INFORMATION TECHNOLOGY FOR MANAGERS
TABLE OF
CONTENT
1.0 INTRODUCTION 2
2.0 THE EVOLUTION OF INFORMATION SYSTEMS 3
2.0 CHALLENGES FACED BY ASOS 7
2.1 Digital e-Commerce Cycle 10
2.2 ASOS Security Issues 11
3.0 THE SOLUTION FOR ASOS ONLINE STORE SECURITIES 12
5.0 CONCLUSIONS 16
1.0
INTRODUCTION
ASOS.com is a
British online fashion and beauty store. Primarily aimed at young adults, ASOS
sells over 850 brands as well as its own range of clothing and accessories.
Sales for the financial year ending 31 August 2013 were £753.8 million. As of
August 2013, ASOS PLC has an estimated net worth of £159 million. In May 2012,
it reported a jump in pre-tax profits from £15.7 million to £30.3 million, with
sales up 46% at £495 million.
ASOS.com is a
global online fashion and beauty retailer, offering over 50,000 branded and
own-label product lines across women wear, menswear, footwear, accessories,
jewelry and beauty. ASOS has websites targeting the UK, Australia, USA, France,
Germany, Spain, Russia, Italy and China. It also ships to over 237 other
countries from its two distribution centers in the UK.
ASOS's
headquarters are in Camden Town, within a building known as Greater London
House. As of 2013, its main fulfillment center is in Barnsley, South Yorkshire,
which has 3,000 workers. The Customer Care department is based in Hemel
Hempstead.
ASOS was
established in June 2000 by Nick Robertson and Quentin Griffiths. Despite
deprecating its original meaning (AsSeenOnScreen), ASOS is still written as an
uppercase acronym; the exception to the rule being the new logo designed by Ben
Lewin in 2008, where it is stylistically shown all in lower case.
In 2001, ASOS
was admitted to the Alternative Investment Market (AIM) on the London Stock
Exchange.
In 2005, the
Buncefield Fuel Depot explosion closed the business for six weeks and £5m of
stock was lost.
In 2013, ASOS
opened its first office outside the South West, in Birmingham In 2013, ASOS
recalled belts contaminated with radioactive Cobalt 60. In 2013, ASOS Russia
and China were launched. In 2014,a fire in their Barnsley warehouse caused them
to stop taking orders for almost three days.
ASOS has over
4,000 employees and is the UK's largest independent online and fashion beauty
retailer.
1.1
THE
EVOLUTION OF INFORMATION SYSTEMS
Internet
services at large are becoming an inherent part of people’s everyday lives.
Simultaneously, increasing attention has been paid to the usability of the
interactive products and applications, that is, the efficiency, fit for purpose
and users’ satisfaction with the products, applications, or services
(International Organization for Standardization [ISO], 1999). For commercial
B2C business the users’ satisfaction mostly depends on the goods’ quality, the
logistics’ service and the experience of website’s shopping. The quality of
goods from ASOS can be guaranteed since the company has good control of the production
chain of all the goods. And the logistics has competitive advantage due to
their advanced supply chain management. But the website is under the average
level with low usability.
In the early
2000s, it is noticed from that the shift in product development has taken place
toward user experience (e.g. Battarbee, 2004; Hassenzahl & Tractinsky,
2006; Roto, 2006). Aiming for a good user experience means designing products
and systems that, in addition to being usable, invoke positive emotions (Forlizzi
& Ford, 2000; Jordan, 2002; Norman, 2003), support hedonic needs
(Hassenzahl, 2004) and enable flow (Csikszentmihalyi, 1990) in using the
product or service. Furthermore, pleasant user experience means that the users’
interactions with every contact point in the life cycle of the product are
satisfying, including marketing, product purchase, or acquisition, taking it
into use, and other supporting services. This assignment will focus on the
product purchase which takes place in the interaction with the website.
As technologies
used in the products develop, users’ expectations towards interactive products
are rising. Thus, exceptionally good user experiences are harder to achieve as
the product markets mature. Customers are different but the website is the only
one. How to satisfy the users as many as possible is the main concern for the
owner of the websites. From the aspect of interaction design, usability is
crucial for websites to be goal-oriented.
