| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Apache
|
|
IIS
|
|
Web Proxy
|
|
"SET" to Pull Down the Insecurity Barrier in Front of E-commerce Thousands of people use their credit cards everyday, to make payments over the Internet. But still giving out their credit card nu mbers make many of them feel insecure and others even reluctant to use the net although all technical possibilities are there. For this reason to encourage even more customers for electronic commerce, they should be assured that the credit card numbers are totally safe and not seen by anybody all through the process. And this is exactly what “Secure Electronic Transaction” (SET) is for.
04/03/2004
|
|
Inspection Grade Card for Conducting E-Commerce For e-commerce site owners: Using the “grade card” above, have a competent computer security specialist review each e-commerce site in the organization. Descriptions of each category and item to be graded are provided in the text below. Use the descriptions and sample questions to prepare for the inspection. You will receive a letter grade in each of the seven categories. To pass the inspection you must receive a letter grade of “C” (75%) or higher in each category. Higher scores mean less risk for your e-commerce activity. Ideally, every site should receive an overall score of “A”.
04/03/2004
|
|
eCommerce and Defense in Depth There has never been a time when so many businesses have offered their products over the Internet as now. No matter what your company is selling or who your customers are one truth remains concerning eCommerce - Security is critical. Every day hundreds of online commerce sites are broken into. You may not read about it in the paper or see it on the evening news but it happens. Some of these attacks and subsequent breaches go unnoticed even by those who are charged with the duty of maintaining some reasonable level of security at those organizations. Have you ever thought that the reason some of the attacks on eCommerce sites aren't reported is that the method of attack was executed in such a way as not to cause any visible damage? The hackers that deface web pages probably do so to make a statement, but what about your competitor who is trying to beat you to market with the latest product offering? To the person or group that is in the business of stealing secrets and corporate data.
04/03/2004
|
|
Unique Characteristics of Ecommerce Technologies and their Effects upon Payment Systems Payments are the life-blood of commerce. With the shift to electronic means of doing business it is logical that payments will follow the same route. This has been the case as electronic means of making payments have rapidly evolved since the first computers were installed in the banking and finance system. However, initially, the electronic payment systems were under the tight control of the banks with bank personnel being the payment initiators. Even with the introduction of ATM’s and EFTPOS systems, tight control was maintained over the banking networks and how payments were initiated, this requiring the physical presence of plastic magnetic stripe cards with PIN entry to authenticate the owner.
04/03/2004
|
|
Shopping for Security As the internet evolves and organizations establish or enrich their web presences, people are interacting with an evolutionary, exciting, and efficient technological tool for conducting business. Today, the public enjoys shopping and banking from the comfort of their home while companies save money on processing transactions and hiring employees. However, with any innovation, there are obstacles to overcome before the venture is deemed successful. In ebusiness, encompassing any transaction via the internet, the information exchange can be as simple as providing your name and mailing address or as confidential as releasing your banking information. One of the most overwhelming issues at either end of the transaction is security. Has the merchant clearly explained security on the site or application? How strong is this security? What are the associated risks of conducting business with the service provider? Ultimately, does the consumer accept these risks?
04/03/2004
|
|
What Secure Site Seals mean to Consumer What is the first and utmost trust that a consumer will have on a merchant in the Internet ? What is the rule of thumb checking procedures for the consumers to ensure that the web site they are going to provide their credit card information are the genuine sites intended and the web pages they get from these web sites are genuine ones from the merchants they trust? We definitely trust brandname. It is the key to locate the merchant in the great internet world of web sites. Obviously, everyone should learn the difference between Mcdonald.com and Mcdonalds.com. A number of tools can help consumer to know the actual owner of a domain name, such as whois or together with well known search engine like yahoo. Domain name server hijacking is not impossible. Even when we are sure that the domain name is owned by the expected merchant, we still need to check on the content of the web site.
04/03/2004
|
|
Can Microsoft .NET Deliver "Trustworthy Computing"? The aim of this paper was to analyse the security framework of Microsoft .NET, and examine whether its components and features will deliver Microsoft chairman Bill Gates, his ambition of transforming Microsoft into the leading software provider of web services and “trustworthy computing”. The initiative to deliver “Trustworthy Computing” is grounded in the strategic decision taken by Microsoft in positioning .NET as being their main platform and software development. Unlike the desktop environments of the 80’s and 90’s, .NET will be exposed to malicious threats globally, and weaknesses in the security architecture, will greatly damage its potential for success. Therefore, to mitigate these threats, Microsoft has invested substantial resources and shifted its strategy to ensure that core components such as stability, availability, integrity and privacy are delivered in its products and services. It is felt that by delivering these components, Microsoft will be able to regain trust.
04/03/2004
|
|
A Secure Implementation of HP OpenView Web Transaction Observer This paper discusses an actual implementation of the product HP OpenView Web Transaction Observer 3.0 (WTO) as a repeatable service offering within an Outsourcing environment. This paper describes the product architecture of WTO, and its main components. Then a high-level threat analysis is performed on this architecture, uncovering several security vulnerabilities in the standard ‘out-of-the-box’ product. Then the actual architecture implemented is discussed in terms of the mitigation or acceptance of risks. As this is an implementation that has been released into production, some details will be omitted from this paper, or will be changed where appropriate. Where sources are referenced they will be indicated with the reference number in parentheses, for example [1], matching the reference listed in Section 8.
04/03/2004
|
|
Microsoft .NET - An Overview In early 2000, Microsoft announced its .NET initiative - previously code named Next Generation Windows Services or Windows 2002 Server. According to Jay Munro from ExtremeTech, he said the .NET initiative is, “a comprehensive distributed, Internet-based computing platform comprised of new development tools, runtime services, operating system features, servers, and Internet protocols. The primary .NET goals are to enable simplified development and delivery of distributed Webbased services, allow creation of powerful new B2B and B2C transactional capabilities, and enrich the user computing experience both locally and across the Web.”
03/28/2004
|
|
Integrating Real-Time Services on the Web A large financial institution had accelerating needs in 2000 to introduce new business services on its web site. Some services had to be provided by external organizations. The institution previously used leased data lines to provide an external service, but that communication method became too costly to use for many new services. Along with other team members, the author created or defined processes and methods to use the Internet for those communications. This paper describes the development of technical processes and analysis models that enable the institution to quickly and safely integrate new business services into the institution’s web site.
03/28/2004
|
|
Page: 12 3 45 |
