Chapter 1: How are computers organized?

Download Report

Transcript Chapter 1: How are computers organized? 

The World-Wide Web
Why we care?


How much of your personal info was
released to the Internet each time you
view a Web page?
How secure your personal (credit card)
info is moved from your browser to
the Web server?
How info is transmitted?

Uniform Resource Locator (URL)
http://www.cs.uofs.edu/~bi/2005f-html/cil102/chap-sum.html
Hypertext Transfer
Protocol
Directory path
Domain name
of the Web server
Web page
How info is transmitted?

Forms using the GET method
– Your shipping address
– In the webpage, <FORM … METHOD=“GET” …
– Your address is displayed publicly

http://www.some.com/shop.php?name=‘smith’...
– Anyone over your shoulder can read it
– Since using the GET method is determined by
the Web server, there is nothing you can do to
avoid it
How info is transmitted?

Forms using the POST method
– Your shipping address
– In the webpage, <FORM …
METHOD=“POST” …
– Your address is NOT displayed publicly
– This does NOT mean it is safe.
What info is transmitted?

Each time you access the Web, the browser
sends the following to the Web server
– The IP address of your machine

Often it can identify your town or ISP
– The web server’s IP address
– The OS you use on your machine
– The browser you use

Goto
http://www.cs.grinnell.edu/~walker/fluency-book/web-info.php
to see how much info is sent to the Web server
What are Cookies?


Have you ever gone to a website that seemed to
remember you?
Websites use cookies to store info about you on your
own computer
– When you visit such a website, it stores info as cookies (that
appear as files) on your computer
– Next you visit the same website, your browser sends over all
the cookies stored by that website

What info is stored in cookies?
– In theory, anything the website wants to
– Normally, it is about how you used the website
– A website could store your id, password, etc in cookies if it
has that info.
What are Cookies?

The positive side of cookies
– A Web server can use cookies to streamline and
personalize your interactions with it
– A browser is supposed to send cookies only to the
Web server who stored them.

The negative side of cookies
– Companies may use cookies to store info for other
purposes without your permission
– There are ways for a Web server to get cookies
that were stored by other Web servers.
What defenses against Cookies

For the website you visit, especially,
those websites you need to register,
check:
– How will the company use the info you
supply?
– Will the company share info with others?
– Can you limit access of other to this info?
– What protections are in place to keep this
info?
What defenses against Cookies

If you use a computer at work or school,
cookies would be stored on school or
company’s computer:
– System administrators or managers may read your
cookies files

View your organization’s privacy policy
– Technicians may inadvertently access your cookies,
when your computer was sent for repair, for
example.
– Best way to protect yourself, delete cookies.

Almost every browser has a function you can use to delete
cookies.
How secure is info during
transmission



When you use the Internet, all data you put
on the network is visible to computers on
the same Ethernet, as discussed in the
Network chapter.
When your data need to be passed from
one segment to another segment of the
network, the intermediate computers can
read your data.
Thus, info is not secure at all when
transmitted on the Internet.
How secure is info during
transmission

One way to protect yourself is encrypt info
that you want to be confidential
– When data is encrypted, it can still be copied or
intercepted by other computers, however, they
would not know what it means.
– When a good encryption is used, it may take
years, decades to break the code

When shopping (or passing private info) on
the Web, make sure the website uses
HTTPS protocol.
– HTTPS: Secure HTTP, which asks the browser to
encrypt the data before it is transmitted and the
server decrypts data upon receiving.
How can one get credit card #
online?

If you don’t use encryption when you send your
credit card number (via email, or the Web) on the
Internet, someone may intercept the data and get
the card number.
– Encrypt your email and use HTTPS

Someone may install a keyboard sniffer, a spyware,
to record every key stroke, and the sniffer sends
credit card # to an accomplice site.
– Remove spyware from your computer

Credit card companies and companies that have
your credit card info may not have that info
securely protected. Hackers may steal info from
those companies’ computers.
How can online companies
defraud me?



If the online company (a website) is not a
real company or it engages in unethical
practices, you may be charged but never
receive the merchandise or overcharged.
It is very hard to recover the charges over
the Internet.
To protect yourself, only deal with
companies with well-established reputation,
like amazon.com, etc.
Terminology






Cookies
Decryption
Encryption
Form
Secure HTTP
Uniform Resource
Locator (URL)