A review on a post on Internet Security from My E-Commerce blog

According to "My E-Commerce" Blog, the post of favourite password used online research done by Information Week on an analysis of 28,000 passwords from a popular website:

• 16% uses name (yes, your own name, spouse or children)
• 14% likes "1234" or "12345678" (easy and nice)
• 4% uses "password" or "password1" (password = password)

Some other common passwords includes:

• qwerty (English keyboard letters below the numeric keys)
• hannah, pokemon, matrix, ironman (popular tv show stars)
• iloveyou, ihateyou

In our opinion, a password is like a key to our home. If someone steals it, there are chances he/she will use it to steal something else. We use passwords everywhere in our life, but the life of an Internet user is absolutely impossible without passwords: e-mail, online discussion groups, e-bank, commercial websites - all of them use password-based authentication.

Create a Strong PASSWORD !

Do's:

• Combine letters, symbols, and numbers that are easy for you to remember and hard for someone else to guess.
  
• Create pronounceable passwords (even if they are not words) that are easier to remember, reducing the temptation to write down your password.
  
  
• Try out using the initial letters of a phrase you love, especially if a number or special character is included.
  
  
• Take two familiar things, and then wrap them around a number or special character. Alternatively, change the spelling to include a special character. In this manner, you get one unfamiliar thing (which makes a good password because it is easy for you and you alone to remember, but hard for anyone else to discover).

Examples:

"Phone + 4 + you" = "Phone4you" or "Fone4y0u"
"cat + * + Mouse" = "cat*Mouse" or "cat*Mou$e"

Don'ts:

• Don't use personal information such as derivatives of your user ID, names of family members, maiden names, cars, license tags, telephone numbers, pets, birthdays, social security numbers, addresses, or hobbies.
  
• Don't use any word in any language spelled forward or backward.
  
  
• Don't tie passwords to the month, for example, don't use "Mayday" in May.
  
  
• Don't create new passwords that are substantially similar to ones you've previously used.
  
  

The threat of online security: How safe is our data?

There have two major types of attacks- nontechnical and technical.



Nontechnical attack is an attack that uses chicanery to trick people into revealing sensitive information or performing action that compromise the security of a network. Example of nontechnical attacks are pretexting, social engineering.


Social engineering that uses some ruse to trick users into revealing information or performing an action that compromises a computer or network. For example, they will persuade employee to get passwords to access the company internal information.

At a high level, social engineering attacks are Web 2.o. As more users take adventage of Web 2.0 application like social networking sites, blogs, wikis, and other crinimals are going to exploit them.

Phisihing is a broadly launched social engineering attack in which an electronic identity is misrepresented is an attempt to trick individuals into revealing credentials.

Prevention of social engineering

In order to stop social engineering attacks is depends on the victims. Certain positions within an organisation are clearly vulnerable , such as those has private access and confidential information. The company can provide training that all users should learn how to avoid becoming a victim of manipulation. Other ways to prevent is to develop specific policies and procedures.

1. Education and training


2. Policies and procedures


3. Penetration testing

Technical Attacks- An attack perpetrated using software and sysem knowledge or expertise.

1. Denial of service ( DOS) attacks

--- attacker gains illegal administrative access to as many computer on the internet as possible and uses these multiple computer to send a flood of data packets to the target computer.

2. Virus
-- A piece of software cade that inserts itself into a host, including the operating system, to propagate, it requires that its host program be run to activate it.

3. Worm

--A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or devour files on a targeted computer.

4. Trojan horse

--A Trojan horse, or trojan for short, is a term used to describe malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system.

How computer viruses work