“User satisfaction is essential to the
success of any Web site. Satisfaction with electronic environments, or
e-satisfaction, drives traffic to Web sites and encourages repeated use of a
site. With more e-satisfaction there is more sales volume.”
The customers
are the god so without the user satisfaction there is no success in the market
for any business. In the field of e-commerce the website is the only main way
to interacting with the customers which illuminates the important status.
“There are four
aspects of website design: usability, content, navigation and aesthetics. The
last three all contribute in some way to the first”. A large community of
designers exists to help improve appearances of websites. But appearances are
only part of the story: usability and understandability are more important, for
if a product can’t be used easily and safely, how valuable is its
attractiveness? Usable design and aesthetics should go hand in hand.
Nielsen (1993)
pointed out that we could find problems by evaluating the process of users’
practical operations. He suggested to evaluate the user interface design by
usability criteria. He provided five criteria of usability evaluation,
including learnability, efficiency, memorability, errors and satisfaction in
evaluating system usability. Learnability means the system is easy to learn.
Efficiency means users work efficiently when using the system. Memorability
means operation steps are memorable. Errors means the system works in fewer
errors. Satisfaction means users feel pleasure and satisfied when using the
system. Most researchers’ views about usability criteria are not beyond the
Nielsen’s five criteria.
Figure 1: Homepage of ASOS Online
Store
Below are some
guidelines and critical lines for websites.
A few critical
items that most new web sites have to take into consideration are:
- Above the fold: People should feel
at home immediately when they land on your site. They do not have to
scroll down to see where they are, who you are and what you have to offer
them.
- Page legibility: Do not pretend to
be Monet. Virtuosisms in web design is beautiful to see, but they it is
not required. What really counts is whether your web page communicates
clearly what you have to offer in a handful of seconds.
- Loading speed: Each and every
design component you add on your web pages (widgets, plugins, Flash
elements, etc.) contributes to slow down the overall load time of your
content. Remember that speed is now one of the ranking factors that Google
uses to rank your website inside Google search engine result pages.
- Simplicity: Stay simple. Do not
throw as much content and calls for action on your pages as you possibly
can. Start by focusing your design layout on a few, valuable content items
and then gradually guide your reader in discovering more of it.
- Security: Data security should be
an important area of concern for every small business owner. When you
consider all the important data you store virtually from financial
records, to customers' private information, it's not hard to see why one
breach could seriously damage the business.
In conclusion
for the online commercial websites the usability of website determines whether
the users come back or not to some extent. To improve the quality of the
website it is supposed to put the usability first not the appearance. However
the interfaces’ appearance is another aspect to be improved. So the usability
has to be improved for better satisfaction from users. Especially for the
commercial websites the users’ satisfaction dominate the future of the brand.
As mentioned before there are many problems existed in the website of ASOS
which will restrict the development of the brand and the company. In the
development of online shopping more and more concerns will be focused on the
interaction between websites and customers
2.0
CHALLENGES
FACED BY ASOS
Security is one
of the principal and continuing concerns that restrict customers and
organizations engaging with ASOS. The
aim of this paper is to explore the perception of security in e-commerce B2C
and C2C websites from both customer and organizational perspectives.
With the rapid
development of E-commerce, security issues are arising from people's attention.
The security of the transaction is the core and key issues of the development
of E-commerce. This paper about the security issues of Ecommerce activities put
forward solution strategy from two aspects that are technology and system, so
as to improve the environment for the development of E-commerce and promote the
further development of E-commerce.
Web applications
used by ASOS increasingly integrate third-party services. The integration
introduces new security challenges due to the complexity for an application to
coordinate its internal states with those of the component services and the web
client across the Internet
ASOS on one side
are thinking of how to attract more customers and how to make the visitors feel
secured when working on the site, on the other side how the end users should
rate a ecommerce website and what they should do to protect themselves as one
among the online community. Our objective of writing this assignment is to make
the readers to have clarity of thoughts on the technology which helps all of us
to do secure transactions along with safety tips. And how ecommerce site
owners, have to make their online visitors to be of much comfort or Trust an
ecommerce site via Trust marks, and by their security strategies.
