Wednesday, July 18, 2007

Lack of Information Security Conern in India - Part 2

Continuing from where I left...
The only sector which has a little bit of sense of security is the financial sector.
That too they have learned from the foreign financial institutes. There has been lots
of wire frauds, cracking in the financial sector. Lots of time this kind of cracking is
done by a script kiddie.
(For the Dummies: Script Kiddie is a person who just downloads
some programs and try to attack on a computer system without understanding what the program
does. I have also seen conditions where the script kiddies are using some windowz cracking program
against the linux sytems)
The most famous crack in the financial sector is phishing ( pronounced as Fishing).
Phishing is done by using social engineering techniques. Phishers attempt to fraudulently acquire
sensitive information, such as usernames, passwords and credit card details, by acting as a mail came from the financial institute. eBay and PayPal are two of the most targeted companies, and online banks are also common targets.
Phishing also work most of the times when there is no concern about security in the users mind. No I have a concern for
security. i know that no bank in the world will ask me to send my password in the mail. But lots of normal users dont
understand this. Phishing also used Fake websites lots of times. But if the user is carefull to look at the url bar to
see that the url of the site is different that the url user is visiting then harm can be avoided. I know some of you will say that there are some java scripts that try to cover the address bar by a image of the leagal url. But this type
of phishing is more sophisticated and not that much in numbers. (If we disable javascript for unknown site we can stop this kind of attack.) Lot more phishing is done by script kiddies than the pros. I wont say we will be 100% percent secure but with a little bit of awareness we can avoid these script kiddies. So I again say that awareness in people is must.

No comments: