References
Abad, C., J. Taylor, C. Sengul, William Yurcik, Y. Zhou, and K. Rowe (Dec. 2003). “Log Correlation for Intrusion Detection: A Proof of Concept.” In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 255–264. DOI: 10.1109/CSAC.2003.1254330. (Cit. on p. 286).
Abad, Cristina, Yifan Li, Kiran Lakkaraju, Xiaoxin Yin, and William Yurcik (2004). “Correlation between NetFlow System and Network Views for Intrusion Detection.” In: Workshop on Link Analysis, Counter-terrorism, and Privacy, Held in Conjunction with SDM. (Cit. on p. 286).
Aboba, B. and W. Dixon (Mar. 2004). IPsec-Network Address Translation (NAT) Compatibility Requirements. RFC 3715. http://www.rfc-editor.org/rfc/rfc3715.txt (cit. on p. 95).
Abrams, Rachel (Aug. 6, 2014). “Target Puts Data Breach Costs at $148 Million, and Forecasts Profit Drop.” In: The New York Times. http://www.nytimes.com/2014/08/06/business/target-puts-data-breach-costs-at-148-million.html (cit. on pp. 214, 222).
Adams, Douglas (1980). The Hitchhiker’s Guide to the Galaxy. First American edition. New York: Harmony Books. (Cit. on p. 299).
Adrian, David, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann (2015). “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice.” In: Proceedings of the 22th ACM Conference on Computer and Communications Security (CCS). https://weakdh.org/imperfect-forward-secrecy.pdf (cit. on pp. 83, 100).
Allen, Peter (Feb. 22, 2012). “British Drone Secrets Stolen from Paris Train Station.” In: The Telegraph. http://www.telegraph.co.uk/news/worldnews/9099410/British-drone-secrets-stolen-from-Paris-train-station.html (cit. on p. 136).
Amazon (May 2011). Amazon Web Services Overview of Security Processes. White paper. http://d36cz9buwru1tt.cloudfront.net/pdf/AWS_Security_White_paper.pdf (cit. on p. 193).
Anderson, Nate (July 26, 2007). “Deep Packet Inspection Meets ‘Net Neutrality, CALEA.” In: Ars Technica. http://arstechnica.com/gadgets/2007/07/deep-packet-inspection-meets-net-neutrality/ (cit. on pp. 66, 71).
Anderson, Nate (Mar. 11, 2013). “Meet the Men Who Spy on Women through Their Webcams.” In: Ars Technica. http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams/ (cit. on p. 302).
Anderson, Poul (1966). Ensign Flandry. Philadelphia: Chilton Books. (Cit. on p. 107).
Anderson, Poul (1983). “A Tragedy of Errors.” In: The Long Night. Story originally published in Galaxy, 1967. New York: TOR. (Cit. on p. 6).
Andrade, Jose (Apr. 12, 2014). “What is Heartbleed, Anyway?” In: Engadget. http://www.engadget.com/2014/04/12/heartbleed-explained/ (cit. on p. 182).
Anonymous (Dec. 2011). Private communication. (Cit. on p. 83).
Anthony, Sebastian (Mar. 17, 2014). “Firefox is Still the Least Secure Web Browser, Falls to Four Zero-Day Exploits at Pwn2Own.” In: ExtremeTech. http://www.extremetech.com/computing/178587-firefox-is-still-the-least-secure-web-browser-falls-to-four-zero-day-exploits-at-pwn2own (cit. on p. 201).
Appel, Andrew W. (Sept. 2011). “Security Seals on Voting Machines: A Case Study.” In: ACM Trans. Inf. Syst. Secur. 14.2, 18:1–18:29. ISSN: 1094-9224. DOI: 10.1145/2019599.2019603. http://doi.acm.org/10.1145/2019599.2019603 (cit. on p. 55).
Apple (June 2015). iOS Security. https://www.apple.com/business/docs/iOS_Security_Guide.pdf (cit. on p. 128).
Arends, R., R. Austein, M. Larson, D. Massey, and S. Rose (Mar. 2005a). DNS Security Introduction and Requirements. RFC 4033. http://www.rfc-editor.org/rfc/rfc4033.txt (cit. on pp. 91, 159).
Arends, R., R. Austein, M. Larson, D. Massey, and S. Rose (Mar. 2005b). Protocol Modifications for the DNS Security Extensions. RFC 4035. http://www.rfc-editor.org/rfc/rfc4035.txt (cit. on pp. 91, 159).
Arends, R., R. Austein, M. Larson, D. Massey, and S. Rose (Mar. 2005c). Resource Records for the DNS Security Extensions. RFC 4034. http://www.rfc-editor.org/rfc/rfc4034.txt (cit. on pp. 91, 159).
Arnold, Ken and James Gosling (1996). The Java Programming Language. Reading, MA: Addison-Wesley. (Cit. on p. 23).
Asimov, Isaac (1951). Foundation. New York: Doubleday & Company. (Cit. on p. 272).
Baez, John, William G. Unruh, and William G. Tifft (Oct. 21, 1999). “Ask the Experts: Is Time Quantized?” In: Scientific American. http://www.scientificamerican.com/article.cfm?id=is-time-quantized-in-othe (cit. on p. 98).
Ball, Thomas, Byron Cook, Vladimir Levin, and Sriram K. Rajamani (2004). “SLAM and Static Driver Verifier: Technology Transfer of Formal Methods inside Microsoft.” English. In: Integrated Formal Methods. Ed. by EerkeA. Boiten, John Derrick, and Graeme Smith. Vol. 2999. Lecture Notes in Computer Science. Springer Berlin Heidelberg, pp. 1–20. ISBN: 978-3-540-21377-2. DOI: 10.1007/978-3-540-24756-2_1. http://dx.doi.org/10.1007/978-3-540-24756-2_1 (cit. on p. 209).
Ballard, Lucas, Seny Kamara, and Michael K. Reiter (Aug. 2008). “The Practical Subtleties of Biometric Key Generation.” In: Proceedings of the 17th Annual USENIX Security Symposium. http://cs.unc.edu/~fabian/papers/bkgs.pdf (cit. on pp. 124, 314).
Bamford, James (Mar. 15, 2012). “The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say).” In: Wired: Threat Level. http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1 (cit. on p. 99).
Bamford, James (Sept. 29, 2015). “A Death in Athens.” In: The Intercept. https://theintercept.com/2015/09/28/death-athens-rogue-nsa-operation/ (cit. on p. 235).
Barcena, Mario Ballano, Candid Wueest, and Hon Lau (July 2014). How Safe is Your Quantified Self? Symantec Security Response. http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/how-safe-is-your-quantified-self.pdf (cit. on pp. 305, 311).
Barker, Elaine, William Barker, William Burr, William Polk, and Miles Smid (July 2012). Recommendation for Key Management—Part 1: General (Revision 3). Tech. rep. 800-57. NIST. http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf (cit. on p. 100).
Barnes, R. (Oct. 2011). Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE). RFC 6394. http://www.rfc-editor.org/rfc/rfc6394.txt (cit. on p. 159).
Barnett, Emma (Mar. 18, 2009). “Top 10 Worst Computer Viruses.” In: The Telegraph. http://www.telegraph.co.uk/technology/5012057/Top-10-worst-computer-viruses-of-all-time.html (cit. on pp. 53, 59).
Barrett, Devlin (June 2011). “Weiner Calling It Quits: Lawmaker’s Resolve to Keep Seat Withered Under Pressure from Top Democrats.” In: The Wall Street Journal. http://online.wsj.com/article/SB10001424052702304186404576389422646672178.html (cit. on p. 310).
Barrett, Devlin (July 23, 2015). “U.S. Plans to Use Spy Law to Battle Corporate Espionage.” In: The Wall Street Journal. http://www.wsj.com/articles/u-s-plans-to-use-spy-law-to-battle-corporate-espionage-1437688169 (cit. on p. xii).
Bartal, Yair, Alain Mayer, Kobbi Nissim, and Avishai Wool (2004). “Firmato: A Novel Firewall Management Toolkit.” In: ACM Transactions on Computer Systems (TOCS) 22.4, pp. 381–420. https://www.eng.tau.ac.il/~yash/infosec-seminar/2005/tocs04.pdf (cit. on p. 218).
Barth, A. (Apr. 2011). HTTP State Management Mechanism. RFC 6265. http://www.rfc-editor.org/rfc/rfc6265.txt (cit. on p. 138).
Batchelder, Dennis, Joe Blackbird, David Felstead, Paul Henry, Jeff Jones, Aneesh Kulkami, John Lambert, Marc Lauricella, Ken Malcomson, Matt Miller, Nam Ng, Daryl Pecelj, Tim Rains, Vidya Sekhar, Holly Stewart, Todd Thompson, David Weston, and Terry Zink (July 2013). Microsoft Security Intelligence Report. SIR Volume16. http://www.microsoft.com/security/sir/default.aspx (cit. on pp. 37, 244, 313).
Baxter-Reynolds, Matt (Mar. 19, 2014). “Apple’s ‘goto fail’ Tells Us Nothing Good About Cupertino’s Software Delivery Process.” In: ZDnet. http://www.zdnet.com/apples-goto-fail-tells-us-nothing-good-about-cupertinos-software-delivery-process-7000027449/ (cit. on p. 182).
BBC (Apr. 23, 2014). “Profile: Private First Class Manning.” In: BBC News. http://www.bbc.com/news/world-us-canada-11874276 (cit. on p. 73).
Beattie, Steve, Seth Arnold, Crispin Cowan, Perry Wagle, Chris Wright, and Adam Shostack (2002). “Timing the Application of Security Patches for Optimal Uptime.” In: Proceedings of the USENIX 16th Systems Administration Conference. http://www.usenix.org/publications/library/proceedings/lisa02/tech/beattie.html (cit. on p. 240).
Bellare, M., R. Canetti, and H. Krawczyk (1996). “Keying Hash Functions for Message Authentication.” In: Advances in Cryptology: Proceedings of CRYPTO ‘96. Springer-Verlag, pp. 1–15. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.44.9634 (cit. on p. 140).
Bellovin, Steven M. (Sept. 1992). “There Be Dragons.” In: Proceedings of the Third Usenix Unix Security Symposium, pp. 1–16. https://www.cs.columbia.edu/~smb/papers/dragon.pdf (cit. on p. 71).
Bellovin, Steven M. (June 1995). “Using the Domain Name System for System Break-Ins.” In: Proceedings of the Fifth Usenix Unix Security Symposium. Salt Lake City, UT, pp. 199–208. https://www.cs.columbia.edu/~smb/papers/dnshack.pdf (cit. on p. 215).
Bellovin, Steven M. (July 1996). “Problem Areas for the IP Security Protocols.” In: Proceedings of the Sixth Usenix Unix Security Symposium, pp. 205–214. https://www.cs.columbia.edu/~smb/papers/badesp.pdf (cit. on p. 86).
Bellovin, Steven M. (1997). “Probable Plaintext Cryptanalysis of the IP Security Protocols.” In: Proc. of the Symposium on Network and Distributed System Security, pp. 155–160. https://www.cs.columbia.edu/~smb/papers/probtxt.pdf (cit. on p. 97).
Bellovin, Steven M. (Nov. 1999). “Distributed Firewalls.” In: ;login: pp. 39–47. https://www.cs.columbia.edu/~smb/papers/distfw.pdf (cit. on pp. 62, 64).
Bellovin, Steven M. (Apr. 1, 2003). The Security Flag in the IPv4 Header. RFC 3514. http://www.rfc-editor.org/rfc/rfc3514.txt (cit. on pp. 49, 79, 106).
Bellovin, Steven M. (July–Aug. 2006a). “On the Brittleness of Software and the Infeasibility of Security Metrics.” In: IEEE Security & Privacy 4.4. https://www.cs.columbia.edu/~smb/papers/01668014.pdf (cit. on pp. 199, 313).
Bellovin, Steven M. (Oct. 2006b). “Virtual Machines, Virtual Security.” In: Communications of the ACM 49.10. “Inside RISKS” column. (Cit. on pp. 59, 187).
Bellovin, Steven M. (Feb. 2009a). Guidelines for Specifying the Use of IPsec Version 2. RFC 5406. http://www.rfc-editor.org/rfc/rfc5406.txt (cit. on p. 94).
Bellovin, Steven M. (Apr. 29, 2009b). “The Open Source Quality Challenge.” In: SMBlog (blog). https://www.cs.columbia.edu/~smb/blog/2009-04/2009-04-29.html (cit. on pp. 235, 241).
Bellovin, Steven M. (Sept. 27, 2010). “Stuxnet: The First Weaponized Software?” In: SMBlog (blog). https://www.cs.columbia.edu/~smb/blog/2010-09/2010-09-27.html (cit. on p. 38).
Bellovin, Steven M. (May–June 2011a). “Clouds from Both Sides.” In: IEEE Security & Privacy 9.3. ISSN: 1540-7993. http://dx.doi.org/10.1109/MSP.2011.48 (cit. on p. 380).
Bellovin, Steven M. (July 2011b). “Frank Miller: Inventor of the One-Time Pad.” In: Cryptologia 35.3. An earlier version is available as technical report CUCS-009-11, pp. 203–222. http://dx.doi.org/10.1080/01611194.2011.583711 (cit. on p. 122).
Bellovin, Steven M. (Nov.–Dec. 2012). “The Major Cyberincident Investigations Board.” In: IEEE Security & Privacy 10.6, p. 96. ISSN: 1540-7993. DOI: 10.1109/MSP.2012.158. (Cit. on pp. 233, 288).
Bellovin, Steven M. (May–June 2013). “Military Cybersomethings.” In: IEEE Security & Privacy 11.3, p. 88. https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6521321 (cit. on p. 29).
Bellovin, Steven M. (July–Aug. 2014a). “By Any Means Possible: How Intelligence Agencies Have Gotten Their Data.” In: IEEE Security & Privacy 12.4. https://www.cs.columbia.edu/~smb/papers/possible.pdf (cit. on p. 264).
Bellovin, Steven M. (Apr. 11, 2014b). “Heartbleed: Don’t Panic.” In: SMBlog (blog). https://www.cs.columbia.edu/~smb/blog/2014-04/2014-04-11.html (cit. on pp. 182, 298).
Bellovin, Steven M. (Feb. 24, 2014c). “Speculation About Goto Fail.” In: SMBlog (blog). https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html (cit. on p. 182).
Bellovin, Steven M. and Randy Bush (Apr. 2009). “Configuration Management and Security.” In: IEEE Journal on Selected Areas in Communications 27.3, pp. 268–274. https://www.cs.columbia.edu/~smb/papers/config-jsac.pdf (cit. on p. 274).
Bellovin, Steven M. and Russ Housley (June 2005). Guidelines for Cryptographic Key Management. RFC 4107. http://www.rfc-editor.org/rfc/rfc4107.txt (cit. on p. 85).
Bellovin, Steven M. and Michael Merritt (May 1992). “Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks.” In: Proc. IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, CA, pp. 72–84. https://www.cs.columbia.edu/~smb/papers/neke.pdf (cit. on p. 141).
Bellovin, Steven M. (Nov. 1993). “Augmented Encrypted Key Exchange.” In: Proceedings of the First ACM Conference on Computer and Communications Security. Fairfax, VA, pp. 244–250. https://www.cs.columbia.edu/~smb/papers/aeke.pdf (cit. on p. 140).
Bellovin, Steven M. and Eric K. Rescorla (2006). “Deploying a New Hash Algorithm.” In: Proceedings of NDSS ‘06. https://www.cs.columbia.edu/~smb/papers/new-hash.pdf (cit. on p. 84).
Bellovin, Steven M., Jeffrey I. Schiller, and Charlie Kaufman, eds. (Dec. 2003). Security Mechanisms for the Internet. RFC 3631. http://www.rfc-editor.org/rfc/rfc3631.txt (cit. on p. 101).
Bernstein, Daniel J. (2006). “Curve25519: New Diffie-Hellman Speed Records.” In: Public Key Cryptography (PKC 2006). Springer, pp. 207–228. http://cr.yp.to/ecdh/curve25519-20060209.pdf (cit. on p. 101).
Bernstein, Daniel J., Tung Chou, Chitchanok Chuengsatiansup, Andreas Hülsing, Tanja Lange, Ruben Niederhagen, and Christine van Vredendaal (July 22, 2014). How to Manipulate Curve Standards: A White Paper for the Black Hat. http://safecurves.cr.yp.to/bada55/bada55-20140722.pdf (cit. on p. 101).
Best, D.M., R.P. Hafen, B.K. Olsen, and W.A. Pike (Oct. 2011). “Atypical Behavior Identification in Large-Scale Network Traffic.” In: IEEE Symposium on Large Data Analysis and Visualization (LDAV), pp. 15–22. DOI: 10.1109/LDAV.2011.6092312. (Cit. on p. 52).
Best, Martin (2011). The CIA’s Airlines: Logistic Air Support of the War in Laos 1954 to 1975. http://www.vietnam.ttu.edu/airamerica/best/ (cit. on p. 58).
Bester, Alfred (1953). The Demolished Man. Chicago: Shasta Publishers. (Cit. on p. 81).
