipedia.org/wiki/Trusted_third_party
http://en.wikipedia.org/wiki/Certificate_authority

Phishing : Examples and the Prevention Methods

Basically, Phishing is just like fishing, except instead of fish you are trying to capture people’s personal information such as passwords, account details, or credit card numbers.

Phishing” is actually a tactic used

by conman to pose as the actual bank, requesting for your login information, so

that they can access your account.

Usually, they do that by sending you

emails and asking you to click on the links. The page will look like the actual

login page, but it is really not.

Here are some examples of how these conman fished. It looks as if it is REAL!

This e-mail which to-be-said send by e-bay requires user to register a new account, and by such a way, they're able to steal his private informations.

This is facebook-Phishing. It's not facebook.com!

It actual originated from an e-mail where people asking you “click here” in an

email or Facebook message, asking you to log in through here to verify your account, otherwise it'll close down.

No bank, or legitimate organization will

ever send you an email and say “click here” to login - they are

“fishing” for you to bite.

Looking on all the Phishing attack that we facing everyday. Don't you afraid that you are their next fish

So, here are some of the tips for you and me to prevent this to happen.

1. Trust No Email or

Web-Site

Creating an email message that looks like it came from a

credit card company and even including their logo is not a difficult thing for

hackers to do. Some of these can be detected easily with a little detective

work, but why take the chance? When connecting to a web-site, verify that the

connection is encrypted by making sure the URL is https:// and not http. If

unsure, verify the URL by calling the institution with a verified phone number.

2. Do

not click on those links that attach on the e-mails. There are a wide

variety of phishing methods:

• You have been reported for abuse.



• Do I know you?



• Do you know her / him?



• Congrats! You’ve won 1,000,000,000 free poker chips!.



• Represent your country in playing poker!

So,

Just ignore them!!

3. Anti Phishing Software

Internet Explorer 7 and Firefox 3 have built in software for the detection

and warning against phishing links. You can enable the browsers options with

proper configuration. You can also consider the anti phishing tool bar in the

browser. Some of them can check online lists of web-sites with known problems.

4. Password Privacy

The individuals will be able to get the services an information by rendering

a trusted institution. Sometimes you might have received an email from back

about the confirmation of your password. In this case you should verify from

the email sender who they are. It might be some virus which will get your

personal data by automatic installation.

Prevention is better than cure, be smart and don't fish by them!

THE THREAT OF ONLINE SECURITY: HOW SAFE IS OUR DATA?

 

Although we can't promise that these tips will keep you 100 percent safe from hackers, but they’ll certainly make it a lot harder for interlopers to read your e-mail and IMs, fill your computer with spyware and track your Web-surfing habits.

Tips to Windows Online Security & Privacy
There are a few tips such as solutions for various popular applications which should make your system more secure and less prone to viruses. The tip has been prepared with Windows 2000 and XP users in mind, and there are a lot of the stuff that are contained here can also be applied to earlier versions of the OS to Internet Explorer and Outlook Express.

Update, Update, Update

It is very important to apply patches to your system, particularly in the case of Windows itself and Internet Explorer (most certainly if it’s your default browser) which has security holes found, usually patched soon afterward. A complete listing for Windows 98 SE, ME, 2000 and XP versions can be found on updated page.

Another extremely worthwhile download would be PivX Qwik-FIX, which adds further protection against various Windows/Internet Explorer vulnerabilities. Certainly if Internet Explorer is your browser of choice it will be worth getting.

If you' re using Windows 2000 or XP, Microsoft has an extremely useful utility available that can scan your system for potential vulnerabilities and updates as well, called Microsoft Baseline Security Analyzer. We even have a guide for using:

 

Guide 1: Networking components

 MBSA requires several Services installed & activate in order to ensure it can operate correctly. To account for any Windows 2000 differences please see information in brackets. To ensure these Services are available click on Start, (Settings) Control Panel, Network Connections (Network & Dial-up connections) & right click on your Internet connection & select Properties. Finally select the Networking tab.

Ensure that, as shown above, that Internet Protocol (TCP/IP) (Protocol), File & Printer Sharing for Microsoft Networks (Service) & Client for Microsoft Networks (Client) are installed. If any of these are not installed then select the Install button & select the Client/Service/Protocol & select the respective component to be installed.

Guide 2: Services

Now click on Start, (Settings) Control Panel, Administrative Tools & select Services. 

