Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
Purchase Benefits
What is included with this book?
Foreword | p. xv |
Preface | p. xvii |
Is the Title of this Book a Joke? | p. xix |
Acknowledgments | p. xxi |
Contributors | p. xxiii |
The Problem | |
What Could Kill the Internet? And so What? | p. 3 |
It is About People | p. 7 |
Human and Social Issues | p. 7 |
Nigerian Scams | p. 8 |
Password Reuse | p. 9 |
Phishing | p. 11 |
Who are the Criminals? | p. 13 |
Who are they? | p. 13 |
Where are they? | p. 14 |
Deep-Dive: Taking a Look at Ex-Soviet Hackers | p. 14 |
Let's try to Find Parallels in the World we Live in | p. 16 |
Crime and Punishment? | p. 16 |
How Criminals Profit | p. 19 |
Online Advertising Fraud | p. 20 |
Advertising on the Internet | p. 20 |
Exploits of Online Advertising Systems | p. 23 |
Click Fraud | p. 25 |
Malvertising: Spreading Malware via Ads | p. 31 |
Inflight Modification of Ad Traffic | p. 32 |
Adware: Unsolicited Software Ads | p. 34 |
Conclusion | p. 35 |
Toeing the Line: Legal but Deceptive Service Offers | p. 35 |
How Does it Work? | p. 36 |
What do they Earn? | p. 36 |
Phishing and Some Related Attacks | p. 38 |
The Problem is the User | p. 38 |
Phishing | p. 38 |
Man-in-the-Middle | p. 39 |
Man-in-the-Browser | p. 40 |
New Attack: Man-in-the-Screen | p. 41 |
Malware: Current Outlook Members of the BITS Security Working Group and staff leads Greg Rattray and Andrew Kennedy | p. 42 |
Malware Evolution | p. 42 |
Malware Supply and Demand | p. 48 |
Monetization | p. 53 |
There is Money Every where | p. 53 |
How Things Work and Fail | p. 57 |
Online Advertising: With Secret Security | p. 58 |
What is a Click? | p. 58 |
How Secret Filters are Evaluated | p. 60 |
What do Fraudsters Know? | p. 62 |
Web Security Remediation Efforts | p. 63 |
Introduction | p. 63 |
The Multitude of Web Browser Security Mechanisms | p. 64 |
Where do we go from Here? | p. 75 |
Content-Sniffing XSS Attacks: XSS with Non-HTML Content | p. 75 |
Introduction | p. 75 |
Content-Sniffing XSS Attacks | p. 77 |
Defenses | p. 84 |
Conclusion | p. 89 |
Our Internet Infrastructure at Risk | p. 89 |
Introduction | p. 89 |
The Political Structure | p. 90 |
The Domain | p. 92 |
WHOIS: Ownership and Technical Records | p. 94 |
Registrars: Sponsors of Domain Names | p. 96 |
Registries: Sponsors of Domain Extensions | p. 97 |
CCTLDs: The Sovereign Domain Extensions | p. 99 |
ICANN: The Main Internet Policy Body | p. 100 |
Conclusion | p. 102 |
Social Spam | p. 103 |
Introduction | p. 103 |
Motivations for Spammers | p. 105 |
Case Study: Spam in the GiveALink Bookmarking System | p. 108 |
Web Pollution | p. 114 |
The Changing Nature of Social Spam: Content Farms | p. 116 |
Conclusion | p. 117 |
Understanding CAPTCHAs and Their Weaknesses | p. 117 |
What is a Captcha? | p. 117 |
Types of Captchas | p. 188 |
Evaluating Captcha Attack Effectiveness | p. 118 |
Design of Captchas | p. 119 |
Automated Attacks | p. 124 |
Crowd-Sourcing: Using Humans to Break Captchas | p. 127 |
Security Questions | p. 131 |
Overview | p. 131 |
Vulnerabilities | p. 134 |
Variants and Possible Defenses | p. 138 |
Conclusion | p. 139 |
Folk Models of Home Computer Security | p. 140 |
The Relationship Between Folk Models and Security | p. 140 |
Folk Models of Viruses and Other Malware | p. 142 |
Folk Models of Hackers and Break-Ins | p. 146 |
Following Security Advice | p. 149 |
Lessons Learned | p. 153 |
Detecting and Defeating Interception Attacks Against SSL | p. 154 |
Introduction | p. 154 |
Certificate Authorities and the Browser Vendors | p. 155 |
Big Brother in the Browser | p. 157 |
Compelled Assistance | p. 158 |
Surveillance Appliances | p. 159 |
Protecting Users | p. 160 |
Threat Model Analysis | p. 163 |
Related Work | p. 166 |
Conclusion | p. 168 |
The Mobile Problem | p. 169 |
Phishing on Mobile Devices | p. 169 |
The Mobile Phishing Threat | p. 170 |
Common Control Transfers | p. 172 |
Phishing Attacks | p. 178 |
Web Sender → Mobile Target | p. 182 |
Web Sender → Web Target | p. 184 |
Attack Prevention | p. 185 |