Biham, Eli, Alex Biryukov, and Adi Shamir (1999). “Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials.” In: Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques. EUROCRYPT’99. Prague, Czech Republic: Springer-Verlag, pp. 12–23. ISBN: 3-540-65889-0. http://dl.acm.org/citation.cfm?id=1756123.1756126 (cit. on p. 104).
Bijl, Joost (Nov. 21, 2011). “RSA-512 Certificates Abused in the Wild.” In: Fox-IT International Blog. http://blog.fox-it.com/2011/11/21/rsa-512-certificates-abused-in-the-wild/ (cit. on pp. 82, 164).
Biryukov, Alex, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir (2010). “Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds.” In: Advances in Cryptology–EUROCRYPT 2010. Springer, pp. 299–319. (Cit. on p. 103).
Biryukov, Alex, Adi Shamir, and David Wagner (2001). “Real Time Cryptanalysis of A5/1 on a PC.” In: Fast Software Encryption. Ed. by Gerhard Goos, Juris Hartmanis, Jan van Leeuwen, and Bruce Schneier. Vol. 1978. Lecture Notes in Computer Science. 10.1007/3-540-44706-7-1. Springer Berlin / Heidelberg, pp. 37–44. ISBN: 978-3-540-41728-6. http://dx.doi.org/10.1007/3-540-44706-7_1 (cit. on p. 180).
Bishop, Matt (2007). Overview of Red Team Reports. For full details, see http://votingsystems.cdn.sos.ca.gov/oversight/ttbr/red-overview.pdf. http://votingsystems.cdn.sos.ca.gov/oversight/ttbr/red-overview.pdf (cit. on p. 55).
Bittau, Andrea, Michael Hamburg, Mark Handley, David Mazières, and Dan Boneh (2010). “The Case for Ubiquitous Transport-Level Encryption.” In: Proceedings of the Usenix Security Symposium. http://www.usenix.org/events/sec10/tech/full_papers/Bittau.pdf (cit. on p. 88).
Blaze, Matt (Nov. 1993). “A Cryptographic File System for Unix.” In: Proceedings of the First ACM Conference on Computer and Communications Security. Fairfax, VA, pp. 9–16. http://www.crypto.com/papers/cfs.pdf (cit. on p. 90).
Blaze, Matt (Mar. 24, 2010). “The Spy in the Middle.” In: Exhaustive Search (blog). http://www.crypto.com/blog/spycerts/ (cit. on p. 154).
Boehret, Katherine (Nov. 23, 2011). “Galaxy Nexus: An In-Your-Face Android Phone.” In: The Wall Street Journal. http://online.wsj.com/article/SB10001424052970204531404577054233319145676.html (cit. on p. 125).
Bogdanov, Andrey, Dmitry Khovratovich, and Christian Rechberger (2011). “Biclique Cryptanalysis of the Full AES.” In: Proceedings of ASIACRYPT. http://www.springerlink.com/content/j5h1350162456m29/ (cit. on p. 103).
Boneh, Dan, Amit Sahai, and Brent Waters (Nov. 2012). “Functional Encryption: A New Vision for Public-Key Cryptography.” In: Commun. ACM 55.11, pp. 56–64. ISSN: 0001-0782. DOI: 10.1145/2366316.2366333. http://doi.acm.org/10.1145/2366316.2366333 (cit. on p. 313).
Borisov, Nikita, Ian Goldberg, and David Wagner (2001). “Intercepting Mobile Communications: The Insecurity of 802.11.” In: Proceedings of MOBICOM 2001. http://www.cs.berkeley.edu/~daw/papers/wep-mob01.ps (cit. on pp. 175, 177).
Bowen, Brian M. (2011). “Design and Analysis of Decoy Systems for Computer Security.” PhD thesis. Columbia University. http://academiccommons.columbia.edu/download/fedora_content/download/ac:132237/CONTENT/Bowen_columbia_0054D_10190.pdf (cit. on p. 74).
Bowen, Brian M., Shlomo Hershkop, Angelos D. Keromytis, and Salvatore J. Stolfo (2009). “Baiting Inside Attackers Using Decoy Documents.” In: Proceedings of the 5th International ICST Conference on Security and Privacy in Communication Networks (SecureComm). http://www.cs.columbia.edu/~bmbowen/papers/DecoyDocumentsCameraReadySECCOM09.pdf (cit. on p. 74).
Brainard, John G., Ari Juels, Ronald L. Rivest, Michael Szydlo, and Moti Yung (2006). “Fourth-factor Authentication: Somebody You Know.” In: ACM Conference on Computer and Communications Security, pp. 168–178. http://www.rsasecurity.ca/rsalabs/staff/bios/ajuels/publications/fourth-factor/ccs084-juels.pdf (cit. on p. 123).
Broad, William J., John Markoff, and David E. Sanger (Jan. 15, 2011). “Israeli Test on Worm Called Crucial in Iran Nuclear Delay.” In: The New York Times. http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html (cit. on p. 37).
Brodkin, Jon (June 18, 2012). “Annals of Bad Luck: When Primary, Backup, and Second Backup Power Fail.” In: Ars Technica. http://arstechnica.com/information-technology/2012/06/annals-of-bad-luck-when-primary-backup-and-second-backup-power-fail/ (cit. on p. 192).
Brooks Jr., Frederick P. (Apr. 1987). “No Silver Bullet: Essence and Accidents of Software Engineering.” In: Computer 20.4, pp. 10–19. ISSN: 0018-9162. DOI: 10.1109/MC.1987.1663532. (Cit. on p. 208).
Bryant, B. (Feb. 8, 1988). Designing an Authentication System: A Dialogue in Four Scenes. Draft. http://web.mit.edu/kerberos/dialogue.html (cit. on pp. 81, 84).
Bujold, Lois McMaster (1990). The Vor Game. New York: Baen. (Cit. on p. 247).
Bumiller, Elisabeth (Apr. 27, 2010). “We Have Met the Enemy and He Is PowerPoint.” In: The New York Times. http://www.nytimes.com/2010/04/27/world/27powerpoint.html (cit. on p. 198).
Burke, Kathleen (June 10, 2015). “‘Free Credit Monitoring’ After Data Breaches is More Sucker than Succor.” In: MarketWatch. http://www.marketwatch.com/story/free-credit-monitoring-after-data-breaches-is-more-sucker-than-succor-2015-06-10 (cit. on p. 222).
Burroughs, Edgar Rice (1920). Thuvia, Maid of Mars. Chicago: A.C. McClurg & Co. http://www.gutenberg.org/ebooks/72 (cit. on p. 36).
Burroughs, Edgar Rice (1922). The Chessmen of Mars. Chicago: A.C. McClurg & Co. http://www.gutenberg.org/ebooks/1153 (cit. on p. 185).
Butler, Brandon (June 24, 2014). “A Wakeup Call for the Cloud.” In: NetworkWorld. http://www.networkworld.com/article/2366862/iaas/a-wakeup-call-for-the-cloud.html (cit. on p. 287).
Capehart, George (May 13, 2012a). “The Wikileaks Brouhaha: Shooting the Messengers and Ignoring the Elephants, Part 1.” In: Daily Kos. http://www.dailykos.com/story/2012/05/14/1091460/-The-WikiLeaks-Brouhaha-Shooting-the-Messengers-and-Ignoring-the-Elephants-Part-1?detail=hide (cit. on p. 73).
Capehart, George (May 15, 2012b). “The Wikileaks Brouhaha: Shooting the Messengers and Ignoring the Elephants, Part 2.” In: Daily Kos. http://www.dailykos.com/story/2012/05/15/1091858/-The-WikiLeaks-Brouhaha-Shooting-the-Messengers-and-Ignoring-the-Elephants-Part-2?detail=hide (cit. on p. 73).
Capehart, George (May 16, 2012c). “The Wikileaks Brouhaha: Shooting the Messengers and Ignoring the Elephants, Part 3.” In: Daily Kos. http://www.dailykos.com/story/2012/05/17/1092355/-The-Wikileaks-Brouhaha-Shooting-the-Messengers-and-Ignoring-the-Elephants-Part-3?detail=hide (cit. on p. 73).
Capehart, George (May 19, 2012d). “The Wikileaks Brouhaha: Shooting the Messengers and Ignoring the Elephants, Part 4.” In: Daily Kos. http://www.dailykos.com/story/2012/05/19/1093112/-The-WikiLeaks-Brouhaha-Shooting-the-Messengers-and-Ignoring-the-Elephants-Part-4?detail=hide (cit. on p. 73).
Capehart, George (June 11, 2012e). “The Wikileaks Brouhaha: Shooting the Messengers and Ignoring the Elephants, Part 5.” In: Daily Kos. http://www.dailykos.com/story/2012/06/11/1096025/-The-Wikileaks-Brouhaha-Shooting-the-Messengers-and-Ignoring-the-Elephants-Part-5 (cit. on p. 73).
Carroll, Lewis (1872). Through the Looking-Glass, and What Alice Found There. London: Macmillan and Co. https://www.gutenberg.org/ebooks/12 (cit. on pp. 3, 301).
Cavoukian, Ann (2009). Privacy by Design: Take the Challenge. Ann Cavoukian. http://www.privacybydesign.ca/content/uploads/2010/03/PrivacybyDesignBook.pdf (cit. on p. 314).
CERT (June 12, 2012). SYSRET 64-Bit Operating System Privilege Escalation Vulnerability on Intel CPU Hardware. Tech. rep. VU#649219. US-CERT. http://www.kb.cert.org/vuls/id/649219 (cit. on p. 187).
Chan, Casey (Oct. 21, 2011). “Anyone with a Smart Cover Can Break into Your iPad 2.” In: Gizmodo. http://gizmodo.com/5852036/how-to-break-into-any-ipad-2-with-just-a-smart-cover (cit. on p. 7).
Checkoway, Stephen, Ruben Niederhagen, Adam Everspaugh, Matthew Green, Tanja Lange, Thomas Ristenpart, Daniel J. Bernstein, Jake Maskiewicz, Hovav Shacham, and Matthew Fredrikson (Aug. 2014). “On the Practical Exploitability of Dual EC in TLS Implementations.” In: 23rd USENIX Security Symposium (USENIX Security 14). San Diego, CA: USENIX Association, pp. 319–335. ISBN: 978-1-931971-15-7. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/checkoway (cit. on p. 100).
Chen, Shuo, John Dunagan, Chad Verbowski, and Yi-Min Wang (2005). “A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities.” In: Proceedings of NDSS 2005. http://research.microsoft.com/en-us/um/people/jdunagan/leastprivilegetracing-ndss-2005.pdf (cit. on p. 42).
Chess, Brian and Jacob West (2007). Secure Programming with Static Analysis. Upper Saddle River, NJ: Addison-Wesley. (Cit. on p. 209).
Cheswick, William R. (Jan. 1992). “An Evening with Berferd, in which a Cracker is Lured, Endured, and Studied.” In: Proc. Winter USENIX Conference. San Francisco, CA. http://www.cheswick.com/ches/papers/berferd.ps (cit. on p. 188).
Cheswick, William R. (2010). “Back to Berferd.” In: Proceedings of the 26th Annual Computer Security Applications Conference. ACSAC ‘10. Austin, Texas: ACM, pp. 281–286. ISBN: 978-1-4503-0133-6. DOI: 10.1145/1920261.1920303. http://doi.acm.org/10.1145/1920261.1920303 (cit. on pp. 70, 188).
Cheswick, William R. and Steven M. Bellovin (1994). Firewalls and Internet Security: Repelling the Wily Hacker. 1st ed. Reading, MA: Addison-Wesley. http://www.wilyhacker.com/1e/ (cit. on pp. 11, 22, 61, 81, 188).
Cheswick, William R., Steven M. Bellovin, and Aviel D. Rubin (2003). Firewalls and Internet Security; Repelling the Wily Hacker. 2nd ed. Reading, MA: Addison-Wesley. http://www.wilyhacker.com/ (cit. on pp. 61, 62, 161, 250, 289).
Clark, Sandy, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze (2011). “Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System.” In: Proceedings of the Usenix Security Symposium. http://www.usenix.org/events/sec11/tech/full_papers/Clark.pdf (cit. on p. 105).
Clarke, Arthur C. (1953). Childhood’s End. New York: Ballantine Books. (Cit. on pp. 205, 380).
Clarke, Richard A. and Robert K. Knake (2010). Cyber War: The Next Threat to National Security and What to Do About It. New York: Ecco. (Cit. on pp. 17, 18, 74).
Clayton, Richard (2005). “Anonymity and Traceability in Cyberspace.” Also published as technical report UCAM-CL-TR-653. PhD thesis. University of Cambridge, Darwin College. http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-653.html (cit. on p. 172).
Cohen, Fred (1986). “Computer Viruses.” PhD thesis. University of Southern California. https://all.net/books/Dissertation.pdf (cit. on p. 46).
Cohen, Fred (1987). “Computer Viruses: Theory and Experiments.” In: Computers & Security 6.1, pp. 22–35. (Cit. on p. 49).
Comerford, Richard (Oct. 1998). “State of the Internet: Roundtable 4.0.” In: IEEE Spectrum 35.10, pp. 69–79. ISSN: 0018-9235. DOI: 10.1109/MSPEC.1998.722325. (Cit. on p. 5).
Comptroller General (Dec. 13, 1991). Public Law 106-229—Electronic Signatures in Global and National Commerce Act. http://www.gpo.gov/fdsys/pkg/PLAW-106publ229/content-detail.html (cit. on p. 165).
Computer Science and Telecommunications Board (1997). ADA and Beyond: Software Policies for the Department of Defense. Washington, DC: National Academy Press. http://www.nap.edu/catalog.php?record_id=5463 (cit. on p. 208).
Conti, Gregory and James Caroland (July–Aug. 2011). “Embracing the Kobayashi Maru: Why You Should Teach Your Students to Cheat.” In: IEEE Security & Privacy 9.4, pp. 48–51. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5968086 (cit. on p. 26).
Cooper, D., S. Santesson, S. Farrell, S. Boeyen, Russ Housley, and William Polk (May 2008). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280. http://www.rfc-editor.org/rfc/rfc5280.txt (cit. on pp. 150, 161).
Cowan, Crispin, Steve Beattie, John Johansen, and Perry Wagle (2003). “Pointguard: Protecting Pointers from Buffer Overflow Vulnerabilities.” In: Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12. SSYM’03. Washington, DC: USENIX Association, pp. 7–7. http://dl.acm.org/citation.cfm?id=1251353.1251360 (cit. on pp. 206, 313).
Crossman, Penny (June 10, 2013). “New Breed of Banking Malware Hijacks Text Messages.” In: American Banker. http://www.americanbanker.com/issues/178_111/new-breed-of-banking-malware-hijacks-text-messages-1059745-1.html (cit. on p. 123).
Cui, Ang and Salvatore J. Stolfo (2010). “A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-Area Scan.” In: Proceedings of Annual Computer Security Applications Conference (ACSAC). http://www.hacktory.cs.columbia.edu/sites/default/files/paper-acsac.pdf (cit. on p. 54).
Cui, Ang and Salvatore J. Stolfo (Dec. 27, 2011). “Print Me If You Dare: Firmware Modification Attacks and the Rise of Printer Malware.” In: The 28th Chaos Communication Congress. http://ids.cs.columbia.edu/sites/default/files/CuiPrintMeIfYouDare.pdf (cit. on p. 64).
Darlin, Damon (Sept. 7, 2008). “Hewlett-Packard Spied on Writers in Leaks.” In: The New York Times. http://www.nytimes.com/2006/09/08/technology/08hp.html (cit. on p. 254).
Daugman, John (2006). “Probing the Uniqueness and Randomness of IrisCodes: Results from 200 Billion Iris Pair Comparisons.” In: Proceedings of the IEEE 94.11, pp. 1927–1935. http://www.cl.cam.ac.uk/users/jgd1000/ProcIEEEnov2006Daugman.pdf (cit. on p. 124).
Debar, Hervé and Andreas Wespi (2001). “Aggregation and Correlation of Intrusion-Detection Alerts.” In: Recent Advances in Intrusion Detection. Ed. by Wenke Lee, Ludovic Mé, and Andreas Wespi. Vol. 2212. Lecture Notes in Computer Science. 10.1007/3-540-45474-8_6. Springer Berlin / Heidelberg, pp. 85–103. ISBN: 978-3-540-42702-5. http://dx.doi.org/10.1007/3-540-45474-8_6 (cit. on p. 50).
DeBuvitz, William (Jan. 1989). “New Chemical Element Discovered.” In: The Physics Teacher. http://www.lhup.edu/~DSIMANEK/administ.htm (cit. on p. 194).
Denning, Dorothy E. and Giovanni M. Sacco (Aug. 1981). “Timestamps in Key Distribution Protocols.” In: Communications of the ACM 24.8, pp. 533–536. (Cit. on p. 86).
Department of Justice (June 2005). Electronic Surveillance Manual. Original from http://www.justice.gov/criminal/foia/docs/elec-sur-manual.pdf. https://www.cs.columbia.edu/~smb/Thinking_Security/docs/elec-sur-manual.pdf (cit. on p. 180).
Dierks, T. and Eric K. Rescorla (Aug. 2008). The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. http://www.rfc-editor.org/rfc/rfc5246.txt (cit. on pp. 82, 104).
Diffie, Whitfield and Martin E. Hellman (Nov. 1976). “New Directions in Cryptography.” In: IEEE Transactions on Information Theory IT-22.6, pp. 644–654. (Cit. on pp. 104, 149, 163).
