As I wander around in security and crypto land, I become more and more aware that even the people who know something about computer security and try to do things to enhance it are possibly living in a fool's paradise. (I can't think of that phrase without bringing to mind the old lady with the Yankee accent in the Swiffer commercial.)
Many (most?) people know about HTTPS. Even if they don't know it by name, they have been educated to some extent to look for it in their browser location bar, or to look for the helpful lock icon on Firefox and IE, or the key icon on Chrome. If you didn't know about it before, you do now, so no excuses. All of those things should be present when someone enters personal information, especially credit card information, online. I'm going to try not to fall too far into acronym land, but all of that kind of online security is based on SSL and its successor, TLS. They are techniques to encrypt everything that goes over the wire from your computer to the web server. Anyone eavesdropping on that wire would see nothing but gibberish. Well, maybe. There are something like a couple dozen vulnerabilities and exploits associated with SSL and TLS. Granted, your garden variety hacker isn't going to have the tools, and there are much easier ways to steal your credit card info. However, with computer capacity and capability expanding at a breakneck pace, it's not hard to imagine some neck-bearded basement dweller having the ability to exploit those vulnerabilities in the near future.
By the way, if you think you can safeguard your credit card information by avoiding online purchases, you are living in a fool's paradise. Your credit card is online, whether you want it to be or not. Like I said, there are much easier ways to steal your credit cards than to eavesdrop on your browser.
No comments:
Post a Comment