On of the major concerns in the internet community is security. Is someone going to steal my credit card number and charge thousands of dollars? Is someone going to invade my computer and view all my files? And so forth... It turns out that the internet is both more secure and less secure than the press would lead you to believe.
You've probably heard about the threat of someone stealing your credit card number. In truth, that is possible. It happens. However, it is no more likely to happen on the internet than in the real world. To explain, I will need to explain how a thief could end up with your number.
The most publisized method of stealing credit card numbers is to break into a server and download all its data. This does happen, but not as often as the press would like you to think. They tend to overpublisize every incident so that it seems like it is happening all the time, at every server, all around the world. However, not only are the number of servers that have been cracked a very small percent, usually there is no theft of valuable information. People who break into a server are usually either just curious (hackers) or are there to destroy information (crackers). Very few people break into servers with the intent to take anything. Think of it this way, how many stores with your credit card information have been robbed? I bet that number is pretty high, but have you gotten any false charges on your credit card bill? It is my guess that this is one of the most unlikely ways your credit card information will be stolen.
Another highly publisized method is by using a computer to "listen" to the internet and intercept packets of data. Since there are millions of packets constantly moving around the internet, the thief needs some way of filtering the data. To do this, he would tell his computer to look for data that matches a specific pattern. For example, he would tell his computer to look for packets that contain a text string that looks like:
1234 5678 9012 3456
and a text string that looks like:
11/98
Then he can go through all those packets and try to determine if those strings are actual credit card numbers and experiation dates. It is possible to do this if the data is not encrypted. If the data is encrypted, it would not be worth his time and effort. So the question then becomes, how is your data being transmitted? It is very easy to tell. If you are using Netscape Navigator and there is a yellow key down in the bottom left hand corner of the border than your information is being transmitted in secure (encrypted) mode. If you are using Microsoft Internet Explorer and there is a small yellow lock in the bottom right hand corner of the border than your information is being transmitted in secure (encrypted) mode. If you are using another browser, check the help files for you browser. If you are not transmitting in secure mode, then your information is being transmitted as plain text.
By far the most common method of stealing credit card data is to work for a company that takes payment via credit cards. Then whenever you see a credit card number, write it down. This happens in the real world. This happens on the internet. There is no difference. Have you ever heard of this in the press? I bet it happens far more often than any type of internet theft, not just credit card theft. Think about it. How many times has a waiter walked away from your table with your credit card. How many times has a gas station attendant taken your card into the station? I bet you can come up with a very large number of people that could easily steal your credit card number. Why would someone on the internet be a more likely target than someone at a gas station?
One last method of stealing credit card information is to pretend you are a company, promise to ship a product or provide a service, then disappear. This does sometimes happen both in the real world (mostly via mail order and telemarketing) and on the internet. The question becomes, how much do you trust this company? If they have been around for a while, then they are probably not just there to steal your credit card. Use your common sense. If it sounds too good to be true, maybe it is. If it sounds reasonable and you've heard their name before, or been to the web site before, chances are they're ok. Use your judgement and you'll probably be fine. The key to remember is that the internet is very similar to the real world. Most people are pretty honest, but a few are thieves. If you wouldn't deal with someone in the real world, don't deal with them on the internet. One last thing, if they have a very large, very professional web site, it probably cost them a lot of money. Would it be worth their effort to spend all that money up front in an attempt to steal credit card information?
No. Not unless you load some software that is designed to transmit your data to them. If you are using regular internet software (a big name browser such as Netscape, a big name email package such as Eudora, etc), there is no way for anyone to see into your computer. If you download a software package someone wrote in his den, there is alway the possibility that he could set it up to transmit information about your computer. However, what would he transmit? Unless you're paying thousands of dollars per month for your internet connection, your modem would be way too slow to transmit everything. So what would his software send? I suppose it would be possible for him to set up his software to search for the last file you editted in Microsoft Word or something like that. But, like I said, first you would have to download and run his software.
Is it possible for someone to make a software package like that and set it up as a virus? Sort of. It is possible, but it would be so easy to detect that it would never spread. A program like that would be too big to hide.
What about Java, Javascript, and ActiveX applets? Well, Microsoft, Sun and other companies are always striving to keep those as secure as possible. If you download a Java or Javascript applet, it cannot access information on your hard drive. I believe that ActiveX can't either, but I don't know for sure. I am sure Microsoft would not be able to release it if it could because Sun would jump right down their necks about security. Every once in a while someone finds a hole in the security of languages and as soon as they do, the companies scramble to fix it and release another version. It is very unlikely that you will find yourself a victim of this.
As I get time, I will not only add more articles about the web, I will also add articles about other uses of the internet, such as FTP, Usenet, etc. If you have any questions or need any help, please contact me. I will not only try to help you, I will also post my answers here in the attempt to help others.
| |
|
 |
|
 |
|
Copyright © 1995-1998 Carl P. E. dos Santos All rights reserved |
|
 |
|
 |
