| |
| |
Preface | |
| |
| |
| |
Psychological Security Traps | |
| |
| |
| |
Learned Helplessness and Na�vet� | |
| |
| |
Confirmation Traps | |
| |
| |
Functional Fixation | |
| |
| |
Summary | |
| |
| |
| |
Wireless Networking: Fertile Ground for Social Engineering | |
| |
| |
| |
Easy Money | |
| |
| |
Wireless Gone Wild | |
| |
| |
Still, Wireless is the Future | |
| |
| |
| |
Beautiful Security Metrics | |
| |
| |
| |
Security Metrics by Analogy: Health | |
| |
| |
Security Metrics by Example | |
| |
| |
Summary | |
| |
| |
| |
The Underground Economy of Security Breaches | |
| |
| |
| |
The Makeup and Infrastructure of the Cyber Underground | |
| |
| |
The Payoff | |
| |
| |
How Can We Combat This Growing Underground Economy? | |
| |
| |
Summary | |
| |
| |
| |
Beautiful Trade: Rethinking E-Commerce Security | |
| |
| |
| |
Deconstructing Commerce | |
| |
| |
Weak Amelioration Attempts | |
| |
| |
E-Commerce Redone: A New Security Model | |
| |
| |
The New Model | |
| |
| |
| |
Securing Online Advertising: Rustlers and sheriffs in The New Wild West | |
| |
| |
| |
Attacks on Users | |
| |
| |
Advertisers As Victims | |
| |
| |
Creating Accountability in Online Advertising | |
| |
| |
| |
The Evolution of PGP's Web of Trust | |
| |
| |
| |
PGP and OpenPGP | |
| |
| |
Trust, Validity, and Authority | |
| |
| |
PGP and Crypto History | |
| |
| |
Enhancements to the Original Web of Trust Model | |
| |
| |
Interesting Areas for Further Research | |
| |
| |
References | |
| |
| |
| |
Open Source Honeyclient: Proactive Detection of Client-Side Exploits | |
| |
| |
| |
Enter Honeyclients | |
| |
| |
Introducing the World's First Open Source Honeyclient | |
| |
| |
Second-Generation Honeyclients | |
| |
| |
Honeyclient Operational Results | |
| |
| |
Analysis of Exploits | |
| |
| |
Limitations of the Current Honeyclient Implementation | |
| |
| |
Related Work | |
| |
| |
The Future of Honeyclients | |
| |
| |
| |
Tomorrow's Security Cogs and Levers | |
| |
| |
| |
Cloud Computing and Web Services: The Single Machine Is Here | |
| |
| |
Connecting People, Process, and Technology: The Potential for Business Process Management | |
| |
| |
Social Networking: When People Start Communicating, Big Things Change | |
| |
| |
Information Security Economics: Supercrunching and the New Rules of the Grid | |
| |
| |
Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All | |
| |
| |
Conclusion | |
| |
| |
Acknowledgments | |
| |
| |
| |
Security By Design | |
| |
| |
| |
Metrics with No Meaning | |
| |
| |
Time to Market or Time to Quality? | |
| |
| |
How a Disciplined System Development Lifecycle Can Help | |
| |
| |
Conclusion: Beautiful Security Is an Attribute of Beautiful Systems | |
| |
| |
| |
Forcing Firms to Focus: Is Secure Software in Your Future? | |
| |
| |
| |
Implicit Requirements Can Still Be Powerful | |
| |
| |
How One Firm Came to Demand Secure Software | |
| |
| |
Enforcing Security in Off-the-Shelf Software | |
| |
| |
Analysis: How to Make the World's Software More Secure | |
| |
| |
| |
Oh No, Here Come The Infosecurity Lawyers! | |
| |
| |
| |
Culture | |
| |
| |
Balance | |
| |
| |
Communication | |
| |
| |
Doing the Right Thing | |
| |
| |
| |
Beautiful Log Handling | |
| |
| |
| |
Logs in Security Laws and Standards | |
| |
| |
Focus on Logs | |
| |
| |
When Logs Are Invaluable | |
| |
| |
Challenges with Logs | |
| |
| |
Case Study: Behind a Trashed Server | |
| |
| |
Future Logging | |
| |
| |
Conclusions | |
| |
| |
| |
Incident Detection: Finding The Other 68% | |
| |
| |
| |
A Common Starting Point | |
| |
| |
Improving Detection with Context | |
| |
| |
Improving Perspective with Host Logging | |
| |
| |
Summary | |
| |
| |
| |
Doing Real Work Without Real Data | |
| |
| |
| |
How Data Translucency Works | |
| |
| |
A Real-Life Example | |
| |
| |
Personal Data Stored As a Convenience | |
| |
| |
Trade-offs | |
| |
| |
Going Deeper | |
| |
| |
References | |
| |
| |
| |
Casting Spells: PC Security Theater | |
| |
| |
| |
Growing Attacks, Defenses in Retreat | |
| |
| |
The Illusion Revealed | |
| |
| |
Better Practices for Desktop Security | |
| |
| |
Conclusion | |
| |
| |
Contributors | |
| |
| |
Index | |