What is included with this book?
John Viega is CTO of the Software-as-a-Service Business Unit at
McAfee, and was previously Vice President, Chief Security Architect at
McAfee. He is an active advisor to several security companies,
including Fortify and Bit9, and is the author of a number of security
books, including Network Security with OpenSSL (O'Reilly) and Building
Secure Software (Addison-Wesley).
John is responsible for numerous software security tools and is the
original author of Mailman, the popular mailing list manager. He has
done extensive standards work in the IEEE and IETF, and co-invented
GCM, a cryptographic algorithm that NIST (US Department of Commerce)
has standardized. He holds a B.A. and M.S. from the University of
Virginia.
Foreword | p. ix |
Preface | p. xiii |
The Security Industry Is Broken | p. 1 |
Security: Nobody Cares! | p. 5 |
It's Easier to Get "Owned" Than You Think | p. 9 |
It's Good to Be Bad | p. 19 |
Test of a Good Security Product: Would I Use It? | p. 25 |
Why Microsoft's Free AV Won't Matter | p. 29 |
Google Is Evil | p. 33 |
Why Most AV Doesn't Work (Well) | p. 41 |
Why AV Is Often Slow | p. 49 |
Four Minutes to Infection? | p. 55 |
Personal Firewall Problems | p. 59 |
Call It "Antivirus" | p. 65 |
Why Most People Shouldn't Run Intrusion Prevention Systems | p. 71 |
Problems with Host Intrusion Prevention | p. 75 |
Plenty of Phish in the Sea | p. 79 |
The Cult of Schneier | p. 87 |
Helping Others Stay Safe on the Internet | p. 91 |
Snake Oil: Legitimate Vendors Sell It, Too | p. 95 |
Living in Fear? | p. 99 |
Is Apple Really More Secure? | p. 105 |
Ok, Your Mobile Phone Is Insecure; Should You Care? | p. 109 |
Do AV Vendors Write Their Own Viruses? | p. 113 |
One Simple Fix for the AV Industry | p. 115 |
Open Source Security: A Red Herring | p. 119 |
Why SiteAdvisor Was Such a Good Idea | p. 127 |
Is There Anything We Can Do About Identity Theft? | p. 129 |
Virtualization: Host Security's Silver Bullet? | p. 135 |
When Will We Get Rid of All the Security Vulnerabilities? | p. 139 |
Application Security on a Budget | p. 145 |
"Responsible Disclosure" Isn't Responsible | p. 153 |
Are Man-in-the-Middle Attacks a Myth? | p. 163 |
An Attack on PKI | p. 167 |
HTTPS Sucks; Let's Kill It! | p. 171 |
CrAP-TCHA and the Usability/Security Tradeoff | p. 175 |
No Death for the Password | p. 181 |
Spam Is Dead | p. 187 |
Improving Authentication | p. 191 |
Cloud Insecurity? | p. 197 |
What AV Companies Should Be Doing (AV 2.0) | p. 203 |
VPNs Usually Decrease Security | p. 213 |
Usability and Security | p. 215 |
Privacy | p. 217 |
Anonymity | p. 219 |
Improving Patch Management | p. 221 |
An Open Security Industry | p. 223 |
Academics | p. 225 |
Locksmithing | p. 227 |
Critical Infrastructure | p. 229 |
Epilogue | p. 231 |
Index | p. 233 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.