Home Page Icon
Home Page
Table of Contents for
One. People Not Bits
Close
One. People Not Bits
by Phillip Hallam-Baker
The dotCrime Manifesto
Copyright
Dedication
Preface
Section One: People Not Bits
Section Two: Stopping the Cycle
Section Three: Tools of the Trade
Section Four: The Accountable Web
A Note on Jargon
Acknowledgments
About the Author
One. People Not Bits
1. Motive
The Tools of the Trade
Of Bots and Botnets
Spam
Internet Crime Markets
The Crimes
Phishing
Click Here for the Egress
Conversion to Cash
The Last Mile
Pump and Dump
Premium Service Fraud
An Accountability Failure
Extortion
Advance Fee Fraud
Franchising Fraud
Copyright Theft
Emerging Threats
Spyware
Terrorism
Espionage and Warfare
Pedophile Rings
Offline Safety
Key Points
2. Famous for Fifteen Minutes
No Professor Moriarty
The Internet Vandals Have Grown Up
Emerging, Failed, and Kleptocratic States
Growth
Turning the Tide
Key Points
3. Learning from Mistakes
The Triumph of Slogans over Common Sense
The World Is Waiting
Security for Engineers
Security Must Make Sense
Political Priorities
The End-to-End Principle
Security through Obscurity
Flawed Analogy
Why Four Digits Are Not Enough
Wired Equivalent Privacy
False Reduction
Is No Security Better Than Bad Security?
Familiarity Leads to Complacency
Failing to Recognize Success
Key Points
4. Making Change Happen
That Dizzy Dot.Com Growth
Finding the Killer Application
Why Standards Matter
Marry in Haste, Repent at Leisure
Ownership and Control
Standards Organizations
Inclusiveness
Consistency
Dependency
Advocacy
The Four Horsemen of Internet Change
Customers
Liability
Audit
Regulation
Key Points
5. Design for Deployment
Objectives
Architecture
Strategy
Design
Evangelize
Key Points
Two. Stopping the Cycle
6. Spam Whack-a-Mole
The Green Card Spam
Blacklists: Shutting Spammers Down
Filters: An Effective Palliative, Not a Cure
Sue and Jail Them
The Longitude of the Internet Age
The Worst of the Worst
Out of the Ashes
Key Points
7. Stopping Spam
Accountability
Who to Hold Accountable
Authentication
Accreditation
Consequences
Critical Mass and the Tipping Point
Deploying SenderID/SPF
Key Points
8. Stopping Phishing
The Phishing Cycle
Credentials of Any Kind
Variations on the Theme
Intervention
Takedown
Discovery
Preparation
Intelligence
Local Intelligence
External Intelligence
The Carding Cycle
Forged Cards
Package Reshippers and Money Movers
Auction Fraud
Stopping Carding
Conditions for Success
Disrupting Attacks in Progress
Preventing Theft of Credentials
Preventing Use of Stolen Credentials
Adapting to Survive
Key Points
9. Stopping Botnets
Where Biological Analogies Fail
Stopping Infection
Blocking Bug Exploits
Firewalls
E-Mail
Blocking Executable Code
Shared Folders
Curing the Disease
Crimeware Removal
Stopping Transmission
Reverse Firewalls
Intelligence and Control
INCH
Pre-Emptive Data Escrow
Key Points
Three. Tools of the Trade
10. Cryptography
Historical Use of Cryptography
Machine Encryption
The Keying Problem
A New Direction
Session Keys
Digital Signatures
Smartcards
Equations Alone Do Not Make a Solution
Key Points
11. Establishing Trust
The Problem of Identity
The Problem of Bits
Digital Certificates
Revocation
Topology of Trust
Synthesis
XKMS
The Problem of Trust
Key Points
Four. The Accountable Web
12. Secure Transport
How SSL Works
TLS Restart
Gap Analysis
Secure Chrome
The Problem of Trust
Costs and Benefits
Promiscuous Security
Domain-Validated Encryption
Accountability
Re-Establishing Accountability
Extended Validation
Issuer Accountability
Secure Internet Letterhead
Accessibility
Beyond Accountability
Authenticating Assurance
Certificate Issuer Liability, Warranties, and Insurance
Communicating Assurance
Revocation and Reputation
Blacklists
Trusted Agent
Key Points
13. Secure Messaging
Requirements
Authentication
The Enterprise Dimension
Confidentiality
Luxury
Gap Analysis
Designing for Deployment
How E-Mail Is Different
Damaged Goods
Authentication
Confidentiality
User-Level Keying
Domain Keys Identified Mail
Signing E-Mails with DKIM
Canonicalization
Key Distribution by DNS
Secure Internet Letterhead
Mail Sending Policy
Providing Confidentiality
Mail Receipt Policy
Communicating with Perimeter Security
Deploying DKIM
Key Points
14. Secure Identity
Authentication Technologies
First Contact
Passwords and PINs
Knowledge-Based “Authentication”
Callback
Machine Verification
One-Time Password Tokens
Smartcards and Smart Tokens
Hybrid Tokens
Biometrics
User Experience
User Centric
Registration
Log In
Ubiquity
Roaming
Card Space
OpenID
The Architecture of Identity 2.0
SAML: Access Control as Service
SAML Identity Assertions
Toward the Semantic Web
Discovery: The Missing Piece
Applied Identity
Enterprise Authentication
Stopping Blogspam
Secure Online Banking
Secure Transactions
Ubiquitous Customization
Protecting Children
Identity 3.0
Deferred Registration
Attribute Only Authentication
Unlinkable Identifiers
Key Points
15. Secure Names
Unified Communications
One Address
Rights
Ownership
Gatekeepers
Levels of Contact
Introductions
Social Networking
Friend of a Friend
Scheduling a Meeting
Architecture
DNS Service Specification
DNS Policy
DNS Security
Key Points
16. Secure Networks
Designing for Deployment
IPv6
Default Deny Infrastructure
Ubiquitous Authentication
Device and Application Description
Service and Policy Discovery
Ubiquitous Policy Enforcement
The Death of Broadcast
Intelligence and Control
Data-Level Security
Network Administration
Starting a Network
Adding a Device to a Network
Adding Wireless Devices
Coffee Shop Connection
Securing the Internetwork
BGP Security
Key Points
17. Secure Platforms
Building a Secure Platform
Questions of Code
Least Privilege, Least Risk
The Trusted Computing Base
Trustworthy Computing
Trustworthy Bootstrap
Trustworthy Operating System
Secure Code
Signed Code
Accreditation
Secure Drivers
Revocation and Patches
Current Technology
Key Points
18. Law
Deterring Crime
Setting the Agenda
To Make the Punishment Fit the Crime
Successful Cases
Vladimir Levin
The Jeremy Jaynes Gang
Zachary Keith Hill
The International Dimension and the Nigeria Effect
Legislating Internet Crime
Jurisdiction
Deemed Losses
Tripwire Offenses
Clarification
Agency
Spyware
Arms Suppliers
Civil Law
Responsibility
Eliminating Perverse Liabilities
Maintaining Pressure
Follow the Money
Internet Currencies
Key Points
19. The dotCrime Manifesto
Design Rules
Broken Windows and the Tipping Point
Further Reading
On Security Principles
History of Cryptography
On Cryptography
On Internet Safety
History of Internet Crime
On Security Usability
References
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Chapter 18
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
About the Author
Next
Next Chapter
1. Motive
Part One. People Not Bits
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset