| |
| |
| Preface | |
| |
| |
| |
| Psychological Security Traps | |
| |
| |
| |
| Learned Helplessness and Na�vet� | |
| |
| |
| Confirmation Traps | |
| |
| |
| Functional Fixation | |
| |
| |
| Summary | |
| |
| |
| |
| Wireless Networking: Fertile Ground for Social Engineering | |
| |
| |
| |
| Easy Money | |
| |
| |
| Wireless Gone Wild | |
| |
| |
| Still, Wireless is the Future | |
| |
| |
| |
| Beautiful Security Metrics | |
| |
| |
| |
| Security Metrics by Analogy: Health | |
| |
| |
| Security Metrics by Example | |
| |
| |
| Summary | |
| |
| |
| |
| The Underground Economy of Security Breaches | |
| |
| |
| |
| The Makeup and Infrastructure of the Cyber Underground | |
| |
| |
| The Payoff | |
| |
| |
| How Can We Combat This Growing Underground Economy? | |
| |
| |
| Summary | |
| |
| |
| |
| Beautiful Trade: Rethinking E-Commerce Security | |
| |
| |
| |
| Deconstructing Commerce | |
| |
| |
| Weak Amelioration Attempts | |
| |
| |
| E-Commerce Redone: A New Security Model | |
| |
| |
| The New Model | |
| |
| |
| |
| Securing Online Advertising: Rustlers and sheriffs in The New Wild West | |
| |
| |
| |
| Attacks on Users | |
| |
| |
| Advertisers As Victims | |
| |
| |
| Creating Accountability in Online Advertising | |
| |
| |
| |
| The Evolution of PGP's Web of Trust | |
| |
| |
| |
| PGP and OpenPGP | |
| |
| |
| Trust, Validity, and Authority | |
| |
| |
| PGP and Crypto History | |
| |
| |
| Enhancements to the Original Web of Trust Model | |
| |
| |
| Interesting Areas for Further Research | |
| |
| |
| References | |
| |
| |
| |
| Open Source Honeyclient: Proactive Detection of Client-Side Exploits | |
| |
| |
| |
| Enter Honeyclients | |
| |
| |
| Introducing the World's First Open Source Honeyclient | |
| |
| |
| Second-Generation Honeyclients | |
| |
| |
| Honeyclient Operational Results | |
| |
| |
| Analysis of Exploits | |
| |
| |
| Limitations of the Current Honeyclient Implementation | |
| |
| |
| Related Work | |
| |
| |
| The Future of Honeyclients | |
| |
| |
| |
| Tomorrow's Security Cogs and Levers | |
| |
| |
| |
| Cloud Computing and Web Services: The Single Machine Is Here | |
| |
| |
| Connecting People, Process, and Technology: The Potential for Business Process Management | |
| |
| |
| Social Networking: When People Start Communicating, Big Things Change | |
| |
| |
| Information Security Economics: Supercrunching and the New Rules of the Grid | |
| |
| |
| Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All | |
| |
| |
| Conclusion | |
| |
| |
| Acknowledgments | |
| |
| |
| |
| Security By Design | |
| |
| |
| |
| Metrics with No Meaning | |
| |
| |
| Time to Market or Time to Quality? | |
| |
| |
| How a Disciplined System Development Lifecycle Can Help | |
| |
| |
| Conclusion: Beautiful Security Is an Attribute of Beautiful Systems | |
| |
| |
| |
| Forcing Firms to Focus: Is Secure Software in Your Future? | |
| |
| |
| |
| Implicit Requirements Can Still Be Powerful | |
| |
| |
| How One Firm Came to Demand Secure Software | |
| |
| |
| Enforcing Security in Off-the-Shelf Software | |
| |
| |
| Analysis: How to Make the World's Software More Secure | |
| |
| |
| |
| Oh No, Here Come The Infosecurity Lawyers! | |
| |
| |
| |
| Culture | |
| |
| |
| Balance | |
| |
| |
| Communication | |
| |
| |
| Doing the Right Thing | |
| |
| |
| |
| Beautiful Log Handling | |
| |
| |
| |
| Logs in Security Laws and Standards | |
| |
| |
| Focus on Logs | |
| |
| |
| When Logs Are Invaluable | |
| |
| |
| Challenges with Logs | |
| |
| |
| Case Study: Behind a Trashed Server | |
| |
| |
| Future Logging | |
| |
| |
| Conclusions | |
| |
| |
| |
| Incident Detection: Finding The Other 68% | |
| |
| |
| |
| A Common Starting Point | |
| |
| |
| Improving Detection with Context | |
| |
| |
| Improving Perspective with Host Logging | |
| |
| |
| Summary | |
| |
| |
| |
| Doing Real Work Without Real Data | |
| |
| |
| |
| How Data Translucency Works | |
| |
| |
| A Real-Life Example | |
| |
| |
| Personal Data Stored As a Convenience | |
| |
| |
| Trade-offs | |
| |
| |
| Going Deeper | |
| |
| |
| References | |
| |
| |
| |
| Casting Spells: PC Security Theater | |
| |
| |
| |
| Growing Attacks, Defenses in Retreat | |
| |
| |
| The Illusion Revealed | |
| |
| |
| Better Practices for Desktop Security | |
| |
| |
| Conclusion | |
| |
| |
| Contributors | |
| |
| |
| Index | |