Re: Internet ordering

To: perennials@mallorn.com
Subject: Re: Internet ordering
From: "* P* L* <lindsey@lorien.mallorn.com>
Date: Thu, 25 Jun 1998 21:53:30 -0500 (CDT)

Being a computer geek that deals with encryption regularly, I'll just
jump in here.  It's not really related to perennials, but I'd just
as soon see it all answered in one place instead of misinformation
perpetuating itself to list members.

> Ideally, choose a site that offers a "secure" server-- which means they
> have established complex encryption codes that will not allow your
> MasterCard number (for example) to be intercepted.  Secure servers ARE
> very secure-- banks even use them.

A secure server is definitely the way to go.  What it does is encrypt
all everything going to and from your web browser to the remote site,
meaning that your credit card number would not be readable unless
someone had a special password or "key" to unencrypt it.

Secure servers increase security, but there are varying degrees.  If
you're within the U.S. and connecting to a U.S-based server, you should
be using 128-bit encryption.  This is VERY difficult for someone to
crack.  However, some servers or browsers only do 40-bit encryption,
which is almost trivial to crack.  I think the latest succesful RSA
cracking contest took about 3 hours on someone's home machine.

I've got a brief writeup at

   http://www.mallorn.com/customer/resources/SSL.html

> If a site doesn't offer this, you have to decide how trustworthy you
> think they are.  Look for them to offer some sort of password
> confirmation.  Powells does this-- they won't authorize the
> completion/sending of your order without you entering a password that
> you've selected (and that only YOU know).

This is something that I wouldn't recommend.  It's not so much a matter
of trusting the remote host, but trusting every network that you
go through in the transmission of your data.  To pass data from home
to NCSA (about 1 mile away), I go through 7 "hops" (different
networks).  Each one of these could have a rogue user monitoring
network traffic and "sniffing" for credit card numbers.  Believe me,
it's easy to do.  As part of our security sweeps we often scan  
networks for passwords, but the idea is the same.

> Those things said, I do a lot of Web ordering and love the convenience.
> It's a lot of fun to order on-line and have it arrive at your house 2-3
> days later.

I agree.  It's great, isn't it?

Chris
---------------------------------------------------------------------
To sign-off this list, send email to majordomo@mallorn.com with the
message text UNSUBSCRIBE PERENNIALS

Follow-Ups:
- Re: Internet ordering
  - From: "Diana L. Politika" <diana@olympus.net>

References:
- Internet ordering
  - From: "Pesznecker, Sue" <SPesznec@lhs.org>

Prev by Date: Re: Canna question
Next by Date: Phlox Pinching
Prev by thread: Internet ordering
Next by thread: Re: Internet ordering

Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index