Dijkstra, E. W. (Apr. 1970). “Structured Programming.” In: Software Engineering Techniques. Ed. by J. N. Buxton and B. Randell. http://homepages.cs.ncl.ac.uk/brian.randell/NATO/nato1969.PDF (cit. on p. 243).
Dobbertin, Hans (Summer 1996). “The Status of MD5 After a Recent Attack.” In: CryptoBytes 2.2. (Cit. on p. 161).
DoD (1985a). DoD Trusted Computer System Evaluation Criteria. Tech. rep. 5200.28-STD. DoD Computer Security Center. http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt (cit. on pp. 49, 236).
DoD (1985b). DoD Password Management Guideline. Tech. rep. CSC-STD-002-85. DoD Computer Security Center. http://csrc.nist.gov/publications/secpubs//rainbow/std002.txt (cit. on p. 114).
Dodis, Yevgeniy, Leonid Reyzin, and Adam Smith (2007). “Fuzzy Extractors: A Brief Survey of Results from 2004 to 2006.” In: Security with Noisy Data. Ed. by Pim Tuyls, Boris Skoric, and Tom Kevenaar. Berlin: Springer. http://www.cs.bu.edu/~reyzin/fuzzysurvey.html (cit. on p. 127).
Domin, Rusty (May 23, 2007). “2 Sentenced in Coke Trade Secret Case.” In: CNN Money. http://money.cnn.com/2007/05/23/news/newsmakers/coke/ (cit. on p. 20).
Drew, Christopher (June 4, 2011). “Stolen Data Is Tracked to Hacking at Lockheed.” In: The New York Times. http://www.nytimes.com/2011/06/04/technology/04security.html (cit. on pp. 132, 251).
Drew, Christopher and Somini Sengupta (June 23, 2013). “N.S.A. Leak Puts Focus on System Administrators.” In: The New York Times. https://www.nytimes.com/2013/06/24/technology/nsa-leak-puts-focus-on-system-administrators.html (cit. on p. 278).
Ducklin, Paul (Feb. 24, 2014). “Anatomy of a ‘goto fail’—Apple’s SSL Bug Explained, Plus an Unofficial Patch for OS X!” In: Naked Security. http://nakedsecurity.sophos.com/2014/02/24/anatomy-of-a-goto-fail-apples-ssl-bug-explained-plus-an-unofficial-patch/ (cit. on p. 182).
Ducklin, Paul (Sept. 28, 2015). “Why Word Malware is BASIC: SophosLabs Takes Apart a Booby-Trapped Document.” In: Sophos Blog. https://blogs.sophos.com/2015/09/28/why-word-malware-is-basic/ (cit. on p. 56).
Duff, Tom (Spring 1989a). “Experiences with Viruses on UNIX Systems.” In: Computer Systems 2.2, pp. 155–171. http://www.usenix.org/publications/compsystems/1989/spr_duff.pdf (cit. on p. 46).
Duff, Tom (Winter 1989b). “Viral Attacks on UNIX System Security.” In: Proceedings of the Usenix Conference. (Cit. on p. 46).
Eastlake 3rd, D. (Mar. 1999). Domain Name System Security Extensions. RFC 2535. http://www.rfc-editor.org/rfc/rfc2535.txt (cit. on p. 91).
Eastlake 3rd, D. and T. Hansen (May 2011). US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF). RFC 6234. http://www.rfc-editor.org/rfc/rfc6234.txt (cit. on p. 101).
Eastlake 3rd, D., J. Reagle, and D. Solo (Mar. 2002). (Extensible Markup Language) XML-Signature Syntax and Processing. RFC 3275. http://www.rfc-editor.org/rfc/rfc3275.txt (cit. on p. 104).
Eastlake 3rd, D., Jeffrey I. Schiller, and S. Crocker (June 2005). Randomness Requirements for Security. RFC 4086. http://www.rfc-editor.org/rfc/rfc4086.txt (cit. on p. 122).
Editorial Board, New York Times (July 19, 2015). “Defining ‘Employee’ in the Gig Economy.” In: The New York Times. http://www.nytimes.com/2015/07/19/opinion/sunday/defining-employee-in-the-gig-economy.html (cit. on p. 77).
Edwards, M. (Feb. 15, 2000). “Something Old, Something New: DNS Hijacking.” In: Windows IT Pro. http://windowsitpro.com/networking/something-old-something-new-dns-hijacking (cit. on pp. 160, 215).
Egelman, Serge, Lorrie Faith Cranor, and Jason Hong (2008). “You’ve Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings.” In: Proceedings of the Twenty-Sixth Annual SIGCHI Conference on Human Factors in Computing Systems. CHI ‘08. Florence, Italy: ACM, pp. 1065–1074. ISBN: 978-1-60558-011-1. DOI: 10.1145/1357054.1357219. http://doi.acm.org/10.1145/1357054.1357219 (cit. on p. 191).
Eichin, M. W. and J. A. Rochlis (May 1989). “With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988.” In: Proc. IEEE Symposium on Research in Security and Privacy. Oakland, CA, pp. 326–345. http://dl.acm.org/citation.cfm?id=63528 (cit. on pp. 46, 288).
Electronic Frontier Foundation (July 1998). Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design. O’Reilly & Associates. ISBN: 1-565-92520-3. (Cit. on p. 102).
Ellement, John (Apr. 1, 2004). “Bail Set a [sic] $600,000 for Former Researcher.” In: The Boston Globe. http://www.boston.com/news/education/higher/articles/2004/04/01/bail_set_a_600000_for_former_researcher/ (cit. on p. 254).
Ellison, Carl (Sept. 1999). SPKI Requirements. RFC 2692. http://www.rfc-editor.org/rfc/rfc2692.txt (cit. on p. 168).
Ellison, Carl (2007). Ceremony Design and Analysis. IACR eprint archive 2007/399. http://eprint.iacr.org/2007/399.pdf (cit. on p. 156).
Ellison, Carl, B. Frantz, B. Lampson, Ronald L. Rivest, B. Thomas, and Tatu Ylönen (Sept. 1999). SPKI Certificate Theory. RFC 2693. http://www.rfc-editor.org/rfc/rfc2693.txt (cit. on p. 168).
Esposito, Richard, Matthew Cole, and Robert Windrem (Aug. 29, 2013). “Snowden Impersonated NSA Officials, Sources Say.” In: NBC News. http://investigations.nbcnews.com/_news/2013/08/29/20234171-snowden-impersonated-nsa-officials-sources-say (cit. on p. 278).
Evans, C. (June 14, 2011). “New Chromium Security Features, June 2011.” In: The Chromium Blog. http://blog.chromium.org/2011/06/new-chromium-security-features-june.html (cit. on p. 167).
Evans, C., C. Palmer, and R. Sleevi (Apr. 2015). Public Key Pinning Extension for HTTP. RFC 7469. http://www.rfc-editor.org/rfc/rfc7469.txt (cit. on p. 159).
Fahl, Sascha, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith (2012). “Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security.” In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM, pp. 50–61. (Cit. on p. 197).
Falliere, Nicolas, Liam O Murchu, and Eric Chien (Feb. 2011). W32.Stuxnet Dossier. Symantec Security Response. Version 1.4. http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf (cit. on pp. 37, 50, 55, 164, 194, 269).
Farley, R.D. and H.F. Schorreck (Aug. 1982). Oral History Interview with Dr. Solomon Kullback. http://www.nsa.gov/public_info/_files/oral_history_interviews/nsa_oh_17_82_kullback.pdf (cit. on p. 87).
Federal Trade Commission (June 24, 2010). Twitter Settles Charges that it Failed to Protect Consumers’ Personal Information; Company Will Establish Independently Audited Information Security Program. http://www.ftc.gov/opa/2010/06/twitter.shtm (cit. on p. 194).
Federal Trade Commission (May 2014). Data Brokers: A Call for Transparency and Accountability. http://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf (cit. on p. 224).
Feilner, Markus (2006). OpenVPN: Building and Integrating Virtual Private Networks. Birmingham, UK: Packt Publishing. http://www.openvpn.net (cit. on p. 95).
Felten, Edward W. (Nov. 3, 2009). “Election Day; More Unguarded Voting Machines.” In: Freedom to Tinker (blog). https://freedom-to-tinker.com/blog/felten/election-day-moreunguarded-voting-machines/ (cit. on p. 55).
Fenker, S.P. and K.W. Bowyer (Jan. 2011). “Experimental Evidence of a Template Aging Effect in Iris Biometrics.” In: 2011 IEEE Workshop on Applications of Computer Vision (WACV), pp. 232–239. DOI: 10.1109/WACV.2011.5711508. (Cit. on p. 128).
Ferguson, N., J. Kelsey, S. Lucks, Bruce Schneier, M. Stay, David Wagner, and D. Whiting (2000). “Improved Cryptanalysis of Rijndael.” In: Seventh Fast Software Encryption Workshop. http://www.schneier.com/paper-rijndael.pdf (cit. on p. 103).
Field, Tom (Dec. 24, 2010). “Marcus Ranum on 2011 Security Outlook.” In: Bank Info Security. http://www.bankinfosecurity.com/marcus-ranum-on-2011-security-outlook-a-3205/op-1 (cit. on p. 73).
Fillinger, Maximilian Johannes (2013). “Reconstructing the Cryptanalytic Attack behind the Flame Malware.” MA thesis. Universiteit van Amsterdam. http://www.illc.uva.nl/Research/Reports/MoL-2013-23.text.pdf (cit. on pp. 28, 83).
Fine, Glenn A. (Aug. 2003). A Review of the FBI’s Performance in Deterring, Detecting, and Investigating the Espionage Activities of Robert Philip Hanssen. Unclassified executive summary. http://www.usdoj.gov/oig/special/0308/index.htm (cit. on p. 35).
Finke, Jon (Sept. 1994). “Monitoring Usage of Workstations with a Relational Database.” In: 8th System Administration Conference (LISA). Usenix. San Diego. http://static.usenix.org/publications/library/proceedings/lisa94/finke.html (cit. on p. 286).
Finke, Jon (Oct. 1997a). “Automation of Site Configuration Management.” In: The 11th Systems Administration Conference (LISA). Usenix. http://static.usenix.org/publications/library/proceedings/lisa97/full_papers/18.finke/18.pdf (cit. on p. 274).
Finke, Jon (Oct. 1997b). “Monitoring Application Use with License Server Logs.” In: The 11th Systems Administration Conference (LISA). Usenix. http://static.usenix.org/publications/library/proceedings/lisa97/full_papers/03.finke/03.pdf (cit. on p. 286).
Finke, Jon (Dec. 2000). “An Improved Approach to Generating Configuration Files from a Database.” In: The 14th Systems Administration Conference (LISA). Usenix. New Orleans, pp. 23–38. http://www.rpi.edu/~finkej/Papers/LISA2000-FileGen.pdf (cit. on p. 274).
Finke, Jon (2003). “Generating Configuration Files: The Directors Cut.” In: The 17th Systems Administration Conference. Usenix, pp. 105–204. http://static.usenix.org/events/lisa03/tech/finke.html (cit. on p. 274).
FINRA (Jan. 2010). Guidance on Blogs and Social Networking Web Sites. Tech. rep. 10-06. Financial Industry Regulatory Authority. http://www.finra.org/Industry/Regulation/Notices/2010/P120779 (cit. on p. 76).
FINRA (Sept. 2011). Guide to the Web for Registered Representatives. Web page. http://www.finra.org/industry/issues/advertising/p006118 (cit. on p. 76).
Flaherty, Mary Pat (Aug. 21, 2008). “Ohio Voting Machines Contained Programming Error That Dropped Votes.” In: The Washington Post. http://www.freerepublic.com/focus/f-news/2065845/posts (cit. on p. 55).
Florêncio, Dinei and Cormac Herley (2010). “Where Do Security Policies Come From?” In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 10. http://dl.acm.org/citation.cfm?id=1837124 (cit. on p. 112).
Florêncio, Dinei, Cormac Herley, and Baris Coskun (2007). “Do Strong Web Passwords Accomplish Anything?” In: Proceedings of HOTSEC ‘07. http://www.usenix.org/events/hotsec07/tech/full_papers/florencio/florencio.pdf (cit. on pp. xii, 109).
Ford-Hutchinson, P. (Oct. 2005). Securing FTP with TLS. RFC 4217. http://www.rfc-editor.org/rfc/rfc4217.txt (cit. on p. 24).
Forrest, Stephanie and Anil Somayaji (Aug. 2000). “Automated Response Using System-Call Delays.” In: Proceedings of the 9th Usenix Security Symposium. (Cit. on p. 72).
Frankel, Sheila, P. Hoffman, Angela Orebaugh, and Richard Park (July 2008). Guide to SSL VPNs. NIST Special Publication 800-113. http://csrc.nist.gov/publications/nistpubs/800-113/SP800-113.pdf (cit. on p. 95).
Fuller, V. and T. Li (Aug. 2006). Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan. RFC 4632. http://www.rfc-editor.org/rfc/rfc4632.txt (cit. on p. 93).
Gage, Deborah (Feb. 15, 2008). “Virus from China the Gift that Keeps on Giving.” In: SFGate. http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/02/14/BU47V0VOH.DTL (cit. on p. 53).
Galbally, Javier, Arun Ross, Marta Gomez-Barrero, Julian Fierrez, and Javier Ortega-Garcia (2013). “Iris Image Reconstruction from Binary Templates: An Efficient Probabilistic Approach Based on Genetic Algorithms.” In: Computer Vision and Image Understanding 117.10, pp. 1512–1525. http://www.sciencedirect.com/science/article/pii/S1077314213001070 (cit. on p. 126).
Gallagher, Sean (Nov. 21, 2012). “French Fried: US Allegedly Hacked Sarkozy’s Office with Flame.” In: Ars Technica. http://arstechnica.com/security/2012/11/french-fried-us-allegedly-hacked-sarkozys-office-with-flame/ (cit. on p. 18).
Galperin, Eva, Seth Schoen, and Peter Eckersley (Sept. 13, 2011). “A Post Mortem on the Iranian DigiNotar Attack.” In: Deep Links (blog). https://www.eff.org/deeplinks/2011/09/post-mortem-iranian-diginotar-attack (cit. on pp. 153, 262).
Ganesan, R. and C. Davies (1994). “A New Attack on Random Pronounceable Password Generators.” In: Proceedings of the 17th NIST-NCSC National Computer Security Conference. http://fortdodgewebsites.com/docs/ANewAttackonRandomPronounceablePassw.pdf (cit. on p. 122).
Garfinkel, Simson L. (1995). PGP: Pretty Good Privacy. Sebastopol, CA: O’Reilly & Associates. (Cit. on p. 167).
Garfinkel, Simson L. and Robert C. Miller (2005). “Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express.” In: SOUPS ‘05: Proceedings of the 2005 Symposium on Usable Privacy and Security. Pittsburgh, PA: ACM, pp. 13–24. ISBN: 1-59593-178-3. DOI: http://doi.acm.org/10.1145/1073001.1073003. (Cit. on p. 105).
Garfinkel, Simson L. and A. Shelat (Jan.–Feb. 2003). “Remembrance of Data Passed: A Study of Disk Sanitization Practices.” In: IEEE Security & Privacy 1.1, pp. 17–27. ISSN: 1540-7993. DOI: 10.1109/MSECP.2003.1176992. (Cit. on p. 92).
Garfinkel, Tal and Mendel Rosenblum (2003). “Virtual Machine Introspection Based Architecture for Intrusion Detection.” In: Proceedings of NDSS ‘03. http://www.isoc.org/isoc/conferences/ndss/03/proceedings/papers/13.pdf (cit. on p. 188).
Gentry, Craig (Mar. 2010). “Computing Arbitrary Functions of Encrypted Data.” In: Communications of the ACM 53.3, pp. 97–105. http://crypto.stanford.edu/craig/easy-fhe.pdf (cit. on p. 313).
Georgiev, Martin, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, and Vitaly Shmatikov (2012). “The Most Dangerous Code in the World: Validating SSL Certificates in Non-browser Software.” In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM, pp. 38–49. (Cit. on p. 197).
Gerrold, David (1972). When Harlie Was One. New York: Ballantine Books. (Cit. on pp. 45, 311).
Gilbert, W. S. and Arthur Sullivan (1875). Trial by Jury. London: Chappell & Co. (Cit. on p. 225).
Gilbert, W. S. and Arthur Sullivan (1885). The Mikado. New York: W. A. Pond. (Cit. on p. 239).
Goldman, William (1987). The Princess Bride. Movie. (Cit. on pp. 12, 379).
Goldstein, Matthew (July 22, 2015). “4 Arrested in Schemes Said to Be Tied to JPMorgan Chase Breach.” In: The New York Times. http://www.nytimes.com/2015/07/22/business/dealbook/4-arrested-in-schemes-said-to-be-tied-to-jpmorgan-chase-breach.html (cit. on pp. 40, 224).
Golić, Jovan (1997). “Linear Statistical Weakness of Alleged RC4 Keystream Generator.” In: Advances in Cryptology—EUROCRYPT ‘97. Ed. by Walter Fumy. Vol. 1233. Lecture Notes in Computer Science. 10.1007/3-540-69053-0_16. Springer Berlin / Heidelberg, pp. 226–238. ISBN: 978-3-540-62975-7. http://dx.doi.org/10.1007/3-540-69053-0_16 (cit. on p. 100).
