Comments on: The Internet is not a Place for Ostriches

Channel Description:

Latest Articles in this Channel:

10/07/09--03:11: By: Kelly Ledger (chan 1932799)

Great article Bronwyn, some scary stats. Someone should develop an easy to use (for the public) password generator that not only generates passwords, but updates your password profile on various sites where the user has login credentials. We all know the nightmare of keeping track of passwords, any help would be a blessing! Keep writing!


10/07/09--03:12: By: Bronwyn Johnson (chan 1932799)

Hi Kelly, good to hear from you again! Thanks for the great suggestion.


10/07/09--08:42: By: David (chan 1932799)

Storing passwords in your browser is not secure unless those passwords are encrypted. In Firefox, you can set a 'Master Password' that you have to enter in order to access your saved passwords. On the Tools menu, choose Options and press Security. Select 'Use a Master Password'; you may need to use the feature to change your master password to set an initial password. Trustworthiness of sites is a big issue. For secure sites, it's well worth viewing the "Subject" of the certificate, which ideally will tell you more about the site. This feature isn't just limited to EV certificates; SSL is about more than encryption and ideally certificates should include information about who they were issued to. Unfortunately a lot of certificates on the Internet are DV certificates where only the ownership of the domain was verified and these certificates don't contain any useful information in the subject. Ideally any site handling personal or financial information will have a better certificate than a DV one. Free DV certificates and inexpensive certificates at higher levels of verification can be had from StartSSL - https://www.startssl.com (no connection other than as a satisfied customer and as a volunteer notary in their Web of Trust programme). Talking of Webs of Trust, http://www.mywot.com has a free Web of Trust for web sites offering ratings for "Trustworthiness", "Vendor reliability", "Privacy" and "Child safety". There's free add-ons for Firefox and Internet Explorer that display the ratings. Ideally sites would move on beyond passwords to using client certificates. Managing a multitude of client certificates would be a nightmare, but OpenID can come to the rescue. StartSSL has a solution here - once you have your free client certificate, you can sign up to their free OpenID provider. Unfortunately many OpenID capable sites do not yet work reliably with StartSSL's OpenID provider.


10/08/09--01:08: By: Bronwyn Johnson (chan 1932799)

Thank you for your comments David. Personally, I recommend purchasing SSL Certification from the leading brands.


12/03/09--00:02: By: Imamuddin (chan 1932799)

Hello Thanks for the statistical picture of WWW. Now a common man can not live without that. Everyone can not afford to have all the security measures for protections from attacks. Internet regulatory bodies should work out some solution in this direction. Like most of the antiphising, malaware, infested websites are in the black list of security softwares. If such websites remain for more than a day they should be blocked golbally untill they stop their evil activities and sign the agreement either with domain registrar, DNS provider or any new entity created to regulate such matters. As a second step they should be tracked and brought to the book of cyber laws like dealing with criminals in daily routine. Is there anything like this coming up? Lets hope for the best. Imamuddin


12/03/09--00:26: By: Bronwyn Johnson (chan 1932799)

Thank you for your comments Imamuddin. I agree that we need tighter controls over phishing site owners. The problem is that they come and go so quickly it is not easy to keep track. At VeriSign we use the services of a brand protection agency to assist us when we identify fraudulent sites. They initiate take down procedures and have been very effective. I've noticed, however, that as we've come closer to the festive season, the reports of fraudulent sites has increased. The public should be particularly careful during this time. I'm pleased to see that the global community has become more aware of the threats posed by these sites and services such as www.phishtank.com have been launched to report fraudulent sites. In the UK, the authorities have also become more open to reports of fraudulent sites and they can be reported at www.consumerdirect.gov.uk The public really needs to be aware of these dangers and in our effort to provide information, we have launched www.phishornophish.com (also available in about 11 other languages) which helps you to tell the difference between a fraudulent and a genuine site. Another great site is www.trustthecheck.com which gives a lot of tips on how to stay safe online. I'm not sure if there is an official cyber crime book but I do know that the authorities all over the world are clamping down on cyber crime. A perfect example was Operation Phish fry which saw the FBI and authorities from all over the world arresting nearly 100 suspect hackers from US and overseas. Thanks again for your comment. I hope you have a great day! Regards Bronwyn


12/04/09--14:57: By: Imamuddin (chan 1932799)

Hello Bronwyn, Thanks for the response. Even though those fraudulent sites come and go quickly, they can still be traced, tracked and catched, and brought to the books of law, including their service providers. If this exercise is done for a few cases the attacks will eventually slow down. Festive seasons are to enjoy and not to be fool innocents, as those phisers are doing. But prior to that a legal provision has to be made in this direction for Internet clients and service providers. How about preparing RFP in this direction to be submitted to Internet regulating authorities. Imamuddin