Information Technology Reference
In-Depth Information
are both dirt-cheap and widely available. In fact, you can download good
cryptographic software from the Internet for less than the price of a good
pair of gloves.
14
Twenty years after the publication of Zimmermann's PGP software, strong
encryption technology is now widely available, and governments and police
forces round the world have had to adapt to the new reality.
Although encryption using PGP software provides a very high level of secu-
rity, it proved too complex for the average Web user. Netscape introduced a
procedure called the
secure sockets layer
(SSL) to protect e-commerce transactions
over the Internet. Without intervention from the user, the browser and the web
server use the SSL protocol to automatically exchange public keys and to agree
on a third, secret
session key
to encrypt the information being transmitted only
for the current session. Instead of using the http protocol, the link to the web-
site now uses https (standing for HyperText Transfer Protocol Secure), which just
applies the http protocol on top of a protocol called the Transport Layer Security
(TLS) protocol, the successor to the SSL protocol. All the user sees is a padlock
icon in the browser window. Clicking on the padlock gives the user a security
report, which says, “This connection to the server is encrypted.” The report also
gives details of a
digital certiicate
, a credential that certifies the identity of the
remote computer. The certificate verifies that the public key belongs to the spe-
cific organization or owner of the website. An organization called a
certificate
authority
(CA) issues digital certificates. The CA is what is called a “trusted third
party” - that is, an organization trusted by both the subject of the certificate
and by the user wishing to access that site. The result of all these measures is
that users now have a secure channel by which they can communicate personal
details such as credit card numbers or their Social Security number.
Cookies, spyware, and privacy
Web cookies
were first used in communications over the Internet by Lou
Montulli, a programmer at Netscape Communications in 1994. The company
was developing e-commerce applications and wanted to find a way to keep
a memory of a user's transactions so that it would be easy to implement a
virtual shopping cart. A web cookie, also known as an
http cookie
, is a small
amount of data that is sent from the website a user is visiting and stored in
the browser on the user's computer. They were designed to provide a way for
websites to remember the user's browsing activity. Cookies were first intro-
duced into Netscape's browser in 1994 and into Microsoft Internet Explorer
in 1995. Although the cookies were stored on the user's computer, users were
not initially notified of their presence. Cookies are convenient in that they
can be used to store passwords and credit card details. When a user revisits a
website, the website can recognize the user through the information stored
in the cookie.
The real threat to privacy, however, came with the introduction of
third-
party tracking cookies
(
Fig. 12.18
). First-party cookies are associated with the IP
address shown in the address bar of the user's browser. Third-party cookies
are cookies that are downloaded from a different domain than that shown
in the browser. These come about as follows. When a user downloads a web
Search WWH ::
Custom Search