Synopsis: The author argues that HTTPS protocols used in websites have some security holes that are not covered by using SSL. The SSL technology is used to provide security but hackers can manipulate the SSL by decoding the data, using SSL-MITM or SSL Man in the Middle technique. Thus hackers can exploit the SSL to hack into the transactions made by users when they enter data in eCommerce sites and gain confidential information of the victim. The author proposes three different methodologies that can be used to stop the hacker from using the SSL-MITM technique.
Relevance: The article has some amount of relevance to the class since many of the students do indulge in online shopping. Many are assured when they see the SSL symbol of a lock at the bottom of the screen and feel their information is confidential and the website is protected. However, this is not the case and it is possible for hackers to still hack and steal passwords. For one thing, the article cautions us to be careful while exchanging information on the net. For another, developers and programmers can make use of the article and make websites more secure.
Personal Reaction: The article was a sort of eye-opener and a bit scary as I always felt that it was safe to transact when the site is protected by SSL. However, this is not the case and even seemingly secure sites are not safe. I also begin to think that this information and the article should receive much more mid publicity and website owners and developers should be made aware of the problems and solutions. Another personal reaction is I begin to wonder if all the eCommerce sites, that are hosted by highly technical people have fooled millions of people into believing that the transactions on their site are safe.
Reason for selection: There are two reasons for selecting the article and the first is the interesting subject f the article and the second is the presentation and structure of the document. Website security has become very important as many of us undertake eCommerce transactions. The article has shown how even SSL that is regarded as a high-level security feature can be compromised. The article also gives names of hacking tools such as ARP Spoof, DNS Spoof, Sniffing and SSL Dump and process used by hackers along with screen shots of the hacking tools to show how hacking is done. This is very useful information for the lay reader as well as technical people. The article is also presented and structured properly with an abstract, introduction, body with different headings and a conclusion. The manner in which the information is presented and complex ideas are put forth is a good example of how academic articles should be written.
Discussion Questions: The article has brought about the very interesting topic of hacking and this concerns all of us. Some of the discussion questions are: Are the eCommerce websites that we use aware of these threats and have they initiated measures to prevent hacking? How do we verify if the websites we use are safe and that some hacker has not already hacked the system? Does changing passwords every time we use eCommerce sites help in increasing protection? Should we trust brick and mortar shopping malls more than eCommerce websites?
References
Chomsiri Thawatchai, 2007. HTTPS Hacking Protection. IEEE, 21st International Conference on Advanced Information Networking and Applications Workshops. 0-7695-2847-3/07