Goodin, Dan (Sept. 23, 2009). “Texas Instruments Aims Lawyers at Calculator Hackers.” In: The Register. http://www.theregister.co.uk/2009/09/23/texas_instruments_calculator_hacking/ (cit. on p. 82).
Goodin, Dan (June 13, 2012a). “Attention All Windows Users: Patch Your Systems Now: A Critical IE Vulnerability Microsoft Patched Tuesday Is Under Active Exploit.” In: Ars Technica. http://arstechnica.com/security/2012/06/windows-users-patch-now/ (cit. on pp. 179, 244).
Goodin, Dan (June 7, 2012b). “Crypto Breakthrough Shows Flame Was Designed by World-Class Scientists.” In: Ars Technica. http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/ (cit. on pp. 28, 83, 84, 164).
Goodin, Dan (Aug. 16, 2012c). “Mystery Malware Wreaks Havoc on Energy Sector Computers.” In: Ars Technica. http://arstechnica.com/security/2012/08/shamoon-malware-attack (cit. on p. 310).
Goodin, Dan (Apr. 12, 2013). “Microsoft Tells Windows 7 Users to Uninstall Faulty Security Update.” In: Ars Technica. http://arstechnica.com/security/2013/04/microsoft-tells-windows-7-users-to-uninstall-faulty-security-update/ (cit. on p. 243).
Goodin, Dan (July 12, 2015a). “Hacking Team Orchestrated Brazen BGP Hack to Hijack IPs it Didn’t Own.” In: Ars Technica. http://arstechnica.com/security/2015/07/hacking-team-orchestrated-brazen-bgp-hack-to-hijack-ips-it-didnt-own/ (cit. on p. 300).
Goodin, Dan (Sept. 9, 2015b). “How Highly Advanced Hackers (Ab)used Satellites to Stay Under the Radar.” In: Ars Technica. http://arstechnica.com/security/2015/09/how-highly-advanced-hackers-abused-satellites-to-stay-under-the-radar/ (cit. on p. 87).
Goodin, Dan (Sept. 18, 2015c). “In Blunder Threatening Windows Users, D-Link Publishes Code-Signing Key.” In: Ars Technica. http://arstechnica.com/security/2015/09/in-blunder-threatening-windows-users-d-link-publishes-code-signing-key/ (cit. on p. 165).
Goodin, Dan (Sept. 21, 2015d). “Symantec Employees Fired for Issuing Rogue HTTPS Certificate for Google.” In: Ars Technica. http://arstechnica.com/security/2015/09/symantec-employees-fired-for-issuing-rogue-https-certificate-for-google/ (cit. on p. 160).
Grampp, Fred T. and Robert H. Morris (Oct. 1984). “Unix Operating System Security.” In: AT&T Bell Laboratories Technical Journal 63.8, Part 2, pp. 1649–1672. (Cit. on pp. 54, 113, 114, 264).
Green, Matthew (Sept. 18, 2013). “The Many Flaws of Dual_EC_DRBG.” In: A Few Thoughts on Cryptographic Engineering (blog). http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html (cit. on p. 101).
Greenberg, Andy (Aug. 31, 2012). “Oracle’s Java Security Woes Mount as Researchers Spot a Bug in Its Critical Bug Fix.” In: Forbes. http://www.forbes.com/sites/andygreenberg/2012/08/31/oracles-java-security-woes-mount-as-researchers-spot-a-bug-in-its-critical-bug-fix/ (cit. on pp. 240, 243).
Greenberg, Andy (Aug. 7, 2014). “Hacker Redirects Traffic from 19 Internet Providers to Steal Bitcoins.” In: Wired: Threat Level. http://www.wired.com/2014/08/isp-bitcoin-theft/ (cit. on pp. 215, 310).
Greenberg, Andy (2015a). “Hackers Can Disable a Sniper Rifle—Or Change Its Target.” In: Wired. http://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-target/ (cit. on p. 302).
Greenberg, Andy (July 21, 2015b). “Hackers Remotely Kill a Jeep on the Highway—With Me in It.” In: Wired. http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ (cit. on p. 302).
Griffith, Virgil and Markus Jakobsson (2005). “Messin’ with Texas: Deriving Mother’s Maiden Names Using Public Records.” In: Applied Cryptography and Network Security. Ed. by John Ioannidis, Angelos D. Keromytis, and Moti Yung. Vol. 3531. Lecture Notes in Computer Science. Springer Berlin / Heidelberg, pp. 91–103. ISBN: 978-3-540-26223-7. DOI: http://dx.doi.org/10.1007/11496137_7. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.147.2471&rep=rep1&type=pdf (cit. on p. 122).
Gueury, Marc and Daniel Veditz (Apr. 27, 2009). “Crash in nsTextFrame::ClearTextRun().” In: Mozilla Foundation Security Advisory 2009-23. https://www.mozilla.org/security/announce/2009/mfsa2009-23.html (cit. on p. 241).
Haber, S. and W. S. Stornetta (1991a). “How to Time-Stamp a Digital Document.” In: Advances in Cryptology: Proceedings of CRYPTO ‘90. Springer-Verlag, pp. 437–455. (Cit. on p. 162).
Haber, S. and W. S. Stornetta (1991b). “How to Time-Stamp a Digital Document.” In: Journal of Cryptology 3.2, pp. 99–112. (Cit. on p. 162).
Hagino, Jun-ichiro “itojun” (Oct. 2003). IAB Concerns against Permanent Deployment of Edge-Based Port Filtering. Internet Architecture Board statement. https://www.iab.org/documents/correspondence-reports-documents/docs2003/2003-10-18-edge-filters/ (cit. on p. 253).
Halderman, J. Alex, Brent Waters, and Edward W. Felten (May 2005). “A Convenient Method for Securely Managing Passwords.” In: Proc. 14th Intl. World Wide Web Conference. http://userweb.cs.utexas.edu/~bwaters/publications/papers/www2005.pdf (cit. on p. 119).
Haller, N. (Feb. 1995). The S/KEY One-Time Password System. RFC 1760. http://www.rfc-editor.org/rfc/rfc1760.txt (cit. on p. 129).
Halzack, Sarah (Mar. 11, 2015). “Privacy Advocates Try to Keep ‘Creepy,’ ‘Eavesdropping’ Hello Barbie from Hitting Shelves.” In: The Washington Post. https://www.washingtonpost.com/blogs/the-switch/wp/2015/03/11/privacy-advocates-try-to-keep-creepy-eavesdropping-hello-barbie-from-hitting-shelves/ (cit. on p. 302).
Hamzeh, K., G. Pall, W. Verthein, J. Taarud, W. Little, and G. Zorn (July 1999). Point-to-Point Tunneling Protocol (PPTP). RFC 2637. http://www.rfc-editor.org/rfc/rfc2637.txt (cit. on p. 95).
Handley, Mark, Christian Kreibich, and Vern Paxson (2001). “Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics.” In: Proceedings of the USENIX Security Symposium, pp. 115–131. http://static.usenix.org/events/sec01/handley.html (cit. on pp. 66, 70).
Hanks, S., T. Li, D. Farinacci, and P. Traina (Oct. 1994). Generic Routing Encapsulation (GRE). RFC 1701. http://www.rfc-editor.org/rfc/rfc1701.txt (cit. on p. 95).
Hansen, Stephen E. and E. Todd Atkins (Sept. 1992). “Centralized System Monitoring with Swatch.” In: Unix Security III Symposium. Baltimore, MD: USENIX, pp. 105–117. http://static.usenix.org/publications/library/proceedings/sec92/full_papers/hansen.pdf (cit. on p. 287).
Hansen, Stephen E. and E. Todd Atkins (Nov. 1993). “Automated System Monitoring and Notification with Swatch.” In: 7th System Administration Conference (LISA). Usenix. Monterey. http://static.usenix.org/publications/library/proceedings/lisa93/hansen.html (cit. on p. 287).
Hardt, D., ed. (Oct. 2012). The OAuth 2.0 Authorization Framework. RFC 6749. http://www.rfc-editor.org/rfc/rfc6749.txt (cit. on p. 138).
Harper, Tom (June 22, 2013). “The Other Hacking Scandal: Suppressed Report Reveals that Law Firms, Telecoms Giants and Insurance Companies Routinely Hire Criminals to Steal Rivals’ Information.” In: The Independent. http://www.independent.co.uk/news/uk/crime/the-other-hacking-scandal-suppressed-report-reveals-that-law-firms-telecoms-giants-and-insurance-companies-routinely-hire-criminals-to-steal-rivals-information-8669148.html (cit. on pp. 18, 41).
Heath, Brad (Aug. 24, 2015). “Police Secretly Track Cellphones to Solve Routine Crimes.” In: USA Today. http://www.usatoday.com/story/news/2015/08/23/baltimore-police-stingray-cell-surveillance/31994181/ (cit. on p. 180).
Heath, Laura J. (2005). “An Analysis of the Systemic Security Weaknesses of the U.S. Navy Fleet Broadcasting System, 1967–1974, as Exploited by CWO John Walker.” MAS. US Army Command and General Staff College. http://www.fas.org/irp/eprint/heath.pdf (cit. on p. 278).
Heinlein, Robert A. (1966). The Moon Is a Harsh Mistress. Putnam. (Cit. on p. 311).
Hoare, C.A.R. (Feb. 1981). “The Emperor’s Old Clothes.” In: Communications of the ACM 24.2, pp. 75–83. http://dl.acm.org/citation.cfm?id=358549.358561 (cit. on p. 208).
Hobbs, Alfred Charles (1857). Rudimentary Treatise on the Construction of Door Locks. Ed. by Charles Tomlinson. London: J. Weale. (Cit. on p. 249).
Hoffman, P. and J. Schlyter (Aug. 2012). The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698. http://www.rfc-editor.org/rfc/rfc6698.txt (cit. on p. 159).
Hofmeyr, S. A., Anil Somayaji, and Stephanie Forrest (1998). “Intrusion Detection Using Sequences of System Calls.” In: Journal of Computer Security 6. (Cit. on p. 49).
Hollis, Duncan B (Summer 2011). “An e-SOS for Cyberspace.” In: Harvard International Law Journal 52.2. http://ssrn.com/abstract=1670330 (cit. on p. 17).
Housley, Russ (Sept. 2004). A 224-bit One-way Hash Function: SHA-224. RFC 3874. http://www.rfc-editor.org/rfc/rfc3874.txt (cit. on p. 105).
Housley, Russ (Sept. 2009). Cryptographic Message Syntax (CMS). RFC 5652. http://www.rfc-editor.org/rfc/rfc5652.txt (cit. on p. 104).
Housley, Russ and Tim Polk (2001). Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure. New York: Wiley. (Cit. on p. 150).
Howard, Michael, Jon Pincus, and Jeannette M. Wing (2005). “Measuring Relative Attack Surfaces.” In: Computer Security in the 21st Century. Ed. by D.T. Lee, S.P. Shieh, and J.D. Tygar. Springer US, pp. 109–137. ISBN: 978-0-387-24005-3. DOI: 10.1007/0-387-24006-3_8. http://dx.doi.org/10.1007/0-387-24006-3_8 (cit. on p. 228).
Hypponen, Mikko (Nov. 14, 2011). “Malware Signed with a Governmental Signing Key.” In: F-Secure News from the Lab (blog). http://www.f-secure.com/weblog/archives/00002269.html (cit. on p. 164).
Intel (1983). iAPX 286 Programmer’s Reference Manual. Santa Clara, CA: Intel Corporation. http://bitsavers.trailing-edge.com/pdf/intel/80286/210498-001_1983_iAPX_286_Programmers_Reference_1983.pdf (cit. on p. 47).
Internet Initiative Japan, Inc. (Feb. 2012). “Targeted Attacks and Their Handling.” In: Internet Infrastructure Review: Infrastructure Security. http://www.iij.ad.jp/en/company/development/iir/pdf/iir_vol14_infra_EN.pdf (cit. on p. 164).
Ioannidis, Sotiris and Steven M. Bellovin (June 2001). “Building a Secure Web Browser.” In: Usenix Conference. https://www.cs.columbia.edu/~smb/papers/sub-browser.pdf (cit. on pp. 59, 201).
Ioannidis, Sotiris, Steven M. Bellovin, and Jonathan Smith (Sept. 2002). “Sub-Operating Systems: A New Approach to Application Security.” In: SIGOPS European Workshop. https://www.cs.columbia.edu/~smb/papers/subos.pdf (cit. on p. 59).
Israel, Jerome W. (June 2012). “Why the FBI Can’t Build a Case Management System.” In: IEEE Computer. http://www.computer.org/csdl/mags/co/2012/06/mco2012060073.html (cit. on p. 315).
ITU-T (2012). ITU-T Recommendation X.509—ISO/IEC 9594–8:2005, Information Technology—Open Systems Interconnection—The Directory: Public-Key and Attribute Certificate Frameworks. http://www.itu.int/itu-t/recommendations/rec.aspx?rec=X.509 (cit. on p. 150).
Jacobs, Andrew and Miguel Helft (Jan. 12, 2010). “Google, Citing Attack, Threatens to Exit China.” In: The New York Times. http://www.nytimes.com/2010/01/13/world/asia/13beijing.html (cit. on p. 38).
Johnson, Maritza, Steven M. Bellovin, Robert W. Reeder, and Stuart Schechter (Sept. 2009). “Laissez-Faire File Sharing: Access Control Designed for Individuals at the Endpoints.” In: New Security Paradigms Workshop. https://www.cs.columbia.edu/~smb/papers/nspw-use.pdf (cit. on p. 198).
Johnson, S. C. (1978). Lint, a C Program Checker. Tech. rep. 65. Bell Labs. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.56.1841 (cit. on pp. 53, 209).
Jolly, David (Nov. 10, 2011). “Hacker, Cyclist, Executive, Spy.” In: The New York Times (Green blog). http://green.blogs.nytimes.com/2011/11/10/hacker-cyclist-executive-spy/ (cit. on p. 41).
Joncheray, Laurent (1995). “A Simple Active Attack Against TCP.” In: Proceedings of the Fifth Usenix Unix Security Symposium. Salt Lake City, UT. (Cit. on p. 88).
Jones, Douglas W. and Barbara Simons (2012). Broken Ballots: Will Your Vote Count? Stanford, CA: Center for the Study of Language and Information. http://brokenballots.com/ (cit. on p. 56).
Josefsson, S. (Oct. 2006). The Base16, Base32, and Base64 Data Encodings. RFC 4648. http://www.rfc-editor.org/rfc/rfc4648.txt (cit. on p. 91).
Josifovski, Vanja, Peter Schwarz, Laura Haas, and Eileen Lin (2002). “Garlic: A New Flavor of Federated Query Processing for DB2.” In: Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data. SIGMOD ‘02. Madison, Wisconsin: ACM, pp. 524–532. ISBN: 1-58113-497-5. DOI: 10.1145/564691.564751. http://doi.acm.org/10.1145/564691.564751 (cit. on pp. 217, 284).
Kahn, David (1967). The Codebreakers. New York: Macmillan. (Cit. on pp. 82, 254).
Kahn, David (1991). Seizing the Enigma: The Race to Break the German U-Boat Codes, 1939–1943. Boston: Houghton Mifflin. (Cit. on p. 249).
Kaliski, B. (Sept. 2000). PKCS #5: Password-Based Cryptography Specification Version 2.0. RFC 2898. http://www.rfc-editor.org/rfc/rfc2898.txt (cit. on pp. 127, 133, 140).
Kaminsky, Dan (2008). It’s the End of the Cache as We Know It. Black Ops. http://kurser.lobner.dk/dDist/DMK_BO2K8.pdf (cit. on p. 215).
Kaufman, Charlie, ed. (Dec. 2005). Internet Key Exchange (IKEv2) Protocol. RFC 4306. http://www.rfc-editor.org/rfc/rfc4306.txt (cit. on p. 95).
Kaufman, Charlie, Radia Perlman, and Mike Speciner (2002). Network Security: Private Communication in a Public World. Second. Prentice Hall. (Cit. on p. 256).
Kent, Jonathan (Mar. 31, 2005). “Malaysia Car Thieves Steal Finger.” In: BBC News. http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm (cit. on p. 125).
Kent, Stephen T. and Lynette I. Millett, eds. (2003). Who Goes There? Authentication Through the Lens of Privacy. National Academies Press. http://www.nap.edu/catalog/10656.html (cit. on p. 125).
Kent, Stephen T. and K. Seo (Dec. 2005). Security Architecture for the Internet Protocol. RFC 4301. http://www.rfc-editor.org/rfc/rfc4301.txt (cit. on pp. 95, 104).
Kenyon, Henry (June 30, 2011). “Found Thumb Drives: Another Way Employees are a Security Menace.” In: GCN. http://gcn.com/articles/2011/06/30/dhs-test-found-thumb-drives-disks-network.aspx (cit. on pp. 55, 269).
Kim, Gene and Eugene H. Spafford (1994a). “Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection.” In: Proceedings of Systems Administration, Networking, and Security III. http://docs.lib.purdue.edu/cgi/viewcontent.cgi?article=2114&context=cstech (cit. on pp. 71, 188).