Viruses are a nuisance
threat in the e-commerce world. They only disrupt e-commerce operations and
should be classified as a Denial of Service (DoS) tool. The Trojan horse remote
control programs and their commercial equivalents are the most serious threat
to e-commerce.
Trojan horse
programs allow data integrity and fraud attacks to originate from a seemingly
valid client system and can be extremely difficult to resolve. A hacker could
initiate fraudulent orders from a victim system and the ecommerce server
wouldn‘t know the order was fake or real. Password protection, encrypted
client-server communication, public private key encryption schemes are all
negated by the simple fact that the Trojan horse program allows the hacker to
see all clear-text before it gets encrypted.
Due to the
increase in warnings by the media from security and privacy breaches like
identity theft and financial fraud, and the elevated awareness of online
customers about the threats of performing transactions online, e-commerce has
not been able to achieve its full potential. Many customers refuse to perform
online transactions and relate that to the lack of trust or fear for their
personal information.
The traditional
authentication mechanism is based on identity to provide security or access
control methods; in addition, traditional encryption and authentication
algorithm require high computing power of computer equipment. Therefore, how to
improve the authentication mechanism and optimize the traditional encryption
and authentication algorithm may be the focus of P2P e-commerce.
E-Commerce
offers the banking industry great opportunity, but also creates a set of new
risks and vulnerability such as security threats. Information security,
therefore, is an essential management and technical requirement for any
efficient and effective Payment transaction activities over the internet.
Still, its definition is a complex endeavor due to the constant technological
and business change and requires a coordinated match of algorithm and technical
solutions.
The success or
failure of an e-commerce operation hinges on myriad factors, including but not
limited to the business model, the team, the customers, the investors, the
product, and the security of data transmissions and storage. Data security has
taken on heightened importance since a series of high-profile
"cracker" attacks have humbled popular Web sites, resulted in the
impersonation of Microsoft employees for the purposes of digital certification,
and the misuse of credit card numbers of customers at business-to consumer
e-commerce destinations.
The analysis of
G2C based online payment systems triggered conclusions which led to emphasize
research on the security aspect on online payment systems. It was found that
the credit card based payment systems were the most widely used means of
conducting online payments. It was also extracted from the study that users
want more simplified, convenient and secure online payment systems. The effect
of security, protection and trust towards consumers as well as attitudes plays
a key role in ecommerce implementation however, if well implemented,
instantaneous flow of goods and services internally and externally. Besides,
vital information could also be simultaneously processed to matched with data
flowing from external ecommerce transactions which could allow for efficient
and effective integration into organizational processes.
Transactions
between buyers and sellers in e-commerce includes requests for information,
quotation of prices, placement of orders and payment, and after sales services.
The high degree of confidence needed in the authenticity, confidentiality, and
timely delivery of such transactions can be difficult to maintain where they
are exchanged over the Internet.
Privacy and
security can be viewed as ethical questions. At the same time the privacy and
security area attracts a large amount of attention from the commercial sector
because it has the potential to determine the success or failure of many
business ventures, most obviously ecommerce activities.
Clearly, the
online transaction requires consumers to disclose a large amount of sensitive
personal information to the vendor, placing themselves at significant risk.
Understanding (indeed, even precisely defining) consumer trust is essential for
the continuing development of e-commerce.
In online
shopping online electronic payment function is the key issue to ensure the
consumers are fast and convenient, we have to ensure the safety and secrecy of
the parties to a transaction, which requires a complete electronic trading
systems.
2.1
Digital
e-Commerce Cycle
Security
is very important in online shopping sites. Now days, a huge amount is being
purchased on the internet, because it‘s easier and more convenient. Almost
anything can be bought such as music, toys clothing, cars, food and even porn.
Even though some of these purchases are illegal we will be focusing on all the
item‘s you can buy legally on the internet.
