Archive for March, 2008

Online Security, The Importance Of Passwords For Online Services

Thursday, March 27th, 2008

Most online services require to you login with a username and password. While the username is generally visible as you key it, the password is normally blanked out or has the asterisk sign substituted for each character of the password. For example, a password like ‘towimx44’ might appear as ” ******** ” as it is being entered. The objective of this is to make sure that people cannot see your password as you key it. However, there are a few more ways in which the confidentiality of your password could be compromised. We will discuss these issues in the subsequent paragraphs, you will become of few simple measures that could help keep your password safe.

Choosing a password: Do not use a very small password, most websites fix a minimum length for passwords. Always use a password that is at least 8 characters long, combine alphabets, digits and even special symbols if allowed. Do not use your name as a password, avoid using simple words like ‘house’, ‘eternity’ etc. Hackers have special programs that can generate almost every word in the English dictionary. Guessing conventional words is therefore not very difficult, remember to combine digits, alphabets and symbols. A password like ‘IwHyE545’, might sound tough to remember but,the secret lies in creating a password with some logic. The above password could have been created by choosing the first alphabet, of each word from this sentence, I was Hungry yesterday Evening at 5.45pm”.

Keeping passwords: Do not scribble your password near your computer, or in way that any person could identify it as a valuable password. If you must write down passwords, develop some conventions that would help keep them safe. For example, referring to our password mentioned above, ‘IwHyE545’ could be written as ‘WhYw545I’. What we have done is taken off the first character (I) in the password and placed it at the end. We have then changed the alphabets from small to big case and vice versa. While it is best not to note down passwords, millions of computer users do note them down. Never send passwords through emails, online chats etc. If you must note your password, do so in a place that is not near your computer. Also develop some sort of code that will allow you to juggle the characters of your password when you write it down.

Not the same password: Most computer users would typically access around half a dozen online services that need a username and password. If this is true with you, do not use the same password for more than one login. For example, do not use the same password for your email and online banking service. Using the same password for many services means that, you expose all the services if the password is compromised. It might not be possible to do this in certain cases. If you have a Hotmail email account and also use MSN Messenger, try to login to MSN messenger. Once logged in, you can see a link to your Hotmail email account, click it and you would be accessing your Hotmail account in a few moments. This is a bad feature, it means that you can never leave your MSN messenger even for a few minutes. If you did so, any person seated near your computer could click the Hotmail link and read your personal emails.

Change passwords periodically: It is a good idea to change your password periodically. Depending on how sensitive the information that you password protect is, change of password can be done anywhere from once a week to every month. Most of us stay alert when choosing a password for the first time, a certain degree of compacency creeps in if we have to change the password ever week or month. Some online services do not allow the same password to be repeated within a month, this is done for your security so do not fume and fret. Resist the temptation of changing to passwords that are similar to other passwords that you could be using.

Certain online services have implemented algorithms that actually check the ‘strength’ of a password that you select. So if you chose a password that is similar to your first name or last name, you get a message regarding the ‘weekness’ of the password. You should also stay alert to fraudsters who try to get your password and misuse it. It is safe to say that you should trust no one with your password, keep it confidential. Stay updated with various phishing scams that try to extract confidential username and password details. A breach of security for your online financial services account could be severe, such frauds can ruin a person or organization financially. Online financial services include, online banking, credit card accounts and even online payment facilities like Paypal and StormPay.

Online Auction Frauds, Inflating Auction Bids. Beware Of Online Auctions.

Wednesday, March 26th, 2008

An auction is a type of sale where the seller puts up an item for auction and invites bids, the highest bidder gets the item and needs to pay the bid amount. Online auction websites have few types of pricing options for sellers to choose from. The seller could choose to have a minimum bid auction, this means that the bidder will need to place a bid that is at least as much as the minimum bid fixed by the seller. The second type of auction pricing is a ‘no reserve price’ type, such auctions attract more bidders. In a no reserve price auction, the seller does not place any minimum starting bid, the bidder who bids the most gets the item and pays for it.

Buyers often rush to bid on online auctions assuming that, they will get some great bargains. However quite a few sellers have learnt some smart tricks. The auction is started by the seller with a very low starting price (minimum price) or, with no minimum price (no reserve auction) at all. This often means lower listing fees for the seller but, there is more to this. The seller then appoints ‘bidders’ to bid for his items and gradually push the price up. Genuine bidders will therefore be encouraged to place increasingly higher bids if they expect to win the auction. Online auction websites have some sort of checks to control such frauds but, sellers learn fast and quicky change their tricks.