Kim, Gene and Eugene H. Spafford (Nov. 1994b). “The Design and Implementation of Tripwire: A File System Integrity Checker.” In: Proceedings of the 2nd ACM Conference on Computer and Communications Security. https://dl.acm.org/citation.cfm?id=191183 (cit. on pp. 71, 188).
Kim, Gene and Eugene H. Spafford (1994c). “Writing, Supporting, and Evalutaing Tripwire: A Publically Available Security Tool.” In: Proceedings of the Usenix Unix Applications Development Symposium. http://www.usenix.org/publications/library/proceedings/appdev94/kim.html (cit. on pp. 71, 188).
Kim, Hyoungshick, John Tang, and Ross Anderson (2012). “Social Authentication: Harder than it Looks.” In: Proceedings of Financial Cryptography and Data Security. (Cit. on p. 123).
Kivinen, T., B. Swander, A. Huttunen, and V. Volpe (Jan. 2005). Negotiation of NAT-Traversal in the IKE. RFC 3947. http://www.rfc-editor.org/rfc/rfc3947.txt (cit. on p. 95).
Knightley, Phillip (Mar. 12, 2010). “The History of the Honey Trap.” In: Foreign Policy. http://www.foreignpolicy.com/articles/2010/03/12/the_history_of_the_honey_trap (cit. on p. 254).
Knudsen, Lars, Willi Meier, Bart Preneel, Vincent Rijmen, and Sven Verdoolaege (1998). “Analysis Methods for (Alleged) RC4.” In: Advances in Cryptology—ASIACRYPT’98. Ed. by Kazuo Ohta and Dingyi Pei. Vol. 1514. Lecture Notes in Computer Science. 10.1007/3-540-49649-1_26. Springer Berlin / Heidelberg, pp. 327–341. ISBN: 978-3-540-65109-3. http://dx.doi.org/10.1007/3-540-49649-1_26 (cit. on p. 100).
Koenig, Andrew (May 16, 2008). “Interface Design by Adverse Possession.” In: Dr. Dobbs. http://www.drdobbs.com/architecture-and-design/interface-design-by-adverse-possession/228701758 (cit. on p. 48).
Kohnfelder, Loren M. (May 1978). “Toward a Practical Public-Key Cryptosystem.” MA thesis. Department of Electrical Engineering, Massachusetts Institute of Technology. (Cit. on p. 150).
Kolata, Gina (Feb. 20, 2001). “The Key Vanishes: Scientist Outlines Unbreakable Code.” In: The New York Times. http://www.nytimes.com/2001/02/20/science/the-key-vanishes-scientist-outlines-unbreakable-code.html (cit. on p. 39).
Kormanik, Beth (Nov. 16, 2011). “3 Accused of Theft Using a Device at A.T.M.’s.” In: The New York Times. http://www.nytimes.com/2011/11/17/nyregion/chase-atm-fraud-case-indictment-is-unsealed.html (cit. on p. 115).
Koscher, Karl, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage (May 2010). “Experimental Security Analysis of a Modern Automobile.” In: Proceedings of the IEEE Symposium on Security and Privacy. http://www.autosec.org/pubs/cars-oakland2010.pdf (cit. on p. 312).
Kravets, David (July 12, 2011). “Wi-Fi-Hacking Neighbor from Hell Sentenced to 18 Years.” In: Wired: Threat Level. http://www.wired.com/threatlevel/2011/07/hacking-neighbor-from-hell/ (cit. on p. 83).
Krawczyk, H., M. Bellare, and R. Canetti (Feb. 1997). HMAC: Keyed-Hashing for Message Authentication. RFC 2104. http://www.rfc-editor.org/rfc/rfc2104.txt (cit. on p. 140).
Krebs, Brian (Aug. 2, 2007). “New Tool Automates Webmail Account Hijacks.” In: The Washington Post: Security Fix. https://web.archive.org/web/20081006085441/ http://blog.washingtonpost.com/securityfix/2007/08/new_tool_automates_webmail_acc.html (cit. on p. 94).
Krebs, Brian (Aug. 20, 2008). “Web Fraud 2.0: Validating Your Stolen Goods.” In: The Washington Post: Security Fix. http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_try_before_you_bu.html (cit. on p. 32).
Krebs, Brian (Oct. 12, 2009). “E-Banking on a Locked Down (Non-Microsoft) PC.” In: Security Fix (Washington Post blog). http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_down_non.html?wprss=securityfix (cit. on p. 118).
Krebs, Brian (Nov. 8, 2011a). “How Much Is Your Identity Worth?” In: Krebs on Security. http://krebsonsecurity.com/2011/11/how-much-is-your-identity-worth/ (cit. on p. 33).
Krebs, Brian (Sept. 26, 2011b). “‘Right-to-Left Override’ Aids Email Attacks.” In: Krebs on Security. http://krebsonsecurity.com/2011/09/right-to-left-override-aids-email-attacks/ (cit. on p. 9).
Krebs, Brian (June 21, 2012). “A Closer Look: Email-Based Malware Attacks.” In: Krebs on Security. http://krebsonsecurity.com/2012/06/a-closer-look-recent-email-based-malware-attacks/ (cit. on p. 57).
Krebs, Brian (Feb. 13, 2013). “Zero-Day Flaws in Adobe Reader, Acrobat.” In: Krebs on Security. http://krebsonsecurity.com/2013/02/zero-day-flaws-in-adobe-reader-acrobat/ (cit. on p. 300).
Krebs, Brian (Feb. 5, 2014). “Target Hackers Broke in Via HVAC Company.” In: Krebs on Security. http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ (cit. on p. 281).
Krebs, Brian (Apr. 15, 2015). “Critical Updates for Windows, Flash, Java.” In: Krebs on Security. http://krebsonsecurity.com/2015/04/critical-updates-for-windows-flash-java/ (cit. on p. 300).
Kruegel, Christopher and Giovanni Vigna (2003). “Anomaly Detection of Web-based Attacks.” In: Proceedings of the 10th ACM Sonference on Computer and Communications Security. CCS ‘03. Washington DC: ACM, pp. 251–261. ISBN: 1-58113-738-9. DOI: 10.1145/948109.948144. http://doi.acm.org/10.1145/948109.948144 (cit. on p. 286).
Lamport, Leslie (Nov. 1981). “Password Authentication with Insecure Communication.” In: Communications of the ACM 24.11, pp. 770–772. http://dl.acm.org/citation.cfm?id=358797 (cit. on p. 129).
Landau, Susan (2004). “Polynomials in the Nation’s Service: Using Algebra to Design the Advanced Encryption Standard.” In: American Mathematical Monthly, pp. 89–117. (Cit. on p. 103).
Landau, Susan (2013). “Making Sense from Snowden: What’s Significant in the NSA Surveillance Revelations.” In: IEEE Security and Privacy 11.4, pp. 54–63. ISSN: 1540-7993. DOI: 10.1109/ MSP.2013.90. (Cit. on p. 278).
Landau, Susan (Jan.–Feb. 2014). “Highlights from Making Sense of Snowden, Part II: What’s Significant in the NSA Revelations.” In: IEEE Security and Privacy 12.1, pp. 62–64. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6756737 (cit. on p. 278).
Landwehr, Carl E., Alan R. Bull, John P. McDermott, and William S. Choi (Sept. 1994). “A Taxonomy of Computer Program Security Flaws.” In: Computing Surveys 26.3, pp. 211–254. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.85.4150&rep=rep1&type=pdf (cit. on p. 7).
Larus, James R., Thomas Ball, Manuvir Das, Robert DeLine, Manuel Fähndrich, Jon Pincus, Sriram K. Rajamani, and Ramanathan Venkatapathy (May 2004). “Righting Software.” In: IEEE Software 21.3, pp. 92–100. ISSN: 0740-7459. DOI: 10.1109/MS.2004.1293079. (Cit. on p. 209).
Laurie, B., A. Langley, and E. Kasper (June 2013). Certificate Transparency. RFC 6962. http://www.rfc-editor.org/rfc/rfc6962.txt (cit. on p. 160).
Lee, Wenke and Salvatore J. Stolfo (1998). “Data Mining Approaches for Intrusion Detection.” In: 7th USENIX Security Symposium. San Antonio, Texas. http://static.usenix.org/publications/library/proceedings/sec98/lee.html (cit. on p. 50).
Leffall, Jabulani (Oct. 12, 2007). “Are Patches Leading to Exploits?” In: Redmond. http://redmondmag.com/articles/2007/10/12/are-patches-leading-to-exploits.aspx (cit. on pp. 240, 243).
Legnitto, Jan (May 25, 2012). “FBI Warns Travelers Abroad: Watch Out for WiFi Crime at Hotel Hotspots.” In: privatei (blog). http://www.privatewifi.com/fbi-warns-travelers-abroad-watch-out-for-wifi-crime-at-hotel-hotspots/ (cit. on p. 179).
Lemos, Rob (July 28, 1998). “US Report: Gamers Believe Activision’s ‘SiN’ carries CIH Virus.” In: ZDNet UK. http://www.zdnet.co.uk/news/security-management/1998/07/28/us-report-gamers-believe-activisions-sin-carries-cih-virus-2068990/ (cit. on p. 59).
Leyden, John (Dec. 10, 2012). “Saudi Aramco: Foreign Hackers Tried to Cork our Gas Output.” In: The Register. http://www.theregister.co.uk/2012/12/10/saudi_aramco_shamoon_inquest/ (cit. on p. 310).
Li, Wei-Jen, Salvatore J. Stolfo, Angelos Stavrou, Elli Androulaki, and Angelos D. Keromytis (July 2007). “A Study of Malcode-Bearing Documents.” In: Proceedings of 4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment. Lucerne, Switzerland. http://sneakers.cs.columbia.edu/ids/publications/Sparse.pdf (cit. on p. 50).
Li, Zhiwei, Warren He, Devdatta Akhawe, and Dawn Song (Aug. 2014). “The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers.” In: Proc. 23rd USENIX Security Symposium. http://devd.me/papers/pwdmgr-usenix14.pdf (cit. on p. 117).
Libicki, Martin C. (2009). Cyberdeterrence and Cyberwar. Tech. rep. MG-877. Rand Corporation. http://www.rand.org/pubs/monographs/MG877.html (cit. on p. 29).
Lichtman, Doug and Eric Posner (2006). “Holding Internet Service Providers Accountable.” In: Supreme Court Economic Review 14, pp. 221–259. http://www.law.uchicago.edu/files/files/217-dgl-eap-isp.pdf (cit. on p. 253).
Limoncelli, Thomas A., Christina J. Hogan, and Strata R. Chalup (2007). The Practice of System and Network Administration. Boston: Addison-Wesley. (Cit. on p. 273).
Lindholm, Tim and Frank Yellin (1996). The Java Virtual Machine. Reading, MA: Addison-Wesley. (Cit. on p. 23).
Linn, J. (Aug. 1989). Privacy Enhancement for Internet Electronic Mail: Part I—Message Encipherment and Authentication Procedures. RFC 1113. http://www.rfc-editor.org/rfc/rfc1113.txt (cit. on p. 91).
Litke, Pat and Joe Stewart (Aug. 7, 2014). “BGP Hijacking for Cryptocurrency Profit.” In: Dell SecureWorks Counter Threat Unit. http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/ (cit. on pp. 215, 310).
Lochter, M. and J. Merkle (Mar. 2010). Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation. RFC 5639. http://www.rfc-editor.org/rfc/rfc5639.txt (cit. on p. 101).
Lowe, Gavin (1996). “Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR.” In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS). Vol. 1055. Springer-Verlag, Berlin Germany, pp. 147–166. http://www.intercom.virginia.edu/~evans/crab/lowe96breaking.pdf (cit. on pp. 86, 105).
Lucas, Michael W. (2006). PGP & GPG: Email for the Practical Paranoid. San Francisco: No Starch Press. (Cit. on p. 167).
Lynn III, William J. (Sept.–Oct. 2010). “Defending a New Domain.” In: Foreign Affairs 89.5, pp. 97–108. http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new-domain (cit. on p. 55).
Lynn, C., Stephen T. Kent, and K. Seo (June 2004). X.509 Extensions for IP Addresses and AS Identifiers. RFC 3779. http://www.rfc-editor.org/rfc/rfc3779.txt (cit. on p. 152).
MacAskill, Ewen (June 30, 2013). “New NSA Leaks Show How US is Bugging its European Allies.” In: The Guardian. http://www.guardian.co.uk/world/2013/jun/30/nsa-leaks-us-bugging-european-allies (cit. on p. 18).
Madejski, Michelle, Maritza Johnson, and Steven M. Bellovin (2012). “A Study of Privacy Setting Errors in an Online Social Network.” In: Proceedings of SESOC 2012. https://www.cs.columbia.edu/~smb/papers/fb-violations-sesoc.pdf (cit. on p. 197).
Malis, A. and W. Simpson (June 1999). PPP over SONET/SDH. RFC 2615. http://www.rfc-editor.org/rfc/rfc2615.txt (cit. on p. 88).
Mandiant (2013). APT1: Exposing One of China’s Cyber Espionage Units. White paper. http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf (cit. on p. 18).
Markoff, John (Feb. 11, 2011a). “Malware Aimed at Iran Hit Five Sites, Report Says.” In: The New York Times. http://www.nytimes.com/2011/02/13/science/13stuxnet.html (cit. on p. 37).
Markoff, John (Oct. 18, 2011b). “New Malicious Program by Creators of Stuxnet Is Suspected.” In: The New York Times. http://www.nytimes.com/2011/10/19/technology/stuxnet-computer-worms-creators-may-be-active-again.html (cit. on pp. 28, 37).
Markoff, John (Mar. 17, 2011c). “SecurID Company Suffers a Breach of Data Security.” In: The New York Times. http://www.nytimes.com/2011/03/18/technology/18secure.html (cit. on p. 38).
Markoff, John and Thom Shanker (Aug. 1, 2009). “Halted ‘03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk.” In: The New York Times. http://www.nytimes.com/2009/08/02/us/politics/02cyber.html (cit. on p. 18).
Marlinspike, Moxie and David Hulton (July 29, 2012). “Divide and Conquer: Cracking MS-CHAPv2 with a 100% Success Rate.” In: CloudCracker (blog). https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ (cit. on p. 95).
Martin, David M., Sivaramarkrishnan Rajagopalan, and Aviel D. Rubin (Feb. 1997). “Blocking Java Applets at the Firewall.” In: Proceedings of the Symposium on Network and Distributed System Security. San Diego, pp. 16–26. (Cit. on p. 23).
Martin, George R. R. (2000). A Storm of Swords. New York: Bantam Books. (Cit. on p. xv).
Matsui, M. (1994). “Linear Cryptanalysis Method for DES Cipher.” In: Advances in Cryptology—EUROCRYPT ‘93. Ed. by Tor Helleseth. Vol. 765. Lecture Notes in Computer Science. 10.1007/3-540-48285-7_33. Springer Berlin / Heidelberg, pp. 386–397. ISBN: 978-3-540-57600-6. http://dx.doi.org/10.1007/3-540-48285-7_33 (cit. on p. 98).
Matsui, M., J. Nakajima, and S. Moriai (Apr. 2004). A Description of the Camellia Encryption Algorithm. RFC 3713. http://www.rfc-editor.org/rfc/rfc3713.txt (cit. on p. 103).
Matsumoto, Tsutomu, Hiroyuki Matsumoto, Koji Yamada, and Satoshi Hoshino (Jan. 2002). “Impact of Artificial ‘Gummy’ Fingers on Fingerprint Systems.” In: Proceedings of SPIE: Optical Security and Counterfeit Deterrence Techniques IV. Vol. 4677, pp. 275–289. http://dx.doi.org/10.1117/12.462719 (cit. on p. 125).
Maxwell, Winston and Christopher Wolf (May 23, 2012). A Global Reality: Governmental Access to Data in the Cloud. White paper. http://goo.gl/zAmKkO (cit. on p. 193).
Mayer, Alain, Avishai Wool, and E. Ziskind (2000). “Fang: A Firewall Analysis Engine.” In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 177–187. (Cit. on p. 218).
McGraw, Gary (2006). Software Security: Building Security In. Upper Saddle River, NJ: Addison-Wesley. (Cit. on p. 209).
McGraw, Gary and Edward W. Felten (1999). Securing Java: Getting Down to Business with Mobile Code. New York: John Wiley & Sons. http://www.securingjava.com (cit. on p. 23).
McGrew, D., K. Igoe, and M. Salter (Feb. 2011). Fundamental Elliptic Curve Cryptography Algorithms. RFC 6090. http://www.rfc-editor.org/rfc/rfc6090.txt (cit. on p. 100).
McKenzie, Patrick (June 17, 2010). “Falsehoods Programmers Believe About Names.” In: Kalzumeus (blog). http://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/ (cit. on p. 312).
Meserve, Jeanne (Sept. 26, 2007). “Sources: Staged Cyber Attack Reveals Vulnerability in Power Grid.” In: CNN. http://articles.cnn.com/2007-09-26/us/power.at.risk_1_generator-cyber-attack-electric-infrastructure (cit. on p. 20).
Meyer, R. A. and L. H. Seawright (1970). “A Virtual Machine Time-sharing System.” In: IBM Systems Journal 9.3, pp. 199–218. ISSN: 0018-8670. DOI: 10.1147/sj.93.0199. (Cit. on pp. 185, 187).
