The Internet is not a Place for Ostriches

A recent report shows the following frightening statistics (Websense 2009):

  • 233% growth in malicious Web sites in the last six months
  • 7% of malicious Web sites are legitimate sites that have been compromised – in most cases they don’t even know it!
  • 95% of user generated comments to blogs, message boards, chat rooms, etc are spam or malicious.
  • More than 47% of the top 100 sites support user-generated content.
  • 87.7% of email messages were spam.
  • 37% of malicious Web / HTTP attacks included data-stealing code.
  • 57% of data-stealing attacks are conducted over the Web.

When it comes to Internet Security, ignorance is not bliss. Gone are the days of stumbling upon an obvious phishing site where typo’s, poor graphics and other warning signs sounded the alarm. Today’s attackers are much more sophisticated. They are after critical personal information – they are targeted, focused and relentless. The increase of data-stealing Trojans and DNS poisoning tactics has lured many unsuspecting Web visitors to malicious sites where criminals can steal personal information from their victims.

- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -

   Solve Five Key IT Security Challenges
   with Cloud-Based Authentication

- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -

The hunt for private information such as log in credentials and credit card details has become the new gold rush – with unscrupulous prospectors. Identity theft, credit card fraud and other attacks are rife on the Internet.

For this reason, protecting your online persona is a critical component to any personal or business digital strategy. The use of private or MPKI SSL Certificates to encrypt email can ensure that your messages are safe en route. Some of these are offered as free services to individuals. Secure authentication services such as tokens, mobile one-time-pins and other, which are managed and changed regularly – can help to keep your private information secure. The use of good anti-virus software, using the latest Web browser and regularly updating both will go a long way to boosting your security.

When someone visits your site, they ask themselves, “Will my information be safe with you?” As a business – you can increase consumer confidence by implementing an SSL Certificate (especially Extended Validation EV) to show them that they can transact with your site without fear of compromise.

The Internet is not a place for ostriches. You can’t bury your head in the sand and hope that “it won’t happen to me”. The old adage “Prevention is better than cure” definitely applies in this instance. Rather find out what options are available to protect yourself. You’ll be surprised at how quickly and easily you can increase your personal and professional security.

Bronwyn Johnson

About Bronwyn Johnson

Bronwyn Johnson is an author and freelance technology journalist. Passionate about technology and gadgets, Bronwyn has been involved with IT sales and marketing for over 15 years. She is currently working for VeriSign as a Product Marketing Manager based in Cape Town, South Africa.

, , , ,

7 Responses to The Internet is not a Place for Ostriches

  1. Kelly Ledger October 7, 2009 at 2:11 am #

    Great article Bronwyn, some scary stats. Someone should develop an easy to use (for the public) password generator that not only generates passwords, but updates your password profile on various sites where the user has login credentials. We all know the nightmare of keeping track of passwords, any help would be a blessing!

    Keep writing!

  2. Bronwyn Johnson
    Bronwyn Johnson October 7, 2009 at 2:12 am #

    Hi Kelly, good to hear from you again! Thanks for the great suggestion.

  3. David October 7, 2009 at 7:42 am #

    Storing passwords in your browser is not secure unless those passwords are encrypted. In Firefox, you can set a ‘Master Password’ that you have to enter in order to access your saved passwords. On the Tools menu, choose Options and press Security. Select ‘Use a Master Password’; you may need to use the feature to change your master password to set an initial password.

    Trustworthiness of sites is a big issue. For secure sites, it’s well worth viewing the “Subject” of the certificate, which ideally will tell you more about the site. This feature isn’t just limited to EV certificates; SSL is about more than encryption and ideally certificates should include information about who they were issued to. Unfortunately a lot of certificates on the Internet are DV certificates where only the ownership of the domain was verified and these certificates don’t contain any useful information in the subject. Ideally any site handling personal or financial information will have a better certificate than a DV one.

    Free DV certificates and inexpensive certificates at higher levels of verification can be had from StartSSL – https://www.startssl.com (no connection other than as a satisfied customer and as a volunteer notary in their Web of Trust programme).

    Talking of Webs of Trust, http://www.mywot.com has a free Web of Trust for web sites offering ratings for “Trustworthiness”, “Vendor reliability”, “Privacy” and “Child safety”. There’s free add-ons for Firefox and Internet Explorer that display the ratings.

    Ideally sites would move on beyond passwords to using client certificates. Managing a multitude of client certificates would be a nightmare, but OpenID can come to the rescue. StartSSL has a solution here – once you have your free client certificate, you can sign up to their free OpenID provider. Unfortunately many OpenID capable sites do not yet work reliably with StartSSL’s OpenID provider.

  4. Bronwyn Johnson
    Bronwyn Johnson October 8, 2009 at 12:08 am #

    Thank you for your comments David. Personally, I recommend purchasing SSL Certification from the leading brands.

  5. Imamuddin December 3, 2009 at 12:02 am #

    Hello
    Thanks for the statistical picture of WWW. Now a common man can not live without that. Everyone can not afford to have all the security measures for protections from attacks. Internet regulatory bodies should work out some solution in this direction. Like most of the antiphising, malaware, infested websites are in the black list of security softwares. If such websites remain for more than a day they should be blocked golbally untill they stop their evil activities and sign the agreement either with domain registrar, DNS provider or any new entity created to regulate such matters. As a second step they should be tracked and brought to the book of cyber laws like dealing with criminals in daily routine.

    Is there anything like this coming up?

    Lets hope for the best.

    Imamuddin

  6. Bronwyn Johnson
    Bronwyn Johnson December 3, 2009 at 12:26 am #

    Thank you for your comments Imamuddin.

    I agree that we need tighter controls over phishing site owners. The problem is that they come and go so quickly it is not easy to keep track.

    At VeriSign we use the services of a brand protection agency to assist us when we identify fraudulent sites. They initiate take down procedures and have been very effective. I’ve noticed, however, that as we’ve come closer to the festive season, the reports of fraudulent sites has increased. The public should be particularly careful during this time.

    I’m pleased to see that the global community has become more aware of the threats posed by these sites and services such as http://www.phishtank.com have been launched to report fraudulent sites.

    In the UK, the authorities have also become more open to reports of fraudulent sites and they can be reported at http://www.consumerdirect.gov.uk

    The public really needs to be aware of these dangers and in our effort to provide information, we have launched http://www.phishornophish.com (also available in about 11 other languages) which helps you to tell the difference between a fraudulent and a genuine site. Another great site is http://www.trustthecheck.com which gives a lot of tips on how to stay safe online.

    I’m not sure if there is an official cyber crime book but I do know that the authorities all over the world are clamping down on cyber crime. A perfect example was Operation Phish fry which saw the FBI and authorities from all over the world arresting nearly 100 suspect hackers from US and overseas.

    Thanks again for your comment. I hope you have a great day!

    Regards

    Bronwyn

  7. Imamuddin December 4, 2009 at 2:57 pm #

    Hello Bronwyn,

    Thanks for the response.

    Even though those fraudulent sites come and go quickly, they can still be traced, tracked and catched, and brought to the books of law, including their service providers. If this exercise is done for a few cases the attacks will eventually slow down. Festive seasons are to enjoy and not to be fool innocents, as those phisers are doing. But prior to that a legal provision has to be made in this direction for Internet clients and service providers.

    How about preparing RFP in this direction to be submitted to Internet regulating authorities.

    Imamuddin

Leave a Reply


*