E-Commerce

1. Accidental actions
Accidental actions contribute to a large number of computer security risks. This category encompasses problems arising from basic lack of knowledge about online security concepts and includes issues such as poor password choices, accidental or erroneous business transactions, accidental disclosure, and erroneous or outdated software.

2.Malicious attacks
Attacks that specifically aim to do harm are known as premeditated or malicious attacks. They can be further broken down into attacks caused by malicious code and those caused by intentional misrepresentation. The most common form of malicious code is a computer virus. There are four main classes of viruses which are file infectors, system or boot-record infectors, macro viruses and multi-part viruses.(http://www.inc.com/articles/2000/04/18782.html).
At the 2009, there are some top 100 malicious that everyone can have a look.
(http://www.pcpitstop.com/libraries/process/topmalicousmalicous)

Denial of service attacks, another form of malicious code, are carefully crafted and executed. Denial of Service Attacks are not new, yet they are growing in sophistication. Traditional DOS attacks usually involve one computer attacking another, but the use of multiple computers in a highly organized attack is becoming increasingly common. Such attacks, known as Distributed Denial of Service attacks (DDOS), were witnessed in a number of large corporate computer shutdowns in 2000. The DDOS attacker strategically builds an army of key players including one client machine for coordinating the attack and three to four host machines which are battlefields under the attacker's direct control.
(http://en.wikipedia.org/wiki/Denial-of-service_attack)





















3. Online fraud
















Online fraud is a broad term covering Internet transactions that involve falsified information. Some of the most common forms of online fraud are the sale via Internet of counterfeit documents, such as fake IDs, diplomas, and recommendation letters sold as credentials.















Identity theft is a major form of online fraud, or misrepresentation. Personal identity theft on the Internet is the newest form of fraud that has been witnessed in traditional settings for many years. For example, in traditional settings, thieves open credit card accounts with a victim's name, address and social security number, or bank accounts using false identification. In the online world, electronic commerce information can be intercepted as a result of vulnerabilities in computer security. Thieves can then take this information (such as credit card numbers) and do with it what they will. (http://www.cifas.org.uk/default.asp?edit_id=561-56)

Identity theft can also be undertaken on a large scale, as in the case of a company or even a city. For example, in January 2001, the entire municipality of Largo, Florida lost e-mail service for over a week when an unknown company based in Spain compromised its identity. The company hacked into the city's e-mail relay system to steal the Largo.com identity. Soon enough, e-mail spam seemingly from Largo.com addresses flooded the net, and many Internet Service Providers blacklisted all incoming and outgoing electronic messages from the city.

No one connected to a computer network is really safe from hackers. Fortunately, most invasions or infections don't result in serious injury to the system that has been attacked, provided that you have an ongoing backup plan. In the end of this topic blog, here are some my advises about security prevent methods to protect your computer system:

1.Erect a firewall between the Web server and your network.
2.Place e-mail virus scanners on all computers.
3.Hire a skilled system administrator.
4.Keep up-to-date with security patches for your operating system and server software.
5.Remove unused communication ports.