HTMLGOODIES EXPRESS (tm)
October 2, 2000-- Newsletter #100
Application Security Testing: An Integral Part of DevOps
HTMLGOODIES EXPRESS (tm)
October 2, 2000--Newsletter #100
Please visit http://www.htmlgoodies.com
Greetings, Weekend Silicon Warriors,
You are reading newsletter number 100, a milestone by any standard. However, I am not celebrating just yet. I am happy for number 100, but it'll be number 104 that gets me out for a decent meal. Newsletter 104 will mean I have been putting out this weekly cyber-rag for a good two years.
Sting has become the first big name to lose a cybersquatter case. The domain STING.com was found to have been purchased in good faith rather than as an attack on Gordon Sumner (That's Sting if you didn't know). Madonna is also in a fight over Madonna.com. The current owner, Dan Parisi, was using the site for pornography. Madonna sued and now Parisi wants to give the name to the Madonna Rehabilitation Hospital in Lincoln, Nebraska. They already own Madonna.org. This should be an interesting fight.
A Hacker/Cracker (whichever you feel is correct) named Fluxnyne took credit for getting in and defacing the OPEC Web site. He or she got in and posted a message about the high price of oil. It read, '[Get] in gear with the price of crude, we really need to focus on the poverty-stricken countries, who don't even have enough money for aspirin, let alone exorbitant [expletive] prices for heating oil ...
You had to know it was coming. Time Warner is going to start selling music online. You pay you download. They'll start with about 100 tunes and build from there. It's NAPSTER with a price tag attached.
Now onto today's topic
Not that I want to get to the And Remember section of the newsletter early, but do you know why credit card numbers have 16 digits?
It's not because there are just that many cards out there or that the string deals with computers better than lower numbers (answers I have heard). It's that with 16 different digits, the number is so astronomically high that it is statistically impossible to simply guess a number and have it be a correct credit card number.
That's why people hack for numbers rather than generating them. A computer could guess for years and probably never hit a viable number. That's one of the cool things about credit cards. No one is going to guess your number.
One of the uncool things is that you have to give your number away if you have any intention using the card.
Credit card numbers have been stolen and used since their inception, yet for some reason the press plays up credit card theft on the Web as if it's a brand new thing. Online shopping, although stunningly safe, still frightens a lot of people. There's a belief that somehow the Web is a haven for those who steal numbers. It's not so, but the fear has been instilled. Some surveys state up to 70% of those using cards fear the Web is where their number will be stolen. The percentage of people whose number actually has been stolen is far lower.
Credit card companies are attempting to capitalize on those fears by offering credit cards that are Web safe. I guess that means that you will not be held responsible if your number is stolen from the Web and used to purchase a Ferrari. Of course, if you have a credit limit high enough to actually charge a Ferrari, you probably don't care about someone stealing the number.
MasterCard has gone one step further offering an online card. The card is contained at the MasterCard site and you only go and retrieve the information when you need to. There is some added safety to that, but I think the big selling point there is ease of use. You don't have to go through that horrible hassle of pulling that card all the way out of your wallet and typing in all those 16 digits. Whew! That can put a guy down for the afternoon.
That latest and, I feel, greatest credit card deal on the net is coming from American Express. The project, called Private Payments gets underway soon in limited use. It will available to all AmEx customers by the end of the year.
Here's the deal. When you want to make a purchase, you head to the American Express site, enter some data to prove you are who you say you are and you're given a number to use for the transaction. Once the number is returned to AmEx for payment, it's dead.
The number is a disposable, one use only, number. Even if a thief does succeed in getting the number, he does not know where you stated you would use it, nor can he or she use it more than once even if he or she does get lucky and guesses where you intended to use it.
Earlier this year AmEx produced a card that contained a chip inside a blue border that would allow users to transmit information to online merchants through a computer peripheral. I never heard much past the first press release or the subsequent commercials.
Nonetheless, the thought processes regarding how to get your card number from your wallet to the merchant are really in its infancy. Today's ideas will seem silly compared to what will be available five years from now.
It used to be a sign of stature where I grew up if you could produce a credit card that had the numbers worn down to the point where the swipe machine wouldn't make a solid imprint.
Ah, I'll be sorry to see that go
That's that. Thanks for reading. I really do appreciate you're taking the time each week.
Joe Burns, Ph.D.
And Remember: Next time you're at a party and The Flintstones come up. You can show your knowledge of the show by stating that Wilma's maiden name was Slaghoopal. Betty's maiden name was McBricker.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...