Meyers, Michelle (Aug. 28, 2009). “Accused Mastermind of TJX Hack to Plead Guilty.” In: CNET News. http://news.cnet.com/8301-1009_3-10320761-83.html (cit. on p. 33).
Michaels, Dave (July 2, 2014). “Hacked Companies Face SEC Scrutiny Over Disclosure, Controls.” In: San Francisco Chronicle. http://www.sfgate.com/business/article/Hacked-companies-face-SEC-scrutiny-over-5596541.php (cit. on p. 287).
Microsoft (Jan. 15, 2009). Microsoft Root Certificate Program. http://technet.microsoft.com/en-us/library/cc751157.aspx (cit. on p. 153).
Miller, Frank (1882). Telegraphic Code to Insure Privacy and Secrecy in the Transmission of Telegrams. New York: Charles M. Cornwell. http://books.google.com/books?id=tT9WAAAAYAAJ&pg=PA1#v=onepage&q&f=false (cit. on p. 122).
Miller, S. P., B. Clifford Neuman, Jeffrey I. Schiller, and J. H. Saltzer (Dec. 1987). “Kerberos Authentication and Authorization System.” In: Project Athena Technical Plan. Section E.2.1. MIT. http://web.mit.edu/Saltzer/www/publications/athenaplan/e.2.1.pdf (cit. on pp. 81, 84).
Mills, Elinor (Aug. 25, 2010). “Bad Flash Drive Caused Worst U.S. Military Breach.” In: CNET News. http://news.cnet.com/8301-27080_3-20014732-245.html (cit. on p. 269).
Milmo, Cahal (June 30, 2006). “Secrets Revealed of Gay ‘Honey Trap’ That Made Spy of Vassall.” In: The Independent. http://www.independent.co.uk/news/uk/this-britain/secrets-revealed-of-gay-honey-trap-that-made-spy-of-vassall-406096.html (cit. on p. 254).
Mitnick, Kevin D., William L. Simon, and Steve Wozniak (2002). The Art of Deception: Controlling the Human Element of Security. New York: John Wiley & Sons. (Cit. on p. 254).
Mockapetris, P.V. (Nov. 1987). Domain Names—Implementation and Specification. RFC 1035. http://www.rfc-editor.org/rfc/rfc1035.txt (cit. on p. 91).
Moore, David, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford, and Nicholas Weaver (July–Aug. 2003). “Inside the Slammer Worm.” In: IEEE Security & Privacy 1.4. http://cseweb.ucsd.edu/~savage/papers/IEEESP03.pdf (cit. on p. 72).
Morris, Robert H. and Ken Thompson (Nov. 1979). “Unix Password Security.” In: Communications of the ACM 22.11, p. 594. http://dl.acm.org/citation.cfm?id=359172 (cit. on pp. xii, 9, 108, 139, 140).
Morse, Stephen (1982). The 8086/8088 Primer. 2nd ed. Indianapolis: Hayden Book Co., Inc. (Cit. on p. 47).
Myers, M., R. Ankney, A. Malpani, S. Galperin, and C. Adams (June 1999). X.509 Internet Public Key Infrastructure Online Certificate Status Protocol—OCSP. RFC 2560. http://www.rfc-editor.org/rfc/rfc2560.txt (cit. on p. 161).
Nakashima, Ellen, Greg Miller, and Julie Tate (June 19, 2012). “U.S., Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Officials Say.” In: The Washington Post. http://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html (cit. on p. 38).
Naraine, Ryan (June 13, 2007). “Exploit Wednesday Follows MS Patch Tuesday.” In: ZDnet. http://www.zdnet.com/blog/security/exploit-wednesday-follows-ms-patch-tuesday/296 (cit. on p. 243).
Naraine, Ryan (Feb. 14, 2012). “Nortel Hacking Attack Went Unnoticed for Almost 10 Years.” In: Zero Day (ZDnet blog). http://www.zdnet.com/blog/security/nortel-hacking-attack-went-unnoticed-for-almost-10-years/10304 (cit. on p. 166).
Narayanan, Arvind and Vitaly Shmatikov (May 2008). “Robust De-anonymization of Large Sparse Datasets.” In: IEEE Symposium on Security and Privacy, pp. 111–125. DOI: 10.1109/SP.2008.33. http://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf (cit. on p. 314).
National Research Council (2010). Letter Report for the Committee on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy. Washington, DC: National Academies Press. http://www.nap.edu/catalog.php?record_id=12886 (cit. on p. 39).
Needham, R. M. and M. Schroeder (Dec. 1978). “Using Encryption for Authentication in Large Networks of Computers.” In: Communications of the ACM 21.12, pp. 993–999. http://dl.acm.org/citation.cfm?id=359659 (cit. on p. 86).
Needham, R. M. and M. Schroeder (Jan. 1987). “Authentication Revisited.” In: Operating Systems Review 21.1, p. 7. (Cit. on p. 86).
Neuman, B. Clifford, T. Yu, S. Hartman, and K. Raeburn (July 2005). The Kerberos Network Authentication Service (V5). RFC 4120. http://www.rfc-editor.org/rfc/rfc4120.txt (cit. on pp. 81, 84).
Newman, Lesléa (1989). Heather Has Two Mommies. Boston: Alyson Wonderland. (Cit. on p. 122).
NIST (July 2013). Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186-4. http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf (cit. on p. 100).
NIST (Aug. 2015a). SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Draft FIPS Pub 202. http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf (cit. on p. 101).
NIST (Oct. 1993). Automated Password Generator (APG). Tech. rep. 181. NIST. http://csrc.nist.gov/publications/fips/fips181/fips181.pdf (cit. on p. 122).
NIST (Aug. 2015b). Secure Hash Standard. Tech. rep. 180-4. NIST. http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf (cit. on pp. 101, 104).
Niven, Larry (1977). Ringworld. New York: Holt, Rinehart and Winston. (Cit. on p. 169).
Niven, Larry (1985). “The Theory and Practice of Teleportation.” In: All the Myriad Ways. New York: Del Rey. (Cit. on p. 21).
Niven, Larry and Jerry Pournelle (1993). The Gripping Hand. New York: Pocket Books. (Cit. on p. 7).
Niven, Larry and Jerry Pournelle (1994). The Mote in God’s Eye. Simon and Schuster. (Cit. on p. 149).
Norman, Don (Dec. 11, 2003). “Proper Understanding of the ‘Human Factor’.” In: RISKS Digest 07. (Cit. on p. 256).
Oates, John (July 21, 2010). “Dell Warns on Spyware Infected Server Motherboards: Windows Snoopware Buried in Server Firmware.” In: The Register. http://www.theregister.co.uk/2010/07/21/dell_server_warning/ (cit. on p. 53).
Office of the National Counterintelligence Executive (Oct. 2011). Foreign Spies Stealing US Economic Secrets in Cyberspace. Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009–2011. http://www.ncix.gov/publications/reports/fecie_all/Foreign_Economic_Collection_2011.pdf (cit. on pp. 18, 20).
Office of the Privacy Commissioner of Canada (Sept. 25, 2007). Report of an Investigation into the Security, Collection and Retention of Personal Information. http://www.priv.gc.ca/cf-dc/2007/TJX_rep_070925_e.cfm (cit. on pp. 82, 120).
Ohm, Paul (2010). “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization.” In: UCLA Law Review 57. U of Colorado Law Legal Studies Research Paper No. 9-12, pp. 1701–1777. http://ssrn.com/abstract=1450006 (cit. on p. 314).
Oprea, Alina, Michael K. Reiter, and Ke Yang (2005). “Space-Efficient Block Storage Integrity.” In: Proceedings of NDSS 2005. http://www.cs.unc.edu/~reiter/papers/2005/NDSS.pdf (cit. on p. 75).
Organick, Elliot (1972). The Multics System: An Examination of its Structure. Cambridge, MA: MIT Press. (Cit. on pp. 58, 59).
Orman, H. and P. Hoffman (Apr. 2004). Determining Strengths for Public Keys Used for Exchanging Symmetric Keys. RFC 3766. http://www.rfc-editor.org/rfc/rfc3766.txt (cit. on p. 100).
Owens, William A., Kenneth W. Dam, and Herbert S. Lin, eds. (2009). Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities. Washington, DC: National Academies Press. http://www.nap.edu/catalog.php?record_id=12651 (cit. on p. 40).
Pappas, Vasilis (2014). “Defending against Return-Oriented Programming.” PhD thesis. Columbia University. (Cit. on p. 206).
Parker, Donn (1976). Crime by Computer. New York: Scribner. (Cit. on p. 32).
Paul, Ryan (Dec. 1, 2011). “Wikileaks Docs Reveal that Governments Use Malware for Surveillance.” In: Ars Technica. http://arstechnica.com/business/news/2011/12/wikileaks-docs-reveal-that-governments-use-malware-for-surveillance.ars (cit. on p. 39).
Pauli, Darren (July 23, 2014). “Attackers Raid SWISS BANKS with DNS and Malware Bombs.” In: The Register. http://www.theregister.co.uk/2014/07/23/ruskie_vxers_change_dns_nuke_malware_in_swiss_bank_raids/ (cit. on p. 123).
Pauli, Darren (Aug. 10, 2015). “HTC Caught Storing Fingerprints AS WORLD-READABLE CLEARTEXT.” In: The Register. http://www.theregister.co.uk/2015/08/10/htc_caught_storing_fingerprints_as_worldreadable_cleartext/ (cit. on p. 124).
Paxson, Vern (1998). “Bro: A System for Detecting Network Intruders in Real-Time.” In: Proceedings of the Seventh USENIX Security Symposium, pp. 31–51. (Cit. on p. 71).
Paxson, Vern (1999). “Bro: A System for Detecting Network Intruders in Real-time.” In: Computer Networks (Amsterdam, Netherlands: 1999) 31.23–24, pp. 2435–2463. (Cit. on p. 71).
Pear, Robert (May 26, 2015). “Tech Rivalries Impede Digital Medical Record Sharing.” In: The New York Times. http://www.nytimes.com/2015/05/27/us/electronic-medical-record-sharing-is-hurt-by-business-rivalries.html (cit. on p. 294).
Perlroth, Nicole (Feb. 10, 2012). “Traveling Light in a Time of Digital Thievery.” In: The New York Times. http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html (cit. on pp. 174, 271).
Perlroth, Nicole (July 21, 2014). “A Tough Corporate Job Asks One Question: Can You Hack It?” In: The New York Times. http://www.nytimes.com/2014/07/21/business/a-tough-corporate-job-asks-one-question-can-you-hack-it.html (cit. on p. 281).
Perlroth, Nicole and Matthew Goldstein (Sept. 13, 2014). “After Breach, JPMorgan Still Seeks to Determine Extent of Attack.” In: The New York Times. http://www.nytimes.com/2014/09/13/technology/after-breach-jpmorgan-still-seeks-to-determine-extent-of-attack.html (cit. on p. 40).
Perlroth, Nicole, Jeff Larson, and Scott Shane (Sept. 6, 2013). “N.S.A. Able to Foil Basic Safeguards of Privacy on Web.” In: The New York Times. http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html (cit. on p. 101).
Perrow, Charles (1999). Normal Accidents: Living with High-Risk Technologies. Princeton, NJ: Princeton University Press. (Cit. on p. 157).
Poe, Robert (May 17, 2006). “The Ultimate Net Monitoring Tool.” In: Wired. http://www.wired.com/science/discoveries/news/2006/05/70914 (cit. on p. 71).
Postel, J. (Sept. 1981). Transmission Control Protocol. RFC 793. http://www.rfc-editor.org/rfc/rfc793.txt (cit. on p. 88).
Postel, J. and J. Reynolds (Oct. 1985). File Transfer Protocol. RFC 959. http://www.rfc-editor.org/rfc/rfc959.txt (cit. on p. 23).
Potter, Shaya, Steven M. Bellovin, and Jason Nieh (Nov. 2009). “Two Person Control Administration: Preventing Administration Faults through Duplication.” In: LISA ‘09. http://www.usenix.org/events/lisa09/tech/full_papers/potter.pdf (cit. on p. 277).
Poulsen, Kevin (Aug. 19, 2003). “Slammer Worm Crashed Ohio Nuke Plant Network.” In: SecurityFocus. http://www.securityfocus.com/news/6767 (cit. on p. 54).
Poulsen, Kevin and Kim Zetter (June 10, 2010). “‘I Can’t Believe What I’m Confessing to You’: The Wikileaks Chats.” In: Wired: Threat Level. http://www.wired.com/2010/06/wikileaks-chat/ (cit. on p. 73).
Powers, Thomas (Dec. 3, 2000). “Computer Security; The Whiz Kid vs. the Old Boys.” In: The New York Times Magazine. http://www.nytimes.com/2000/12/03/magazine/computer-security-the-whiz-kid-vs-the-old-boys.html (cit. on pp. 248, 250).
Prevelakis, Vassilis and Diomidis Spinellis (July 2007). “The Athens Affair.” In: IEEE Spectrum 44.7, pp. 26–33. http://spectrum.ieee.org/telecom/security/the-athens-affair/0 (cit. on p. 235).
Ramachandran, Anirudh and Nick Feamster (2006). “Understanding the Network-level Behavior of Spammers.” In: ACM SIGCOMM Computer Communication Review 36.4, pp. 291–302. (Cit. on p. 213).
Ramsdell, B. and S. Turner (Jan. 2010). Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification. RFC 5751. http://www.rfc-editor.org/rfc/rfc5751.txt (cit. on p. 104).
Rawnsley, Adam (July 1, 2013). “Espionage? Moi?” In: Foreign Policy. http://www.foreignpolicy.com/articles/2013/07/01/espionage_moi_france (cit. on p. 39).
Raymond, Eric Steven (2000). The Cathedral and the Bazaar. Version 3.0. http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/index.html (cit. on p. 235).
[Redacted] (1996). “Out of Control.” In: Cryptologic Quarterly 15, Special Edition. Originally classified SECRET. There is another, and differently redacted, version at http://www.nsa.gov/public_info/_files/cryptologic_quarterly/Out_of_Control.pdf. http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB424/docs/Cyber-009.pdf (cit. on p. 277).
Reed, Thomas (2004). At the Abyss: An Insider’s History of the Cold War. New York: Presidio Press. (Cit. on pp. 17, 18, 311).
Reeder, Robert W., Patrick Gage Kelley, Aleecia M. McDonald, and Lorrie Faith Cranor (2008). “A User Study of the Expandable Grid Applied to P3P Privacy Policy Visualization.” In: WPES ‘08: Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society. Alexandria, VA: ACM, pp. 45–54. ISBN: 978-1-60558-289-4. http://doi.acm.org/10.1145/1456403.1456413 (cit. on p. 197).
Reeder, Robert W., E Kowalczyk, and Adam Shostack (2011). Helping Engineers Design NEAT Security Warnings. Pittsburgh, PA. http://download.microsoft.com/download/2/C/A/2CAB7DDD-94DF-4E7B-A980-973AFA5CB0D0/NEATandSPRUCEatMicrosoft-final.docx (cit. on p. 264).
Reeder, Robert W. and Roy A. Maxion (2005). “User Interface Dependability through Goal-Error Prevention.” In: International Conference on Dependable Systems and Networks, pp. 60–69. (Cit. on pp. 197, 257).
Rekhter, Y., B. Moskowitz, D. Karrenberg, G. J. de Groot, and E. Lear (Feb. 1996). Address Allocation for Private Internets. RFC 1918. http://www.rfc-editor.org/rfc/rfc1918.txt (cit. on pp. 285, 301).
Rescorla, Eric K. (Sept. 23, 2011). “Security Impact of the Rizzo/Duong CBC ‘BEAST’ Attack.” In: Educated Guesswork (blog). http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html (cit. on p. 83).
Rescorla, Eric K. and IAB (June 2005). Writing Protocol Models. RFC 4101. http://www.rfc-editor.org/rfc/rfc4101.txt (cit. on p. 226).
Rescorla, Eric K. and N. Modadugu (Apr. 2006). Datagram Transport Layer Security. RFC 4347. http://www.rfc-editor.org/rfc/rfc4347.txt (cit. on p. 88).
Richmond, Riva (Apr. 2, 2011). “The RSA Hack: How They Did It.” In: The New York Times (Bits blog). http://bits.blogs.nytimes.com/2011/04/02/the-rsa-hack-how-they-did-it/ (cit. on pp. 38, 248).
Rifkin, Glenn (Feb. 8, 2011). “Ken Olsen, Who Built DEC Into a Power, Dies at 84.” In: The New York Times, A24. http://www.nytimes.com/2011/02/08/technology/business-computing/08olsen.html (cit. on p. 8).
Riley, Michael (Dec. 20, 2011). “Stolen Credit Cards Go for $3.50 at Amazon-like Online Bazaar.” In: Businessweek. http://www.businessweek.com/news/2011-12-20/stolen-credit-cards-go-for-3-50-at-amazon-like-online-bazaar.html (cit. on p. 32).
Riley, Michael, Ben Elgin, Dune Lawrence, and Carol Matlack (Mar. 13, 2014). “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It.” In: Businessweek. http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data (cit. on pp. 214, 222).
