Wednesday, May 26, 2010

How does cybercrime affect people?


I brought you here a short story to understand the situation better.
sara' story
Sara is a human resources professional who lives in a small town in malaysia. She has used a computer in her job for more than ten years. At work, her computer is maintained by her organization’s IT department, and she has never experienced any security problems with the computer in her workplace.
sara believes that she is at low risk of online fraud for the following reasons:
1-She never shops online because she doesn't want to risk exposing her credit card information
2-She uses her home computer only for personal email with friends and family
3-Occasionally she looks other things up on the Web, but not often.
sara's situation seems totally safe but Unfortunately it is not.
At work one day last summer, she heard about a new Internet Explorer browser vulnerability;She wanted to be sure her home computer was protected too, so when she got home she went online to get more information about the vulnerability, and determine if she was protected. Using a popular search engine, she found a Web site that offered not only information about the vulnerability, but the option to have a patch for the vulnerability downloaded automatically to her computer. Sandra read the information, but opted not to accept the download since she was taught to download information only from authorized sources. Then she went to the official Microsoft site to obtain the patch.
what went wrong?
Unfortunately, as sara was reading information about the vulnerability on the first site, the criminal who had created the Web site was taking advantage of the fact her computer actually had the vulnerability. In fact, as she was clicking "No" (to refuse the download that was being offered), unbeknownst to her the automatic installation of a small, but powerful, crimeware program was already taking place on her computer.
Simultaneously, the Web site’s owner was already receiving a notification that the keystroke logger had been secretly and successfully installed on Sara’s computer. The program was designed to covertly log everything she typed in from that moment on, and to send all of the information to the Web site owner as well. It functioned flawlessly, too - recording everything Sara typed- every Web site she visited, and every email she sent, passing the stolen text on to the cybercriminal.
Later that evening, Sandra finished up her monthly online banking. As she logged into her personal bank account, the keystroke logger recorded those keystrokes too, including confidential information: the name of her bank, her user ID, her password.
When Sara went to make a deposit the several weeks later and asked for her balance statement, she was shocked to find that her bank account was almost empty. Sara had been the victim of a cybercrime.

Tuesday, May 4, 2010

How Anonymous Are You?


You may think that you are anonymous as you browse web sites, but pieces of information about you are always left behind. You can reduce the amount of information revealed about you by visiting legitimate sites, checking privacy policies, and minimizing the amount of personal information you provide.

When you visit a web site, a certain amount of information is automatically sent to the site. This information may include the following:
1-IP address - Each computer on the internet is assigned a specific, unique IP (internet protocol) address. Your computer may have a static IP address or a dynamic IP address. If you have a static IP address, it never changes. However, some ISPs own a block of addresses and assign an open one each time you connect to the internet—this is a dynamic IP address. You can determine your computer's IP address at any given time by visiting www.showmyip.com

2-domain name - The internet is divided into domains, and every user's account is associated with one of those domains. You can identify the domain by looking at the end of URL; for example, .edu indicates an educational institution, .gov indicates a US government agency, .org refers to organization, and .com is for commercial use. Many countries also have specific domain names. The list of active domain names is available from the Internet Assigned Numbers Authority (IANA).

3-software details - It may be possible for an organization to determine which browser, including the version, that you used to access its site. The organization may also be able to determine what operating system your computer is running.

page visits - Information about which pages you visited, how long you stayed on a
4-given page, and whether you came to the site from a search engine is often available to the organization operating the web site.
If a web site uses cookies, the organization may be able to collect even more information, such as your browsing patterns, which include other sites you've visited. If the site you're vising is malicious, files on your computer, as well as passwords stored in the temporary memory, may be at risk.
now the important question is this " How can you limit the amount of information collected about you?"
there are some way to limit the amount of information that you share. can you help me with that?
thank you
sanaz