Figure 2: Digital E-commerce cycle
2.2
ASOS
Security Issues
There
are many points of failure, or vulnerabilities, in an ASOS e-commerce
environment. Even in a simplified e-commerce scenario – a single user contacts
a single web site, and then gives his credit card and address information for
shipping a purchase – many potential security vulnerabilities exist. Indeed,
even in this simple scenario, there are a number of systems and networks
involved. Each has security issues:
·
A user must use a web site and at some point
identify, or authenticate, himself to the site. Typically, authentication
begins on the user’s home computer and its browser. Unfortunately, security
problems in home computers offer hackers other ways to steal ecommerce data and
identification data from users. Some current examples include a popular
home-banking system that stores a user’s account number in a Web “cookie” which
hostile web-sites can crack (Graves and Curtin 2000); ineffective encryption or
lack of encryption for home wireless networks (Borisov, Goldberg, and Wagner
2001); and, mail-borne viruses that can steal the user's financial data from
the local disk (Roberts 2002) or even from the user's keystrokes (Neyses 2002).
While these specific security problems will be fixed by some software
developers and web-site administrators, similar problems will continue to
occur. Alternatives to the home computer include Point-of Sale (POS) terminals
in brick-and-mortar stores, as well as a variety of mobile and handheld
devices.
·
The user’s web browser connects to the ASOS
merchant front-end. When a consumer makes an online purchase, the merchant's
web-server usually caches the order's personal information in an archive of
recent orders. This archive contains everything necessary for credit-card
fraud. Further, such archives often hold 90 days' worth of customers' orders.
Naturally, hackers break into insecure web servers to harvest these archives of
credit card numbers. Several recent thefts netted 100,000, 300,000, and 3.7
million credit-card data, respectively. Accordingly, an e-commerce merchant's
first security priority should be to keep the web servers' archives of recent
orders behind the firewall, not on the front-end web servers (Winner 2002).
Furthermore, sensitive servers should be kept highly specialized, by turning
off and removing all inessential services and applications (e.g., ftp, email).
Other practical suggestions to secure web servers can be found in (Tipton and
Krause 2002), (Garfinkel 2002), and (Garfinkel, Schwartz, and Spafford 2003),
among many others.
·
The merchant back-end and database. A site’s
servers can weaken the ASOS’s internal network. This not easily remedied,
because the web servers need administrative connections to the internal
network, but web server software tends to have buggy security. Here, the cost
of failure is very high, with potential theft of customers’ identities or
corporate data. Additionally, the back-end may connect with third party
fulfillment centers and other processing agents. Arguably, the risk of stolen
product is the merchant's least-important security concern, because most
merchants' traditional operations already have careful controls to track
payments and deliveries. However, these third parties can release valuable data
through their own vulnerabilities.
3.0
THE SOLUTION
FOR ASOS ONLINE STORE SECURITIES
There are many
relevant technologies, including cryptographic technologies that can mitigate
the above vulnerabilities. However, none is comprehensive or airtight by
itself. Accordingly, we next present a brief overview of the major
technologies, also considering the advantages and disadvantages of each. For a
more complete description of each technology, see (Bishop 2003).
In the mass media,
the most visible security technologies are the encryption algorithms. For a
general introduction to these technologies see (Treese and Stewart 1998); a popularization
can be found in (Levy 2001). Two classic textbooks are (Denning 1983) and
(Koblitz 1994), and encyclopedic compendia include (Schneier 1996) and (Menezes,
Van Oorschot, and Vanstone 1996).
Public key
infrastructure (PKI) systems are one such encryption technology (Adams et al.
2001, CCITT 1988, Housley et al. 2002, Polk, Housley, and Bassham 2002).
Important PKI-based secure protocols include the retail mechanism Secure Socket
Layer (SSL) (Dierks and Allen 1999, Rescorla and Schiffman 1995) and the interbank
standard suite, ANSI X9 (American National Standards Institute 1994, RSA Security
2003a). The PKI is a flexible key-distribution system in which every
participant carries two cryptographic keys, one for encryption and one for
decryption; together these two keys make up what is called an asymmetric key
pair (Diffie and Hellman 1976, Rivest, Shamir, and Adelman 1978). The
encrypting key is published to the world and is called the participant’s public
key. The decrypting key is called the private key. The system is characterized
by mathematical elegance, efficient scaling features, and theoretically based
security guarantees. A performance advantage of PKI is that it does not require
a centralized, highly available intermediary for every secured transaction;
however, this also makes it difficult to know when another party's key has been
stolen or otherwise compromised. As such, PKI often requires a centralized,
highly available intermediary for key management, and especially for prompt
notification about revoked key-pairs (Adams and Farrell 1999). This issue, the
revocation problem, is still unsolved (Davis 1996, Davis 1998), despite the
best effort to date (Myers et al. 1999).