This is just one type of fraud that is perpetuated on online auction websites. The bidders who suffer the most are those who bid for jewelry and gemstones. Sellers have no interest in educating buyers regarding the features and limitations of various gemstones and jewels, the instant thrill of online auctions makes this old fashioned! Low quality reject jewels and gems are hunted down by hundreds of online auction sellers. These are then dumped on online auction websites, sellers keep fingers crossed and hope for some innocent bidder to get tangled in their tricky web. You might be fine making an auction purchase for a casual jewel, but for jewels of value and jewels with meaning (wedding rings, birthstone rings, mothers rings etc) choose a custom jeweler to get the job done. A good purchase needs to be preceeded with a lot of cross communication between you and your jeweler. The 7 or 10 day period of online auctions might give you an instant thrill, might even get you something cheap, but this will always come at the expense of quality and longterm durability.

Very few fraudulent online sellers actually get caught, this link has the report of one such case. There are hundreds more who never get reported or caught. http://www.nytimes.com/2007/06/09/business/09auction.html



Paypal, Keeping Your Credit Card Safe

Tuesday, March 4th, 2008

There is one very clear advantage of using Paypal over using a credit card for online payments. When you utilize a credit card to pay for an online transaction, details like the credit card number, holders name and even the billing address needs to be disclosed. These details will be disclosed to every seller from whom you purchase a product of service and use a credit card to settle payment.

Opening a verified account in Paypal does require a credit card validation but, the details of your credit card remain only with Paypal. They will not be disclosed to every seller that you pay through Paypal. There are cases where you will fund a Paypal pay transaction through your credit card, even in these circumstances details of your credit card remain with Paypal.

This is one very important advantage in using Paypal to pay for your online transaction. You should ofcourse stay informed regarding the various security measures that will enable to keep your Paypal account safe.

Instant Messengers, Yahoo, MSN, Skype Etc.

Sunday, March 2nd, 2008

Instant messengers like Yahoo Messenger, Skype and MSN Messenger have become very useful and extremely popular. The technical advancement in these messengers has been rapid and astounding, what started out as mere text exchanges has mode to video and voice. Today a whole lot of multimedia and telephony features have been added to these utilities. Unfortunately, using these without completely understanding their implication could be dangerous to the user and even the organization. In this article we will pin point a few issues that need to be understood when using Instant messengers for home or office use.

Children: Instant messengers can pose serious threat to innocent children, adults with bad intentions could exploit children in a number of ways. Children using Instant messengers have been known to disclose confidential information over text and audio chats. Such information could include, school name and address, their actual names and address, status of their parents etc. Slightly older children using the internet might also send images and live video through these Instant messengers. Teachers have in some cases (with good intentions) taught children how to get free email services by disclosing factual name, address and other information.

Office: Instant messengers like Skype, MSN and Yahoo are widely used in offices. The usage is not limited to personal communications, official works if often handled through such utilities. If this is the case in your office, you will need to be aware of a few things. Documents, images and probably even audio video footage can be stolen out of your organization through these Instant Messengers. Technology used to develop these messengers is becoming increasingly advanced and secure. Secure encryption is used to transmit data (text, audio and video) to and from the Instant Messenger. An organization losing data in this way might find it difficult to prove the contents of the data being transmitted. Security measures are available and every organization should implement such measures.

Personal: If you use Instant Messeging services for your personal use, read the above and then give attention to these further issues too. Do not dislcose any personal information while chatting over these utilities. It is possible that the receiver has set an ‘auto save conversation’ option to ‘yes’. If this is true, anyone having access to that computer and login could see the conversation. This possibility increases with the rampany use of laptops. People could lose, misplace or leave laptops unattended, this increases the chances of others accessing the information on the computers.

Messenger and email: If you use MSN messenger, you might not be aware of a very common and possible security threat. Users often login MSN, and remained login even when not on their seat. All that is done is put the status to ‘away’. This might seem like a harmless thing but, the point is that a person coming and sitting on the users desk could access the email (hotmail) account of the user that is logged in. This refers to the email that is connected to the MSN login.

The above are just some of the threats posed by Instant Messengers. There surely will be solutions to plugging such threats but, very few people are aware of the dangers and very few have access to these security solutions. Education is of prime importance, each of us would need to be unselfish and ensure that the our friends, relatives and collegues are kept updated regarding such online security threats.