Why Mobile Malware will Explode | p. 185 |
Nineteen Eighty-Six: When it all Started | p. 186 |
A Glimpse of Users | p. 186 |
Why Market Size Matters | p. 186 |
Financial Trends | p. 187 |
Mobile Malware Outlook | p. 187 |
Tapjacking: Stealing Clicks on Mobile Devices | p. 189 |
Framing Attacks | p. 189 |
Phone Tapjacking | p. 191 |
Framing Facebook | p. 194 |
Summary and Recommendations | p. 195 |
The Internet and the Physical World | p. 197 |
Malware-Enabled Wireless Tracking Networks | p. 197 |
Introduction | p. 198 |
The Anatomy of a Modern Smartphone | p. 199 |
Mobile Tracking Networks: A Threat to Smartphones | p. 200 |
Conclusion | p. 219 |
Social Networking Leaks | p. 219 |
Introduction | p. 220 |
Motivations for Using Social Networking Sites | p. 220 |
Trust and Privacy | p. 221 |
Known Issues | p. 222 |
Case Study: Social Networking Leaks in the Physical World | p. 225 |
Abuse of Social Media and Political Manipulation | p. 231 |
The Rise of Online Grassroots Political Movements | p. 231 |
Spam and Astroturfing | p. 232 |
Deceptive Tactics | p. 233 |
The Truthy System for Astroturf Detection | p. 236 |
Discussion | p. 240 |
Thinking About Solutions | |
Solutions to the Problem | p. 245 |
When and How to Authenticate | p. 245 |
Problem Description | p. 246 |
Use Cases | p. 247 |
System Architecture | p. 248 |
User Privacy | p. 250 |
Machine Learning/Algorithms | p. 250 |
User Study | p. 252 |
Fastwords: Adapting Passwords to Constrained Keyboards | p. 255 |
The Principles Behind Fastwords | p. 256 |
Basic Feature Set | p. 258 |
Extended Feature Set | p. 260 |
Sample Stories and Frequencies | p. 261 |
Recall Rates | p. 262 |
Security Analysis | p. 264 |
The Security of Passwords | p. 264 |
Entry Speed | p. 268 |
Implementation of Fastword Entry | p. 270 |
Conclusion | p. 271 |
Deriving PINs from Passwords | p. 271 |
Introduction | p. 272 |
A Brief Discussion of Passwords | p. 273 |
How to Derive PINs from Passwords | p. 274 |
Analysis of Passwords and Derived PINs | p. 275 |
Security Analysis | p. 278 |
Usability Experiments | p. 280 |
Visual Preference Authentication | p. 282 |
Password Resets | p. 282 |
Security Questions Aren't so Secure | p. 283 |
What is Visual Preference-Based Authentication | p. 283 |
Evaluating Visual Preference-Based Authentication | p. 285 |
Case Study: Visual Blue Moon Authentication | p. 286 |
Conclusion | p. 290 |
The Deadly Sins of Security User Interfaces | p. 290 |
Security Applications with Frustrating User Interfaces | p. 291 |
The Four Sins of Security Application User Interfaces | p. 293 |
Consumer Choice: A Security Bugbear | p. 293 |
Security by Verbosity | p. 299 |
Walls of Checkboxes | p. 300 |
All or Nothing Switch | p. 302 |
Conclusion | p. 304 |
SpoofKiller-Let's Kiss Spoofing Goodbye! | p. 304 |
A Key to the Solution: Interrupts | p. 305 |
Why can the User Log in to Good Sites, but not Bad Ones? | p. 305 |
What About Sites that are Good … but not Certified Good? | p. 308 |
SpoofKiller: Under the Hood | p. 309 |
Say we implement SpoofKiller-then What? | p. 311 |
Device Identification and Intelligence | p. 312 |
1995-2001: The Early Years of Device Identification | p. 313 |
2001-2008 Tagless Device Identification Begins | p. 314 |
2008-Present: Private Browsing and Beyond | p. 319 |
How can we Determine if a Device is Infected or not? | p. 323 |
Why Detection is Difficult | p. 323 |
Setting up an Isolated Environment | p. 324 |
What Could go Wrong? | p. 326 |
Brief Comparison with TrustZone | p. 328 |
Summary | p. 328 |
The Future | p. 331 |
Security Needs the Best User Experience | p. 332 |
How the User Won Over Features | p. 332 |
So How Come the iPhone Became so Successful? | p. 332 |
A World of Information Anywhere | p. 333 |
Midas' Touch Screens | p. 334 |
New Input, New Opportunities | p. 335 |
Zero-Click and Real-Life User Interfaces | p. 335 |
Privacy and User Interfaces | p. 336 |
It all Comes Together | p. 336 |
Fraud and the Future | p. 336 |
References | p. 339 |
Index | p. 359 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.