Domino’s Pizza

admin — Fri, 18 Jun 2010 22:07:49 +0000

Test

admin — Fri, 18 Jun 2010 20:30:50 +0000

Echo Shop

Η νέα πλατφόρμα ηλεκτρονικού καταστήματος.
Περισσότερα

Echo Shop

admin — Fri, 18 Jun 2010 19:09:30 +0000

PlanetComix.gr

admin — Tue, 12 May 2009 22:09:58 +0000

Το νέο ηλεκτρονικό κατάστημα για κόμικ και Dungeons & Dragons ολοκληρώθηκε. Για το PlanetComix.gr έχει υλοποιηθεί ένα ολοκληρωμένο σύστημα Checkout για real-time επιλογή τρόπου αποστολής και πληρωμής. Ο πελάτης έχει τη δυνατότητα να επιλέξει τρόπο πληρωμής ανάμεσα από Visa/Mastercard, Paypal, Πιστωτική κάρτα μέσω Paypal, Western Union, Τραπεζική κατάθεση/μεταφορά και Αντικαταβολή υπολογίζοντας αυτόματα τυχόν έξοδα τραπέζης.

What phish are you?

admin — Wed, 04 Jun 2008 08:29:02 +0000

On the early ages, internet communication systems started from military and government platforms and although they were hard-to-grasp concepts at the time, the basic guidelines were there and they were pretty straightforward but there was not really an “Internet” term, until 1991 when the CERN project spurred the idea of the World Wide Web. These systems soon became more complex and data-sensitive so came the need for the information security ingredient, not only for user authentication but also for data encryption.
As the Internet infiltrated more and more the private and business sector, malicious users started searching for methods to wiretap these online communication channels mainly focusing on the data holder also known as the data bank. For example, in an e-ticketing system environment, the maritime company would be the data holder and the client would be the system user.
Generally, many succeeded and many failed, but the truth is that organisations with very sensitive data, such as banks, did a relatively good job in fortifying their systems making it time consuming for the attackers to penetrate them. Therefore, they started shifting their focus from the data holder to the system user.
The issue with the users is that, although their computers are basically unprotected making them sitting targets, it is difficult to locate them without having penetrated the actual data holder system. So, malicious users had to find another way of approaching these users. And then came the idea of Brand Spoofing (also known as Phishing).
Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to mainly steal users’ personal identity data and financial account credentials. Phishers hijack brand names of banks, e-retailers and credit card companies and typically carry out their task by sending emails or instant messages which often convince users to respond or enter their details on a website.
Once the phisher has the user’s credentials then it is child play. The phisher simply enters the newly acquired credentials and logs into the system. The system has no idea of what has happened between the phisher and the victim so it identifies the phisher as the real user, providing full permissions for the account. What follows is to everyone’s imagination.
Most phishing emails are so carefully designed that is difficult to distinguish from the authentic but there are some simple techniques that can help the users detect the fraud. The problem from the users’ point of view is that most of the time, people who manage such online accounts are not IT wizards, increasing the chance of catching the bait.
Phishing is not limited to these social engineering techniques used to fool users by masquerading as a trustworthy entity in an electronic communication. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using key logging systems to intercept users’ online account user names and passwords, and to corrupt local and remote navigational infrastructures to misdirect users to counterfeit websites and to authentic websites through phisher-controlled proxies that can be used to monitor and intercept users’ keystrokes. For example, a ship broking company infected by a keylogging tool, would transparently submit every single keystroke, from online accounts to email letters. So a user may feel safe believing that he/she knows what a fraud email is, but at the same time has no idea that a keylogging tool is already running on his/her terminal sending his/her keystrokes back to the phisher.
Phishers are scam artists and their job is easy and profitable. They simply gather email addresses from the web using “spiders” and they literally send out millions of these scam emails (for free) in the hopes that even a few recipients will catch the bait. Anyone that has entered his email address in a website or made it public is a potential phish and speaking of statistics (based on the latest report by Anti-Phishing Working Group), on January 2008 alone, there were 29,284 official reports of phishing that relate to 131 brands. The country hosting the most phishing websites is of course United States but China follows closely.
The solution to phishing is simple. A sophisticated anti-spam system will mainly do most of the anti-phishing job for you, but truth to be told, even the most techies can some day become phish. So a relevant security awareness and training could at least help someone become a clever phish.

Yannis Litsas
As published on Shipping International Monthly Review on June 2008