安全之美（影印版）

PREFACE
1　PSYCHOLOGICAL SECURITY TRAPS
　by Peiter“Mudge”Zatko
Learned Helplessness and NaTvet6
Confirmation Traps
FunctionaI Fixation
Summary
2　WIRELESS NETWORKING：FERTILE GROUND FOR SOCIAL ENGINEERING
　byJim Stickle),
Easy Money
Wi reless Gone Wild
Still．Wireless Is the Future
3　BEAUTIFUL SECURITY METRICS
　byElizabeth A．Nichols
Security Metrics by Analogy：Health
Security Metrics by Example
Summary
4　THE UNDERGROUND ECONOMY OF SECURITY BREACHES
by Chenxi Wang
The Makeup and Infrastructure ofthe Cyber Underground
The Payoff
How Can We Combat This Growing Underg'round Economy?
Summary
5 BEAUTlFUL TRADE：RETHINKlNG E．COMMERCE SECURITY
byEdBellis
DeconslructIng Commerce
Weak Amelioration Attempts
E-Commerce Redone：A New Security Model
The New ModeI
6 SECURING ONLINE ADVERTISlNG：RUSTLERS AND SHERIFFS IN THE NEW WILD WEST
by Benjamin Edelman
Attacks on Users
Advertisers As Vi Clims
Creating Accountability in Online Advertising
7　THE EVOLUTl0N OF PGP’S WEB OF TRUST
byPhil Zimmermann andJon Callas
PGP and OpenPGP
Trust，Validity，and Authority
PGP and C rypto History
Enhancements to the Original Web of Trust Model
Interesting A reas for Further Research
References
8　OPEN SOURCE HONEYCLIENT：PROACTIVE DETECTION OF CLIENT．SIDE EXPLOITS
　byKathywang
Enter Honeyclients
Introducing the World’S Fi rst Open Source Honeyclient
Second-Generation Honeyclients
Honeyclient OperationaI Results
Analysis of Exploits
Limitations ofthe Current Honeyclient Implementation
Related Work
The Future of Honeyclients
9　TOMORROW’S SECURITY COGS AND LEVERS
　byMark Curphey
Cloud Computing and Web Services：The Single Machine Is Here
ConnectimJ People，Process，and Technology：The Potential for Business Process Management
Social Networkin9：When People Start Communicatin9，Big Things Change
Information Security Economics：Supercrunching andthe New Rules oftheGrid
Platforms ofthe Lon9·Tail Variety：Why the Future Will Be Different for Us All
Conclusion
Acknowledgmenls
10　SECURITY BY DESIGN
　byJohn McManus
Metrics with No Meaning
Time to Market or Time to Quality?
How a Di sciplined System Development Lifecycle Can Help
Conclusion：Beautiful Security Is an Attribute of Beautiful Systems
11 FORClNG FIRMS TO FOCUS：IS SECURE SOFTWARE IN YOUR FUTURE?
byJim Routh
Implicit Requi remenls Can StilI Be Powerful
How One Firm Came to Demand Secure Software
Enforcing Security in Off—the—ShelfSoftware
Analysis：How to Make the World’S Software More Secure
12　0H N0，HERE COME THE INFOSECURITY LAWYERS!
　byRandyv.Sabett
Culture
Balance
Communication
Doing the Right Thing
13 BEAUTIFUL LOG HANDLING
byAnton Chuuakin
Logs in Security Laws and Standards
Focus on Logs
When Logs Are Invaluable
Challenges with Logs
Case Study：Behind a Trashed Server
Future Logging
Conclusions
14　INCIDENT DETECTION：FINDING THE OTHER 68％
　by Grant Geyer and Brian Dunphy
A Common Starting Point
Improving Detection with Context
Improving Perspective with Host Logging
Summary
15　DOING REAL WORK WITHOUT REAL DATA
by Peter Wayner
How Data Translucency Works
A Real．Life Example
PersonaI Data Stored As a Convenience
Trade—offs
Going Deeper
References
16 CASTING SPELLS：PC SECURITY THEATER
by Michael Wood and Fernando Francisco
Growing Attacks．Defenses in Retreat
The lIlusion Revealed
Better Practices for Desktop Security
Conclusion
CONTRIBUTORS
INDEX