Ristic, Ivan (Nov. 2010). Internet SSL Survey 2010. http://media.blackhat.com/bh-ad-10/Ristic/BlackHat-AD-2010-Ristic-Qualys-SSL-Survey-HTTP-Rating-Guide-slides.pdf (cit. on p. 262).
Ritchie, Dennis M. and Ken Thompson (July 1974). “The UNIX Time-Sharing System.” In: Commun. ACM 17.7, pp. 365–375. ISSN: 0001-0782. DOI: 10.1145/361011.361061. http://doi.acm.org/10.1145/361011.361061 (cit. on p. 47).
Rivner, Uri (Apr. 1, 2011). “Anatomy of an Attack.” In: Speaking of Security (blog). http://blogs.rsa.com/rivner/anatomy-of-an-attack/ (cit. on pp. 38, 248).
Roberts, Paul (June 5, 2003). “Sobig: Spam, Virus, or Both?” In: Computer World. http://www.computerworld.com/s/article/81825/Sobig_Spam_virus_or_both (cit. on p. 28).
Roesch, Martin (1999). “Snort—Lightweight Intrusion Detection for Networks.” In: LISA ‘99: 13th Systems Administration Conference. http://static.usenix.org/publications/library/proceedings/lisa99/full_papers/roesch/roesch.pdf (cit. on p. 71).
Roizenblatt, Roberto, Paulo Schor, Fabio Dante, Jaime Roizenblatt, and Rubens Belfort Jr. (2004). “Iris Recognition as a Biometric Method After Cataract Surgery.” In: Biomedical Engineering Online 3.2. DOI: http://dx.doi.org/10.1186/1475-925X-3-2. http://www.biomedical-engineering-online.com/content/3/1/2 (cit. on p. 128).
Rosenblatt, Seth (Apr. 28, 2014). “Stop Using Microsoft’s IE Browser Until Bug is Fixed, US and UK warn.” In: CNET. http://www.cnet.com/news/stop-using-ie-until-bug-is-fixed-says-us/ (cit. on p. 244).
Ross, Blake, Collin Jackson, Nick Miyake, Dan Boneh, and John C. Mitchell (2005). “Stronger Password Authentication Using Browser Extensions.” In: Proc. 14th USENIX Security Symposium. https://www.usenix.org/legacy/events/sec05/tech/full_papers/ross/ross_html/ (cit. on p. 119).
Rouf, Ishtiaq, Rob Miller, Hossen Mustafa, Travis Taylor, Sangho Oh, Wenyuan Xu, Marco Gruteser, Wade Trappe, and Ivan Seskar (2010). “Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study.” In: Proceedings of the Usenix Security Conference. http://www.usenix.org/event/sec10/tech/full_papers/Rouf.pdf (cit. on p. 54).
Rubin, Aviel D. (2006). Brave New Ballot. http://www.bravenewballot.org/. New York: Random House. (Cit. on p. 56).
Sagan, Carl (1985). Contact. New York: Simon and Schuster. (Cit. on p. 241).
Saletan, William (July 18, 2011). “Springtime for Twitter: Is the Internet Driving the Revolutions of the Arab Spring?” In: Slate. http://www.slate.com/articles/technology/future_tense/2011/07/springtime_for_twitter.html (cit. on p. 310).
Sanger, David E. (June 1, 2012). “Obama Order Sped Up Wave of Cyberattacks against Iran.” In: The New York Times. http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html (cit. on p. 28).
Sanger, David E., David Barboza, and Nicole Perlroth (Feb. 19, 2013). “Chinese Army Unit Is Seen as Tied to Hacking against U.S.” In: The New York Times. https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=all (cit. on p. 18).
Santesson, S., Russ Housley, S. Bajaj, and L. Rosenthol (May 2011). Internet X.509 Public Key Infrastructure – Certificate Image. RFC 6170. http://www.rfc-editor.org/rfc/rfc6170.txt (cit. on p. 150).
Santesson, S., Russ Housley, and T. Freeman (Feb. 2004). Internet X.509 Public Key Infrastructure: Logotypes in X.509 Certificates. RFC 3709. http://www.rfc-editor.org/rfc/rfc3709.txt (cit. on p. 150).
Scarfone, Karen and Peter Mell (Feb. 2007). Guide to Intrusion Detection and Prevention Systems (IDPS). Tech. rep. National Institute of Standards and Technology (NIST). http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf (cit. on p. 72).
Schiffman, Allan M. (July 2, 2007). “Instant Immortality.” In: Marginal Guesswork. http://marginalguesswork.blogspot.com/2004/07/instant-immortality.html (cit. on p. xii).
Schneider, Fred B., ed. (1999). Trust in Cyberspace. National Academy Press. http://www.nap.edu/openbook.php?record_id=6161 (cit. on pp. 31, 208).
Schneier, Bruce (July 15, 2000). “Security Risks of Unicode.” In: Crypto-Gram Newsletter. http://www.schneier.com/crypto-gram-0007.html#9 (cit. on p. 9).
Schneier, Bruce (Feb. 16, 2005). “Unicode URL Hack.” In: Schneier on Security (blog). http://www.schneier.com/blog/archives/2005/02/unicode_url_hac_1.html (cit. on p. 9).
Schneier, Bruce (Mar. 20, 2008). “Inside the Twisted Mind of the Security Professional.” In: Wired. http://www.wired.com/politics/security/commentary/securitymatters/2008/03/securitymatters_0320 (cit. on p. 15).
Schneier, Bruce (Sept. 13, 2013). “New NSA Leak Shows MITM Attacks against Major Internet Services.” In: Schneier on Security (blog). https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html (cit. on p. 153).
Schneier, Bruce (Apr. 9, 2014). “Heartbleed.” In: Schneier on Security (blog). https://www.schneier.com/blog/archives/2014/04/heartbleed.html (cit. on pp. 182, 298).
Schneier, Bruce and Mudge (1999). “Cryptanalysis of Microsoft’s PPTP Authentication Extensions (MS-CHAPv2).” In: CQRE ‘99. Springer-Verlag, pp. 192–203. http://www.schneier.com/paper-pptpv2.html (cit. on p. 95).
Scholl, Matthew, Kevin Stine, Joan Hash, Pauline Bowen, Arnold Johnson, Carla Dancy Smith, and Daniel I. Steinberg (Oct. 2008). An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. NIST Special Publication 800-66 Revision 1. National Institute of Standards and Technology. http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf (cit. on p. 295).
Schreier, Jason (Apr. 25, 2011). “Sony Scrambles After ‘External Intrusion’ Takes Down PlayStation Network.” In: Wired: Game Life. http://www.wired.com/gamelife/2011/04/psn-down/ (cit. on p. 121).
Schwartz, Matthew J. (July 13, 2011). “Zeus Banking Trojan Hits Android Phones.” In: Information Week. http://www.informationweek.com/news/security/mobile/231001685 (cit. on p. 136).
Schwartz, Matthew J. (July 16, 2012). “One Secret That Stops Hackers: Girlfriends.” In: Information Week. http://www.informationweek.com/news/security/management/240003767 (cit. on p. 34).
Schwartz, Nelson D. (June 26, 2012). “F.B.I. Says 24 Are Arrested in Credit Card Theft Plan.” In: The New York Times. http://www.nytimes.com/2012/06/27/business/fbi-says-24-people-are-arrested-in-credit-card-theft.html (cit. on p. 34).
Seltzer, Larry (June 12, 2015). “Even with a VPN, Open Wi-Fi Exposes Users.” In: Ars Technica. http://arstechnica.com/security/2015/06/even-with-a-vpn-open-wi-fi-exposes-users/ (cit. on p. 173).
Shacham, Hovav (2007). “The Geometry of Innocent Flesh on the Bone: Return-Into-libc without Function Calls (on the x86).” In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS). (Cit. on p. 206).
Shacham, Hovav, Matthew Page, Ben Pfaff, Eu-Jin Goh, N. Modadugu, and Dan Boneh (2004). “On the Effectiveness of Address-space Randomization.” In: Proceedings of the 11th ACM Conference on Computer and Communications Security. CCS ‘04. Washington DC: ACM, pp. 298–307. ISBN: 1-58113-961-6. DOI: 10.1145/1030083.1030124. http://doi.acm.org/10.1145/1030083.1030124 (cit. on p. 313).
Shakespeare, William (1596). The Merchant of Venice. http://www.gutenberg.org/ebooks/1515 (cit. on p. 288).
Shakespeare, William (1603). Hamlet. http://www.gutenberg.org/ebooks/1524 (cit. on p. 242).
Shannon, Claude E. (July 1948). “A Mathematical Theory of Communication.” In: Bell System Technical Journal 27.3,4, pp. 379–423, 623–656. (Cit. on p. 145).
Shannon, Claude E. (1951). “Prediction and Entropy in Printed English.” In: Bell System Technical Journal 30.1, pp. 50–64. (Cit. on p. 145).
Shannon, Colleen and David Moore (July 2004). “The Spread of the Witty Worm.” In: IEEE Security & Privacy 2.4, pp. 46–50. ISSN: 1540-7993. DOI: 10.1109/MSP.2004.59. (Cit. on p. 70).
Sheffer, Y., R. Holz, and P. Saint-Andre (Feb. 2015). Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). RFC 7457. http://www.rfc-editor.org/rfc/rfc7457.txt (cit. on p. 83).
Shirey, R. (Aug. 2007). Internet Security Glossary, Version 2. RFC 4949. http://www.rfc-editor.org/rfc/rfc4949.txt (cit. on p. 150).
Shor, Peter W. (1994). “Algorithms for Quantum Computation: Discrete Logarithms and Factoring.” In: Proc. 35th Annual Symposium on Foundations of Computer Science. IEEE Computer Society, pp. 124–134. http://www.csee.wvu.edu/~xinl/library/papers/comp/shor_focs1994.pdf (cit. on p. 105).
Shostack, Adam (2014). Threat Modeling: Designing for Security. Indianapolis: Wiley. http://threatmodelingbook.com/ (cit. on pp. 226, 228).
Simske, Steven J., Jason S. Aronoff, Margaret M. Sturgill, and Galia Golodetz (Sept. 2008). “Security Printing Deterrents: A Comparison of Thermal Ink Jet, Dry Electrophotographic, and Liquid Electrophotographic Printing.” In: Journal of Imaging Science and Technology 52.5. http://jist.imaging.org/resource/1/jimte6/v52/i5/p050201_s1?bypassSSO=1 (cit. on p. 16).
Singel, Ryan (June 20, 2011). “Dropbox Left User Accounts Unlocked for 4 Hours Sunday.” In: Wired: Threat Level. http://www.wired.com/threatlevel/2011/06/dropbox/ (cit. on p. 196).
Singer, Abe, Warren Anderson, and Rik Farrow (Aug. 2013). “Rethinking Password Policies.” In: ;login: 38.4. https://www.usenix.org/sites/default/files/rethinking_password_policies_unabridged.pdf (cit. on p. 108).
Skype (July 23, 2012). Survey Finds Nearly Half of Consumers Fail to Upgrade Software Regularly and One Quarter of Consumers Don’t Know Why to Update Software. Press release. http://about.skype.com/press/2012/07/survey_finds_nearly_half_fail_to_upgrade.html (cit. on p. 271).
Smedinghoff, Thomas J. and Ruth Hill Bro (Spring 1999). “Moving with Change: Electronic Signature Legislation as a Vehicle for Advancing E-Commerce.” In: The John Marshall Journal of Computer & Information Law 17.3. A version of this article may be found at http://library.findlaw.com/1999/Jan/1/241481.html, pp. 723–768. (Cit. on p. 165).
Smetters, D. K. and Nathan Good (2009). “How Users Use Access Control.” In: Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS ‘09), 15:1–15:12. http://dl.acm.org/citation.cfm?id=1572552 (cit. on p. 197).
Smith, E. E. “Doc” (1950a). First Lensman. Reading, PA: Fantasy Press. (Cit. on p. 124).
Smith, E. E. “Doc” (1950b). Galactic Patrol. Reading, PA: Fantasy Press. (Cit. on p. 31).
Smith, E. E. “Doc” (1953). Second Stage Lensman. Reading, PA: Fantasy Press. (Cit. on pp. 15, 70).
Smith, E. E. “Doc” (1954). Children of the Lens. Reading, PA: Fantasy Press. (Cit. on p. 309).
Smith, George (Mar. 10, 2003). “Iraqi Cyberwar: An Ageless Joke.” In: SecurityFocus. http://www.securityfocus.com/columnists/147 (cit. on p. 311).
Snider, L. Britt and Daniel S. Seikaly (Feb. 2000). CIA Inspector General Report of Investigation: Improper Handling of Classified Information by John M. Deutch. 1998-0028-IG. Central Intelligence Agency Inspector General. https://www.cia.gov/library/reports/general-reports-1/deutch.pdf (cit. on pp. 248, 250).
Soghoian, Christopher (Oct. 2007). “Insecure Flight: Broken Boarding Passes and Ineffective Terrorist Watch Lists.” In: First IFIP WG 11.6 Working Conference on Policies & Research in Identity Management (IDMAN 07). http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1001675 (cit. on p. 16).
Song, Yingbo, Michael Locasto, Angelos Stavrou, Angelos D. Keromytis, and Salvatore J. Stolfo (2010). “On the Infeasibility of Modeling Polymorphic Shellcode.” In: Machine Learning 81 (2). 10.1007/s10994-009-5143-5, pp. 179–205. ISSN: 0885-6125. http://ids.cs.columbia.edu/sites/default/files/polymorph-mlj.pdf (cit. on p. 49).
Sontag, Sherry and Christopher Drew (1998). Blind Man’s Bluff: The Untold Story of American Submarine Espionage. New York: Public Affairs. (Cit. on p. 300).
Spafford, Eugene H. (Jan. 1989). “The Internet Worm Program: An Analysis.” In: Computer Communication Review 19.1, pp. 17–57. http://dl.acm.org/authorize.cfm?key=729660 (cit. on p. 46).
Spafford, Eugene H. (Apr. 19, 2006). “Security Myths and Passwords.” In: CERIAS Blog. http://www.cerias.purdue.edu/site/blog/post/password-change-myths/ (cit. on p. 114).
Springer, John (Dec. 28, 2010). “Is Snooping in your Spouse’s E-mail a Crime?” In: MSNBC. http://today.msnbc.msn.com/id/40820892/ns/today-today_tech/t/snooping-your-spouses-e-mail-crime/ (cit. on p. 123).
Srisuresh, P. and K. Egevang (Jan. 2001). Traditional IP Network Address Translator (Traditional NAT). RFC 3022. http://www.rfc-editor.org/rfc/rfc3022.txt (cit. on pp. 67, 95).
Srivatsan, Shreyas, Maritza Johnson, and Steven M. Bellovin (July 2010). Simple-VPN: Simple IPsec Configuration. Tech. rep. CUCS-020-10. Department of Computer Science, Columbia University. https://mice.cs.columbia.edu/getTechreport.php?techreportID=1433 (cit. on pp. 95, 156).
Staniford, Stuart, Vern Paxson, and Nicholas Weaver (Aug. 2002). “How to Own the Internet in Your Spare Time.” In: Proceedings of the 11th Usenix Security Symposium. http://www.icir.org/vern/papers/cdc-usenix-sec02/ (cit. on p. 48).
Steiner, Jennifer, B. Clifford Neuman, and Jeffrey I. Schiller (1988). “Kerberos: An Authentication Service for Open Network Systems.” In: Proc. Winter USENIX Conference. Dallas, TX, pp. 191–202. http://www.cse.nd.edu/~dthain/courses/cse598z/fall2004/papers/kerberos.pdf (cit. on pp. 81, 84).
Stevens, Gina (Apr. 12, 2012). Data Security Breach Notification Laws. CRS Report for Congress R42475. Congressional Research Service. http://fas.org/sgp/crs/misc/R42475.pdf (cit. on p. 287).
Stoll, Cliff (May 1988). “Stalking the Wily Hacker.” In: Communications of the ACM 31.5, pp. 484–497. DOI: 10.1145/42411.42412. http://doi.acm.org/10.1145/42411.42412 (cit. on pp. 28, 32, 66, 74, 288, 311).
Stoll, Cliff (1989). The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. New York: Doubleday. (Cit. on pp. 28, 32, 66, 74, 311).
Strobel, Daehyun (July 13, 2007). IMSI Catcher. Unpublished seminar paper. http://www.emsec.rub.de/media/crypto/attachments/files/2011/04/imsi_catcher.pdf (cit. on p. 180).
Stross, Charles (2004). The Atrocity Archives. Urbana, IL: Golden Gryphon Press. (Cit. on pp. 181, 267, 279, 379, 380).
Stross, Charles (2006). The Jennifer Morgue. Urbana, IL: Golden Gryphon Press. (Cit. on pp. 92, 229, 379, 380).
Stross, Charles (2012). The Apocalypse Codex. New York: Ace Books. (Cit. on pp. 61, 178, 379).
Stross, Charles (2015). The Annihilation Score. New York: Ace Books. (Cit. on pp. 71, 379).
Stross, Randall (Dec. 8, 2012). “Billion-Dollar Flop: Air Force Stumbles on Software Plan.” In: The New York Times. https://www.nytimes.com/2012/12/09/technology/air-force-stumbles-over-software-modernization-project.html (cit. on p. 315).