A digital
signature (Rabin 1978, Rivest, Shamir, and Adelman 1978) is the salient
application of public-key cryptography (and by extension, of PKI), and is an
analog of a handwritten signature. A digital signature is a cryptographic tag
that only one author can calculate; the tag can be combined with any kind of
data that the author might create (e.g., financial, entertainment, medical);
and the tag's validity can be checked by anyone who can access the data. This
combination of authored content with the author’s identity serves the same
purpose as applying one’s signature to a paper document; a digital signature
can be used to sign contracts, to provide authenticity of an electronic
distribution, or to prove identity for access. While e-commerce digital
signatures have been much anticipated, they have been little adopted to date.
There is still substantial research potential in understanding the legal and
economic issues involved in the lack of widespread adoption of digital
signature-based electronic commerce.
In symmetric key
systems, on the other hand, the same key is used for both encryption and
decryption, so it must always be guarded as a secret. For e-commerce applications,
the principal examples of symmetric key systems are the ciphers DES (NIST 1993),
AES (NIST 2001), and RC4 (RSA Security 2003b), as well as Microsoft's Hailstorm
authentication system (formerly PassPort). As advantages, symmetric key
cryptography runs orders of magnitude faster than public key cryptography.
These ciphers
can be used in a variety of ways. As noted above, the technical challenge in
authenticating users is that the identifying information must remain private
but the Internet is a public broadcast medium. Cryptography meets this
challenge by guaranteeing that the subscriber’s identifying information cannot
be stolen, copied, or replayed by others. It was once supposed that most users
would use public-key cryptography to authenticate themselves. However, very few
end users possess public key certificates currently, because certificates are
expensive. Instead, web users use a variant of SSL in which users identify
themselves with passwords instead of with digital signatures. A second way in
which e-commerce sites validate users’ passwords is with HTTP cookies.
Cookie-mediated authentication, however, is very insecure (Dawson 1998, Festa
1998). Symmetric key cryptography offers more security than password-mediated
authentication with more favorable key management tradeoffs than PKI affords,
but as noted above, the key must be tightly guarded.
Other
technologies can be used to perform both authentication and data protection.
For example, smart cards (Rankl and Effing 1997) can be used to store data
about the bearer of the card, including financial data, medical records,
identification credentials. Because those data are so sensitive, it is critical
to store the associated encryption keys in tamper-resistant hardware. Further,
the smartcard shouldn't ever have to share the bearer's personal data or his
keys with a POS terminal, otherwise the bearer’s privacy and keys could be
compromised. In practice, this means putting a computer processor and
cryptographic hardware on the card, along with the encryption keys. A further
advantage is that smartcards can allow POS transactions to be more intricate,
because all the user’s data is always available. This architecture can also
avoid the centralized storage of personally sensitive data, and supposedly
demands less trust of the consumer to a centralized authority to husband the
data properly. Smartcards have the disadvantage that every promise of
tamperproof packaging has been shown false (Anderson and Kuhn 1996, Anderson
and Kuhn 1997). Smartcards saw early and widespread deployments in Europe,
especially in Germany, Benelux, and France, but not in the U.S. The reason for
smart cards' adoption failure in the US remains unclear.
Similarly,
cryptographic technologies can be used in various points in the payment system
(Neuman and Medvinsky 1998). The majority of Web transactions are currently
SSL-protected credit card transactions. However, many other mechanisms have
been proposed for handling electronic payments. Digital cash and networked
payments (e.g., (Chaum 1985) purport to bring anonymous electronic transactions
to e-commerce; that is, like currency and unlike credit cards, digital cash
cannot be traced to any specific individual. Thus, a consumer might buy
electronic data or a digital service without revealing his identity to the
merchant, and without revealing his purchases to a financial clearinghouse.
There are many digital cash variants, but Chaum’s version was the archetype,
using digital signatures and encryption to simulate the issuance of paper
currency with serial numbers. In some variants, this currency can be given to
others while not having the side effects of allowing counterfeiting,
duplication, or double-spending. Micropayment schemes, such as MilliCent
(Glassman et al. 1995) are systems for transferring extremely small payments,
perhaps fractions of cents, for Internet goods (often information goods). The
goal in this case is to enable the creation of markets for small quantities of
data and services, such as per-article newspaper subscriptions. Despite these
interesting social and technical advantages, these sophisticated digital
payments schemes haven't thrived, for a variety of reasons. Shirkey (2000) has
provided sharp arguments on why micropayments have not caught on: the history
of communication markets shows that users greatly prefer simple and predictable
pricing schemes. The Mondex anonymous payments system has been successful in
Europe, but cryptographers have raised questions about Mondex's security (Brehl
1997). Similarly, PayPal, a payment intermediary, has been financially
successful but has been plagued by repeated problems with fraud (Jonas 2002).
Indeed, Stefan Brands, a cryptographer specializing in the design and analysis
of digital cash systems, noted in 1996 that of the digital cash issued in
European pilot deployments, 10% had been lost to fraud (Brands 1996).
Recently, the
entertainment and mass media industries have invested much effort in digital
watermarking technology (Delaigle, De Vleeschouwer, and Macq 1996). Here, the
technical goal is to find ways of cryptographically tagging electronic content
(especially images and audio) in a way that is recognizable, non-forgeable, and
non- removable. The business goal is to enable firms to detect unlicensed
distribution or re-sale, in hope of firms being able to distribute content
electronically and safely. The watermark tag is generally designed to be
invisible or unobtrusive. This is still an active area of research, as all
proposals to date have been successfully attacked (Craver et al. 2001).
Currently, the entertainment industry is using the Digital Millennium Copyright
Act of 1998 (DMCA) to bolster with law the technical weaknesses of digital
watermarking proposals, by making it illegal in the US to remove or forge such
protections (Lazowska 2001).
5.0 CONCLUSIONS
E-commerce is
widely considered the buying and selling of products over the internet, but any
transaction that is completed solely through electronic measures can be
considered e-commerce. Day by day E-commerce and M-commerce playing very good
role in online retail marketing and peoples using this technology day by day
increasing all over the world.
E-commerce
security is the protection of e-commerce assets from unauthorized access, use,
alteration, or destruction. Dimensions of e-commerce security; Integrity:
prevention against unauthorized data modification, No repudiation: prevention
against any one party from reneging on an agreement after the fact.
Authenticity: authentication of data source. Confidentiality: protection
against unauthorized data disclosure. Privacy: provision of data control and
disclosure.
Fraudsters are
constantly looking to take advantage of online shoppers prone to making novice
errors. Common mistakes that leave people vulnerable include shopping on
websites that aren't secure, giving out too much personal information, and
leaving computers open to viruses. In this paper we discussed E-commerce
Security Issues, Security measures, Digital E-commerce cycle/Online Shopping,
Security Threats and guidelines for safe and secure online shopping through
shopping web sites
In summary,
privacy and security are still ongoing research problems. There have been some
interesting and significant findings, however, in the last five years that bear
important consequences for e-commerce sites and consumers. Privacy is now
understood, by many, to be a social construction with expectations the largest
consideration. Yet, privacy is also considered a public issue by regulators,
who have nonetheless largely allowed technology to unfold to date. Security is
now understood to be largely imperfect, the continual cat-and-mouse game of
security expert and hacker. Important technical developments have been deployed
in the last five years; however, it is clear that organizational policies may
play as an important a role in site security. Finally, detailed economics- and
sociologically- based analyses are beginning to find their way into the
published literature, and we expect that these studies will bring greater
clarity and proficiency to admittedly murky areas.
REFERENCES
Anderson, Ross, and
M. Kuhn. 1996. Tamper Resistance - A Cautionary
Note. Proceedings of the Second USENIX Workshop on Electronic Commerce :
1-11.
ASOS.com. (2013,
November 17). Retrieved July 11, 2015, from https://en.wikipedia.org/wiki/ASOS.com
Bishop, Matt. 2003. Computer Security. New York: Addison-Wesley.