 

Whenever you intend to run MBSA load this utility, right click on & select Start for the following Services: Server & Workstation - You may find it more convenient to set these to Automatic instead, to do so right click on the respective Service & select Properties then the General tab & change the Startup type accordingly.

The Remote Registry service may also be required for some systems, though most likely not on stand-alone PCs (At least not on mine).

For more detailed information on adjusting Windows 2000/XP Services be sure to check out the Windows 2000 or Windows XP Services Guides. This can also aid you in better securing your system.

 

How to safeguard our personal and financial data?

How to protect our personal and financial data is primary issue nowadays. Criminals are looking for easy ways to get people’s personal and financial data to commit identity theft. It is important for us to secure our data by out of suffer loss, damage and misuse.
The most frequent safeguard tool is through a username and password. We need it when we want to access in our own pages. When we selecting our password, should avoid using that are easy to guess, such as your name, date of birth and etc. Besides, change the password frequently to increase the safeguard level. Some of websites(eg. Public Bank, Maybank2u, etc.) will suggest or strict you to set the password with the mix of number and alphabet. This also a best way to secure your data too! The most important is not disclose to others and clear the cache after log out.
Next, we can use the biometric device for protection. Nowadays, biometrics is used as a form of identity access management and access control. It measuring and analyzing human body characteristics, such as fingerprints, eye retinas, irises, voice patterns, facial patterns and hand measurements. It is for authenticate purpose to verify your identity. Biometric device is become popular nowadays. We can found this device on our laptop too!
Antivirus, firewalls, spyware is common security software. Uses a strong antivirus and firewalls also can help in enhance the security level. It protect your computer by unallowable those unauthorized intrusions. In additions, never ever respond to spam as it will bring them malicious software such as Trojan Horses and many more viruses that will cripple your computer and retrieve your information.

These are the most common and easier way for us to protect our data. Don’t make the thieves’ jobs easier anymore!

Link:
1. http://www.fool.com/personal-finance/general/2006/09/23/safeguard-your-financial-life.aspx
2. http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci789799,00.html

Identify and compare the revenue model for Google,Amazon and ebay

A revenue model is a description how the organization earn their revenue. There are 5 main revenue model, Sales, Transaction fees, Subscription fees, Advertising fees, and Affiliate fee.

The main revenue of Google is advertising fees, accounted 97% of its year 2008 revenue

Google AdWords is a program that enables advertisers to place advertisements in Google's search results and the Google Content Network. Most of AdWords advertisers pay on a cost-per-click basis or on a cost-per-impression basis.

Google AdSense refers to the online programs through which Google distribute their advertisers’ AdWords ads for display on the web sites of their Google Network members.Google will share most of the advertising fee generated with that member.

Besides, Google also earn money through subscription fee, for example Google Apps Premium Edition which includes such extras functions like more disk space for e-mail, API access, and premium support, for a price of US$50 per user per year.

The primary source of Amazon’s revenue is the sale of a wide range of products and service to customers, accounted 97%of its year 2008 revenue.

Besides, Amazon generates revenues by subscription fee, for example Amazon Prime, which offers customers unlimited expedited shipping with no minimum purchase amount for $79 per year. Furthermore, Amazon also generates revenue by advertisement fee, but it just accounts a small percentage of Amazon total revenue

Amazon also will receive commission on certain percentage of sales from its WebStore service, which allow merchants create e-commerce websites using Amazon technology. They can customize their sites using their own photos and branding.

EBay generates most of its revenue from transaction fee (Marketplace, Payments, Communications), which accounted 97% of its year 2007 revenue. In marketplace, EBay generates revenue from a number of fees, for example list a product (Insertion Fee), fees when the product sells (Final Value Fee).For payment, it earn transaction fees from the PayPal which is main payment means use in the EBay transaction..

Advertising fee and other accounted the other 3% of the EBay revenue.

In conclusion, each of these 3 companies derived most of their revenue by different way,

Google has a strong presence in the online search engine advertising market; Amazon is a top e-retail site which sells a wide range of product. And EBay is a leader in online auction site which earn revenue from transaction fee.

Reference

http://ecommercesite.wordpress.com/2008/06/12/identify-and-compare-the-revenue-model-for-google-amazoncom-and-ebay/

http://www.modeeworld.com/forums/paypal-discussions/220-paypal-overtaking-ebay-revenue-model.html

http://ecommerze.wordpress.com/2008/06/13/revenue-models-of-google-ebay-amazon/

http://en.wikipedia.org/wiki/Amazon

http://en.wikipedia.org/wiki/Google

http://en.wikipedia.org/wiki/EBay