• Choose a category
• All
• Classic-Fiction

And anyone knowledgeable about the Internet would probably recognize that the hyperlink connects not to the eBay domain but to tripod.com, which is a free Web hosting service. This was a dead giveaway that the email was not legitimate. Still, I bet a lot of people entered their information, including a credit card number, onto this page.

note

Why are people allowed to register deceptive or inappropriate domain names? Because under the current law and on-line policy, anyone can register any site name that’s not already in use.

Companies try to fight this use of copycat addresses, but consider what they’re up against. General Motors filed suit against a company that registered f**kgeneralmotors.com (but without the asterisks) and pointed the URL to General Motor’s Web site. GM lost.

Be Alert

As individual users of the Internet, we all need to be alert, making a conscious decision about when it’s okay to enter personal information, passwords, account numbers, PINs, and the like.

How many people do you know who could tell you whether a particular Internet page they’re looking at meets the requirements of a secure page? How many employees in your company know what to look for?

Everyone who uses the Internet should know about the little symbol that often appears somewhere on a Web page and looks like a drawing of a padlock. They should know that when the hasp is closed, the site has been certified as being secure. When the hasp is open or the lock icon is missing, the Web site is not authenticated as genuine, and any information transmitted is in the clear—that is, unencrypted.

However, an attacker who manages to compromise administrative privileges on a company computer may be able to modify or patch the operating system code to change the user’s perception of what is really happening. For example, the programming instructions in the browser software that indicate a Web site’s digital certificate is invalid can be modified to bypass the check. Or the system could be modified with something called a root kit, installing one or more back doors at the operating system level, which are harder to detect.

A secure connection authenticates the site as genuine, and encrypts the information being communicated, so an attacker cannot make use of any data that is intercepted. Can you trust any Web site, even one that uses a secure connection? No, because the site owner may not be vigilant about applying all the necessary security patches, or forcing users or administrators to respect good password practices. So you can’t assume that any supposedly secure site is invulnerable to attack.

lingo

BACK DOORA covert entry point that provides a secret way into a user’s computer that is unknown to the user. Also used by programmers while developing a software program so that they can go into the program to fix problems.

Secure HTTP (hypertext transfer protocol) or SSL (secure sockets layer) provides an automatic mechanism that uses digital certificates not only to encrypt information being sent to the distant site, but also to provide authentication (an assurance that you are communicating with the genuine Web site). However, this protection mechanism does not work for users who fail to pay attention to whether the site name displayed in the address bar is in fact the correct address of the site they’re trying to access.

Another security issue, mostly ignored, appears as a warning message that says something like “This site is not secure or the security certificate has expired. Do you want to go to the site anyway?” Many Internet users don’t understand the message, and when it appears, they simply click Okay or Yes and go on with their work, unaware that they may be on quicksand. Be warned: On a Web site that does not use a secure protocol, you should never enter any confidential information such as your address or phone number, credit card or bank account numbers, or anything else you want to keep private.

Thomas Jefferson said maintaining our