December 21, 1998 - Newsletter #7
Application Security Testing: An Integral Part of DevOps
December 21, 1998 - Newsletter #7
Please visit http://www.htmlgoodies.com.
Hello, Weekend Silicon Warriors...
The holiday season is upon us and I have just given my last Final. If you didn't know, I'm also a University professor in my spare Goodies time. We profs love finals week: the students study themselves to death and we have an easy time of it. During today's three-essay final, I sat at my desk reading a copy of Time magazine.
Now comes the grading. That's the hard part.
I spent Black Friday, so-called because that's the day that retail profits traditionally go from being in the red to being in the black, walking 5th Avenue in Manhattan. There were so many people that it was almost impossible to move.
While waiting my turn to cross 50th Street, I struck up a conversation with a woman who was carrying more than her share of bags. I suggested that this was a little too crazy and shouldn't we do all of our Christmas shopping over the Internet?
"Not a chance," she snapped back. "I'm not giving out my credit card numbers for all the world to see."
Does she really believe that? The same morning CNN reported that although catalog purchases remain strong, purchases over the Internet are sluggish. I think the reason is that too many people share in this belief that submitting a credit card to a company over the Internet is like writing the number on a bathroom wall. It just isn't so.
In an effort to help the Internet marketplace, and to possibly quell some fears, I'd like to offer some tips to buying online. In addition, I would like to explain the level of protection companies have gone to in order to make your purchase over the Internet a safe, and private, transaction.
When you go out into the World Wide Web with the intent to purchase a product, keep an eye on the little padlock image on your browser. It's in one of the lower corners of the screen. That little padlock image will let you know if you're in a "secure" area or not. If the padlock appears open, you're not. If the padlock is closed, you are.
When making a purchase over the Web, you'll want to make sure that you are entering your credit card number to the screen while you are inside a secure area. Here's what usually happens. You'll log into a merchant's site searching for a gift. Usually the site will allow you to search for items by name or sometimes by price range. This is where I feel Internet shopping has all other types of shopping beat: you sit quietly while something else does the searching.
Once you've found the item you're looking for, you can either buy it or add it to what's known as your "shopping cart." A shopping cart is a special program that "remembers" what you ordered by writing the items to a cookie file somewhere on your own computer. That way your orders are contained safely on your own system, not on the server.
Once you've chosen your item(s) you are usually asked to click on a button to complete your purchase. Clicking on that button should now move you into a "secure" area of the server (that little padlock should close). If you cannot locate a padlock on your browser, look at the address of the page. The first five letters should now read "https." The "S" means secure.
The technical name for the secure area is Secure Socket Layer (SSL). There are many different kinds, but this is the most popular. It is a section of the server set aside specifically to make monitary transactions. This layer is a closed system connected only to those parties involved in the sale. Any movement of data between these parties is encrypted as part of your "digital signature," the computer equivalent to you "signing" something to complete the transaction.
It gets a little hairy, but here's the basic idea. You click to submit the sale. Your information is turned into a hash, or intricate mathematical system equal to your information. That hash is then encrypted with what's known as a "key" that differs from merchant to merchant. When the encrypted information arrives at the merchant, it must go back through the same two steps (hashing and encryption) to be converted to the original text format. If the information de-encrypts correctly, then the merchant can be quite sure it was a true transaction made from their Web site. They consider the sale "signed."
So how can you be sure that the site you've just entered is really the merchant's site? What if someone set up a fake version to grab credit card numbers? It happens. First look at the address. Check it against the merchant's advertising material. Is the address on the computer screen the same? Then look for the verification certificate. On the secure page, where you put in your credit card number, there should be an icon from a third-party company that will verify you're truly in the merchant's site. Click on the icon and you should get back verification. If you don't, do not put in your card number.
Finally, watch especially for sites that ask you to send your credit card numbers over email. Email is definitely not secure and can be gathered easily.
I actually feel safer making a purchase over a secure Internet server than I do giving my number over the phone to a catalogue order taker. And I especially feel safer than when the waiter takes my card out behind the kitchen to swipe it. Goodness knows how many people could have seen it!
The technical name for doing business over the Internet is electronic commerce. More appropriately, it's called E-commerce. So this year, humbug to the mall. Boot up, log on, and have a Happ-E Chanukah, a Merr-E Christmas, and an interactive New Year.
And that's all. Thanks for reading and I hope you have a great holiday season. And a happy New Year, too. I'll be in Times Square in NYC for the ball dropping this year.
Joe Burns, Ph.D.
"And Remember: La Paz, Bolivia is the world's fireproof city. At 12,000 feet about sea level, the amount of oxygen in the air barely supports a flame."
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...