Brehl, B. 1997. Security of `Cash Cards' Questioned.
Toronto Star, October 6, 1997, E1-2.
Brands, Stefan. 1996. Electronic Cash. Invited talk, RSA Cryptographers' Colloquium.
Borisov, N., I.
Goldberg, and D. Wagner. 2001.
Intercepting Mobile Communications: The Insecurity of 802.1. Proceedings of
the Seventh Annual International Conference on Mobile Computing and Networking
: 180-189.
Craver, S., J.
McGregor, M. Wu, B. Liu, A. Stubblefield, B. Swartzlander, D. Wallach, D. Dean,
and E Felten. 2001. Reading Between the
Lines: Lessons from the SDMI Challenge. Unpublished manuscript, to have
been presented at the Fourth International Information Hiding Workshop, from
http://cryptome.org/sdmi-attack.htm.
Denning, D. 1983. Cryptography and Data Security. New York: Addison-Wesley.
Diffie, W., and M.
Hellman. 1976. New Directions in
Cryptography. IEEE Transactions on Information Theory, 22 (6) : 644-654.
Dawson, K. 1998. JavaScript Privacy Bugs Hit Netscape,
Then Microsoft. Tasty Bits from the Technology Front, October 12, 1998,
Festa, P. 1998. Navigator Still Has Bug Problem.
CNet News.com, October 7, 1998,
Garfinkel, Simson.
2002. Web Security, Privacy and Commerce.
Cambridge, MA: O'Reilly and Associates.
Glassman, S., M.
Manasse, M. Abadi, P. Gauthier, and P. Sobalvarro. 1995. The MilliCent Protocol For Inexpensive Electronic Commerce.
Proceedings of the Fourth International World Wide Web Conference
Garfinkel, Simson,
Alan Schwartz, and Gene Spafford. 2003. Practical
Unix Internet Security. Cambridge, MA: O'Reilley.
Graves, P., and M.
Curtin. 2000. Bank One Online Puts Customer Account Information At Risk. From
http://www.interhack.net/pubs/bankone-online.
Koblitz, N. 1994. A course in number theory and cryptography. Berlin:
Springer-Verlag.
Levy, Steven. 2001. Crypto: How the Code Rebels Beat the
Government--Saving Privacy in the Digital Age. New York: Viking.
Lazowska, E. 2001.
Overview of CRA and Felten et al. from
http://lazowska.cs.washington.edu/felten/FeltenOverview.pdf.
Menezes, Alfred J.,
Van Oorschot, Paul C., and Scott A. Vanstone. 1996. Handbook of Applied Cryptography. New York: CRC Press.
Neyses, J. 2002. Higher Education Security Alert From the
U.S. Secret Service: List of Keystroke Logging Programs.
http://www.unh.edu/tcs/reports/sshesa.html.
Neuman, B. Clifford,
and Genyady Medvinsky. 1998. Internet
Payment Services. In Internet Economics. Edited by L. W. McKnight and J. P.
Bailey. 401-416. Cambridge, MA: MIT Press.
Roberts, P. 2002. Bugbear Virus Spreading
Rapidly. PC World Online, Ocotober 2, 2002,
Rivest, Ron, A.
Shamir, and L. Adelman. 1978. A Method
for Obtaining Digital Signatures and Public-Key Cryptosystems.
Communications of the ACM, 21 (2) : 120-126.
Rankl, W., and W. Effing. 1997. The Smartcard Handbook. New York: John
Wiley.
Schneier, B. 2001. The Security Patch Treadmill. Crypto-Gram Newslette, Mar 15, 2001,
Shirkey, C. 2000. The Case Against Micropayments. O'Reilly
OpenP2P.com, Dec. 19, 2000, From
http://www.openp2p.com/pub/a/p2p/2000/12/19/micropayments.html.
Tipton, Harold, and
Micki Krause. 2002. Information Security
Management Handbook. New York: CRC Press.
Treese, G. Winfield,
and Lawrence C. Stewart. 1998. Designing
Systems For Internet Commerce. New York: Addison-Wesley.
Winner, D. 2002. Making Your Network Safe for Databases.
SANS Information Security Reading Room, July 21, 2002,