Re: OT: Internet ordering
- To: perennials@mallorn.com
- Subject: Re: OT: Internet ordering
- From: "* P* L* <lindsey@lorien.mallorn.com>
- Date: Sun, 28 Jun 1998 20:16:03 -0500 (CDT)
Sorry about the delayed response. I've been working in the yard all
day long. It's hot (95 degrees), but I got a lot done. Irrigation
system almost all set in the front and to the west!
> a) Someone fills out a form on our web
> site. This is filled out directly on our server isn't it?
It's actually filled out in the user's web browser. When they're
all set, they hit "Submit" (or something to that effect) which
sends the information to your web site. If someone were watching
the network at that time, they could pull information from those
sessions out.
> b) We download the filled out form in the form of an e-mail from our
> server. Has anyone else handled it at this stage?
I'm not sure what you mean by downloading and which server (mail or
web?), but I'll hazard a guess. If I'm way off base, hit me upside
the head once or twice...
A real person may not have handled it, but the possibility exists. When
I submit something to a web page at www.delphinium.co.nz, it actually
has to travel through 17 different points on the Internet to get
there (these are usually routers or machines, and each of those
points is called a "hop".) The potential exists for someone to be
a) monitoring all network traffic from one of these 17 hops
b) breaking in and redirecting traffic that was supposed to go
to one of these hops off to their own machine, which
archives all data before forwarding it on
If it sends the mail to your email account at ps.gen.nz, the mail will
sit in your mailbox until you read it and delete it. Anyone breaking
into the system could get the card number. There's also a chance that
the mail would "bounce" (fail) because of a technical hiccup. The mail
message would then go to another user's account (probably 'postmaster'
or 'nobody'), and would stay there until someone noticed it.
If it stays on the web server (which I think is even worse, since
CGI scripts are easy to spoof), then the mail will sit there until
you download it. It will probably be readable (and writeable) by whatever
user id runs the web server, usually "nobody".
> c) This may only be half the credit card number and not identified to
> a specific person on the address portion of any message.
> d) The other half of the number arrives by personal e-mail via our
> server and goodness knows how many other servers on the way. The
> other servers can only have this second half of the number if my
> proposition b) is correct. Is this right?
I'm not sure what you mean.
> e) If the above is correct then I have only to worry about our own
> server, or one of their employees. All they have to do is monitor our
> mail and match, no problem for them but potentially a major one for
> the cardholder. Or is it?
Again, I'm not sure where you're coming from here, so I'll just
babble some more. :)
A lot of people have the misconception that email is safe and
private, but in fact it's one of the easiest service to break
into. Plus, your password is very obtainable unless you use
some other authentication scheme (KPOP/APOP) -- most people
don't. In security analyses I've run software to sniff people's
mail passwords. You wouldn't believe how easy it is to do.
With your email password, I could log in, copy all of your email,
then log out. You would never even know.
> f) Our server is a small family business (as far as I know we are his
> only even moderately commercial customer) and would be absolutely
> wrecked if he let credit card numbers loose and they were abused. He
> is going to be careful.
Usually the ISP doesn't have any say in the matter. Being careful
doesn't always help, whereas using stronger encryption methods does.
> g) Re cost. Because our server is so small and we would be the only
> people using the security that he has to be certificated for, he
> naturally wants to pass this cost on. Getting security would
> therefore mean changing our provider, something we do not want to do
> because he is local, friendly and gives a good service (except for
> security)
A certificate costs about $125/year, and the server has a one-time
cost of $100.00 now (the RedHat Apache/SSL one). That's not too
awful. Although I would say that you should focus on how the password
is stored and passed on by the server. It sounds like that's the
weakest point -- having a secure connection won't make too much
of a difference until the other aspects are strengthened.
>
> > Why not get a PGP key? They're free, come with Eudora now and
> > can be used with other mailers, work outside of the United States
> > as well as inside, and encrypt messages with strong encryption.
> > Send me mail if you're interested in learning about this, too.
>
> However, the bottom line is security for our customers. Would a PGP
> key offer sufficient security for our clients while enabling us to
> keep our current server?
PGP is a free software package that encrypts email. What you do
is publish your public key. When people want to send you encrypted
email, then just use your public key to do it. This generates
a file that is only readable by the holder of your secret key and
password -- even the person who just encrypted it can't read it
anymore!
What I would do if I was running your system is (in order):
1. Get a PGP key for your company
2. Modify your CGI scripts that take orders to encrypt all web
information with PGP, then mail the encrypted message to you
3. Download the email and unencrypt it
This eliminates the hassle of splitting up the credit card numbers,
keeps them encrypted so that they can sit on the server for a
limitless amount of time, and it's free. The weakest point would
I'm not trying to tell everyone not to do Internet commerce. On
the contrary; I'm a big proponent of the Internet as a business
tool. It's just important that people realize what the potential
problems are. Anybody who is technical enough and wants to
get at your information probably can. The questions is just
how easy everyone's going to make it. :)
Chris
---------------------------------------------------------------------
To sign-off this list, send email to majordomo@mallorn.com with the
message text UNSUBSCRIBE PERENNIALS