Stubblefield, Adam, John Ioannidis, and Aviel D. Rubin (Feb. 2002). “Using the Fluhrer, Mantin, and Shamir Attack to Break WEP.” In: Proceedings of the 2002 Network and Distributed Systems Security Symposium. San Diego, CA, pp. 17–22. http://www.isoc.org/isoc/conferences/ndss/02/papers/stubbl.pdf (cit. on pp. 175, 177).
Stubblefield, Adam, John Ioannidis, and Aviel D. Rubin (May 2004). “A Key Recovery Attack on the 802.11b Wired Equivalent Privacy Protocol (WEP).” In: ACM Transactions on Information and System Security. http://avirubin.com/wep.pdf (cit. on p. 175).
Sullivan, Bob (June 9, 2005). “Israel Espionage Case Points to New Net Threat.” In: MSNBC. http://www.msnbc.msn.com/id/8145520/ns/technology_and_science-security/t/israel-espionage-case-points-new-net-threat/ (cit. on pp. 18, 41).
Tao, Ping, Algis Rudys, Andrew Ladd, and Dan S. Wallach (Sept. 2003). “Wireless LAN Location Sensing for Security Applications.” In: ACM Workshop on Wireless Security (WiSe 2003). San Diego, CA. http://www.cs.rice.edu/~dwallach/pub/wise2003.html (cit. on p. 175).
Tatlow, Didi Kirsten (June 26, 2013). “U.S. Is a ‘Hacker Empire,’ Says Chinese Military Analyst.” In: I.H.T Rendezvous (blog). http://rendezvous.blogs.nytimes.com/2013/06/26/u-s-is-a-hacker-empire-says-chinese-military-analyst/ (cit. on p. 18).
Taylor, T., D. Paterson, J. Glanfield, C. Gates, S. Brooks, and J. McHugh (Mar. 2009). “FloVis: Flow Visualization System.” In: Cybersecurity Applications and Technology Conference for Homeland Security (CATCH), pp. 186–198. DOI: 10.1109/CATCH.2009.18. (Cit. on p. 52).
Thornburgh, Nathan (Aug. 25, 2005). “Inside the Chinese Hack Attack.” In: Time. http://www.time.com/time/nation/article/0,8599,1098371,00.html (cit. on p. 28).
Timberg, Craig (Sept. 6, 2013). “Google Encrypts Data Amid Backlash against NSA Spying.” In: The Washington Post. http://www.washingtonpost.com/business/technology/google-encrypts-data-amid-backlash-against-nsa-spying/2013/09/06/9acc3c20-1722-11e3-a2ec-b47e45e6f8ef_story.html (cit. on p. 220).
Tolkien, J. R. R. (1954). The Lord of the Rings. London: Allen & Unwin. (Cit. on p. 261).
Townsley, W., A. Valencia, A. Rubens, G. Pall, G. Zorn, and B. Palter (Aug. 1999). Layer Two Tunneling Protocol “L2TP”. RFC 2661. http://www.rfc-editor.org/rfc/rfc2661.txt (cit. on p. 95).
Toxen, Bob (May 2014). “The NSA and Snowden: Securing the All-seeing Eye.” In: Commun. ACM 57.5, pp. 44–51. ISSN: 0001-0782. DOI: 10.1145/2594502. http://doi.acm.org/10.1145/2594502 (cit. on p. 286).
Trimmer, John D. (Oct. 10, 1980). “The Present Situation in Quantum Mechanics: A Translation of Schrödinger’s ‘Cat Paradox’ Paper.” In: Proceedings of the American Philosophical Society 124.5, pp. 323–338. http://www.jstor.org/stable/pdfplus/986572.pdf (cit. on pp. 189, 241).
UPI (June 4, 2012). “Unit 8200 and Israel’s High-Tech Whiz Kids.” In: UPI.com. http://www.upi.com/Business_News/Security-Industry/2012/06/04/Unit-8200-and-Israels-high-tech-whiz-kids/UPI-43661338833765/ (cit. on p. 18).
Valdes, Alfonso and Keith Skinner (2001). “Probabilistic Alert Correlation.” In: Proceedings of the 4th International Conference on Recent Advances in Intrusion Detection. Berlin, Heidelberg: Springer. http://www.cc.gatech.edu/~wenke/ids-readings/Valdes_Alert_Correlation.pdf (cit. on p. 50).
Valentino-DeVries, Jennifer (Sept. 21, 2011). “‘Stingray’ Phone Tracker Fuels Constitutional Clash.” In: The Wall Street Journal. http://online.wsj.com/article/SB10001424053111904194604576583112723197574.html. (Cit. on p. 180).
Valentino-DeVries, Jennifer and Jeremy Singer-Vine (Dec. 7, 2012). “They Know What You’re Shopping For.” In: The Wall Street Journal. http://www.wsj.com/articles/SB10001424127887324784404578143144132736214 (cit. on p. 314).
Vanhoef, Mathy and Frank Piessens (Aug. 2015). “All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS.” In: 24th USENIX Security Symposium (USENIX Security 15). Washington, DC: USENIX Association. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/vanhoef (cit. on pp. 100, 176, 299, 300).
Verini, James (Nov. 10, 2010). “The Great Cyberheist.” In: The New York Times Magazine. http://www.nytimes.com/2010/11/14/magazine/14Hacker-t.html (cit. on p. 33).
Vervier, Pierre-Antoine, Olivier Thonnard, and Marc Dacier (Feb. 2015). “Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks.” In: Proceedings of NDSS ‘15. http://www.internetsociety.org/doc/mind-your-blocks-stealthiness-malicious-bgp-hijacks (cit. on p. 215).
Visa (2008). Card Acceptance and Chargeback Management Guidelines for Visa Merchants. http://www.uaf.edu/business/forms/cardacceptanceguide.pdf (cit. on p. 252).
Vixie, P. (Aug. 1999). Extension Mechanisms for DNS (EDNS0). RFC 2671. http://www.rfc-editor.org/rfc/rfc2671.txt (cit. on p. 91).
Volz, Dustin (July 14, 2015). “How Much Damage Can Hackers Do with a Million Fingerprints from the OPM Data Breach?” In: Government Executive. http://www.govexec.com/pay-benefits/2015/07/how-much-damage-can-hackers-do-million-fingerprints-opm-data-breach/117760/ (cit. on p. 127).
Wagner, David and Bruce Schneier (Nov. 1996). “Analysis of the SSL 3.0 Protocol.” In: Proceedings of the Second USENIX Workshop on Electronic Commerce, pp. 29–40. http://www.cs.berkeley.edu/~daw/papers/ssl3.0.ps (cit. on p. 82).
Wallach, Dan S. (Oct. 2011). Private communication. (Cit. on p. 175).
Wang, Helen J., Chris Grier, Alex Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter (2009). “The Multi-Principal OS Construction of the Gazelle Web Browser.” In: Proc. USENIX Security Symposium. http://static.usenix.org/events/sec09/tech/full_papers/wang.pdf (cit. on p. 201).
Wang, Xiaoyun, Dengguo Feng, Xuejia Lai, and Hongbo Yu (2004). Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, Report 2004/199. http://eprint.iacr.org/2004/199 (cit. on p. 161).
Ward, Mark (Oct. 31, 2005). “Warcraft Game Maker in Spying Row.” In: BBC News. http://news.bbc.co.uk/2/hi/technology/4385050.stm (cit. on p. 283).
Weil, Nancy (Apr. 8, 1999). “Some Aptivas Shipped with CIH Virus.” In: CNN. http://articles.cnn.com/1999-04-08/tech/9904_08_aptivirus.idg_1_aptiva-pcs-cih-ibm-representatives (cit. on p. 53).
Weinrib, A. and J. Postel (Oct. 1996). IRTF Research Group Guidelines and Procedures. RFC 2014. http://www.rfc-editor.org/rfc/rfc2014.txt (cit. on p. 104).
Weir, Matt, Sudhir Aggarwal, Michael Collins, and Henry Stern (2010). “Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords.” In: Proceedings of the 17th ACM Conference on Computer and Communications Security. CCS ‘10. Chicago: ACM, pp. 162–175. ISBN: 978-1-4503-0245-6. http://doi.acm.org/10.1145/1866307.1866327 (cit. on p. 108).
Weiss, Debra Cassens (Oct. 20, 2010). “Chief Justice Roberts Admits He Doesn’t Read the Computer Fine Print.” In: ABA Journal. http://www.abajournal.com/news/article/chief_justice_roberts_admits_he_doesnt_read_the_computer_fine_print/ (cit. on pp. 173, 232).
White House (Apr. 15, 2011). National Strategy for Trusted Identities in Cyberspace. http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf (cit. on p. 139).
Whitney, Lance (Feb. 28, 2013). “China Blames U.S. for Most Cyberattacks against Military Web Sites.” In: CNET News. http://news.cnet.com/8301-1009_3-57571811-83/china-blames-u.s-for-most-cyberattacks-against-military-web-sites/ (cit. on p. 18).
Whittaker, Zack (Aug. 5, 2015). “Hackers Can Remotely Steal Fingerprints from Android Phones.” In: ZDnet. http://www.zdnet.com/article/hackers-can-remotely-steal-fingerprints-from-android-phones/ (cit. on p. 125).
Whitten, Alma and J.D. Tygar (1999). “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0.” In: Proceedings of Usenix Security Symposium. http://db.usenix.org/publications/library/proceedings/sec99/whitten.html (cit. on p. 105).
Williams, Christopher (July 1, 2010). “Two Infosec Blunders that Betrayed the Russian Spy Ring.” In: The Register. http://www.theregister.co.uk/2010/07/01/spy_ring_blunders/ (cit. on pp. 115, 175).
Williams, Christopher (Feb. 16, 2011). “Israeli Security Chief Celebrates Stuxnet Cyber Attack.” In: The Telegraph. http://www.telegraph.co.uk/technology/news/8326274/Israeli-security-chief-celebrates-Stuxnet-cyber-attack.html (cit. on p. 37).
Willis, Connie (1997). To Say Nothing of the Dog. New York: Bantam Books. (Cit. on p. 293).
Wilson, Charles, R. Austin Hicklin, Harold Korves, Bradford Ulery, Melissa Zoepfl, Mike Bone, Patrick Grother, Ross Micheals, Steve Otto, and Craig Watson (June 2004). Fingerprint Vendor Technology Evaluation 2003: Summary of Results and Analysis Report. Tech. rep. 7123. National Institute of Standards and Technology. http://www.nist.gov/itl/iad/ig/fpvte03.cfm (cit. on p. 125).
Wise, David (2002). Spy: The Inside Story of How the FBI’s Robert Hanssen Betrayed America. Random House. (Cit. on p. 35).
Wondracek, Gilbert, Thorsten Holz, Christian Platzer, Engin Kirda, and Christopher Kruegel (2010). “Is the Internet for Porn? An Insight into the Online Adult Industry.” In: Proceedings of the Workshop on the Economics of the Information Society. http://iseclab.org/papers/weis2010.pdf (cit. on pp. 93, 254, 272, 283).
Wood, Paul, ed. (Apr. 2012). Internet Security Threat Report: 2011 Trends. Vol. 17. Mountain View, CA: Symantec. http://www.symantec.com/content/en/us/enterprise/other_resources/bistr_main_report_2011_21239364.en-us.pdf (cit. on p. 272).
Wood, Roy (Oct. 5, 2012). “Self-Driving Cars.” In: Wired: Geek Dad. http://archive.wired.com/geekdad/2012/10/self-driving-cars/ (cit. on p. 312).
Wright, Peter (1987). Spycatcher: The Candid Autobiography of a Senior Intelligence Officer. New York: Viking. (Cit. on p. 82).
Wulf, William A. and Anita K. Jones (2009). “Reflections on Cybersecurity.” In: Science 326.5955, pp. 943–944. DOI: 10.1126/science.1181643. http://www.sciencemag.org/cgi/reprint/326/5955/943.pdf (cit. on pp. 78, 312).
Wuokko, D.R. (Apr. 2, 2003). Worm Virus Infection. Email to Nuclear Regulatory Commission. http://pbadupws.nrc.gov/docs/ML0310/ML031040567.pdf (cit. on p. 54).
Wylie, Philip and Edwin Balmer (1934). After Worlds Collide. New York: Frederick A. Stokes Company. (Cit. on p. 315).
Yadron, Danny (Aug. 5, 2014). “Executives Rethink Merits of Going Public with Data Breaches.” In: The Wall Street Journal. http://online.wsj.com/articles/a-contrarian-view-on-data-breaches-1407194237 (cit. on pp. 166, 287).
Ylönen, Tatu (July 1996). “SSH–Secure Login Connections over the Internet.” In: Proceedings of the Sixth Usenix Unix Security Symposium, pp. 37–42. http://www.usenix.org/publications/library/proceedings/sec96/ylonen.html (cit. on p. 88).
Zetter, Kim (Sept. 18, 2008). “Palin E-Mail Hacker Says It Was Easy.” In: Wired: Threat Level. http://www.wired.com/threatlevel/2008/09/palin-e-mail-ha/ (cit. on p. 123).
Zetter, Kim (Sept. 30, 2009a). “New Malware Re-Writes Online Bank Statements to Cover Fraud.” In: Wired: Threat Level. http://www.wired.com/threatlevel/2009/09/rogue-bank-statements/ (cit. on p. 120).
Zetter, Kim (July 14, 2009b). “Researcher: Middle East Blackberry Update Spies on Users.” In: Wired: Threat Level. http://www.wired.com/threatlevel/2009/07/blackberry-spies/ (cit. on p. 271).
Zetter, Kim (June 18, 2009c). “TJX Hacker Was Awash in Cash; His Penniless Coder Faces Prison.” In: Wired: Threat Level. http://www.wired.com/threatlevel/2009/06/watt (cit. on p. 34).
Zetter, Kim (Nov. 12, 2010). “Sarah Palin E-mail Hacker Sentenced to 1 Year in Custody.” In: Wired: Threat Level. http://www.wired.com/threatlevel/2010/11/palin-hacker-sentenced/ (cit. on p. xiii).
Zetter, Kim (Dec. 18, 2011). “Forensic Expert: Manning’s Computer Had 10K Cables, Downloading Scripts.” In: Wired: Threat Level. http://www.wired.com/threatlevel/2011/12/cables-scripts-manning/ (cit. on p. 73).
Zetter, Kim (May 28, 2012). “Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers.” In: Wired: Threat Level. http://www.wired.com/threatlevel/2012/05/flame/ (cit. on pp. 50, 83).
Zetter, Kim (2014). Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. New York: Crown Publishers. (Cit. on pp. 18, 20, 28, 37, 38, 50, 83, 84, 164, 194).
Zetter, Kim (July 9, 2015). “The Massive OPM Hack Actually Hit 21 Million People.” In: Wired. http://www.wired.com/2015/07/massive-opm-hack-actually-affected-25-million/ (cit. on p. 254).
Zhang, Yinqian, Fabian Monrose, and Michael K. Reiter (2010). “The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis.” In: Proceedings of the 17th ACM Conference on Computer and Communications Security. CCS ‘10. Chicago: ACM, pp. 176–186. ISBN: 978-1-4503-0245-6. DOI: http://doi.acm.org/10.1145/1866307.1866328. http://www.cs.unc.edu/~reiter/papers/2010/CCS.pdf (cit. on p. 114).
Zhao, Hang and Steven M. Bellovin (July 2009). Source Prefix Filtering in ROFL. Tech. rep. CUCS-033-09. Department of Computer Science, Columbia University. https://mice.cs.columbia.edu/getTechreport.php?techreportID=613 (cit. on p. 94).
Zhao, Hang, Chi-Kin Chau, and Steven M. Bellovin (Sept. 2008). “ROFL: Routing as the Firewall Layer.” In: New Security Paradigms Workshop. A version is available as Technical Report CUCS-026-08. https://mice.cs.columbia.edu/getTechreport.php?techreportID=541 (cit. on p. 94).
Zimmermann, Philip (1995). The Official PGP User’s Guide. Cambridge, MA: MIT Press. (Cit. on p. 167).
Ziobro, Paul and Joann S. Lublin (May 28, 2014). “ISS’s View on Target Directors Is a Signal on Cybersecurity.” In: The Wall Street Journal. http://online.wsj.com/articles/iss-calls-for-an-overhaul-of-target-board-after-data-breach-1401285278 (cit. on p. 287).
Ziobro, Paul and Danny Yadron (Jan. 2014). “Target Now Says 70 Million People Hit in Data Breach.” In: The Wall Street Journal. http://online.wsj.com/news/articles/SB10001424052702303754404579312232546392464 (cit. on p. 287).
Zittrain, Jonathan, Kendra Albert, and Lawrence Lessig (June 12, 2014). “Perma: Scoping and addressing the problem of link and reference rot in legal citations.” In: Legal Information Management 14.02, pp. 88–99. http://journals.cambridge.org/action/displayAbstract?fromPage=online&aid=9282809&fileId=S1472669614000255 (cit. on p. xv).
Zwienenberg, Righard (June 22, 2012). “ACAD/Medre.A—10000’s of AutoCAD Files Leaked in Suspected Industrial Espionage.” In: ESET Threat Blog. http://blog.eset.com/2012/06/21/acadmedre-10000s-of-autocad-files-leaked-in-suspected-industrial-espionage (cit. on p. 48).