Foreword

1 Encarta World English Dictionary © 1999 Microsoft Corporation. All rights reserved. Developed for Microsoft by Bloomsbury Publishing Plc.

Chapter 1

1 www.opengroup.org/projects/jericho/

2 Evolution Data Optimized, a wireless radio broadband protocol used over CDMA (Code Division Multiple Access) cellular phone networks

3 Mary Jo Foley, Microsoft Watch, 4/27/2004

4 Linux vs. Windows Viruses, The Register, 10/6/2003

5 www.symantec.com/avcenter/defs.download.html

6 SANS NewsBites Vol. 8 Num. 94

7 www.leunig.de/_en/_news/prs/2002_02_eps/eps_mfot.htm

8 www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html, “Tracking Prey in the Cyberforest,” Potter and Wotring

9 Blackberry pips Palm to top spot, Vnunet, May 5, 2005

10 www.symbian.com/security/index.html

11 www.f-secure.com/v-descs/cabir.shtml

12 www.us-cert.gov

13 @Stake was a security consulting group that was acquired by Symantec in 2004.

14 www.fwuf.gov/slides/may02slides/havighurst.pdf

15 www.kb.cert.org/vuls/id/570768

16 www.opengroup.org/jericho/

17 Hype Cycle for Information Security, 2003, 5/30/2003, Wheatman et al

18 Fort Irwin National Training Center Trip Report, Commanding Officer, Marine Wing Communications Squadron 38, November 9, 2003

19 CSO Magazine,“The Perimeter Problem,” Simpson Garfinkle, 11/2005

Chapter 2

1 http://en.wikipedia.org/wiki/Philip_Morris_International

2 http://en.wikipedia.org/wiki/Altria_Group

3 http://aspe.hhs.gov/admnsimp/pl104191.htm

4 Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II)

5 Sarbanes-Oxley Act of 2002, or Public Company Accounting Reform and Investor Protection Act of 2002

6 Gramm-Leach-Bliley Act, or the Financial Modernization Act of 1999

7 http://news.zdnet.com/2100-1009_22-5754773.html

8 Reuters 1/19/04, www.silicon.com/software/security/0,39024655,39117842,00.htm

9 www.icsalabs.com

10 www.cybertrust.com/pr_events/2005/20050405.shtml

11 http://news.com.com/Computer+crime+costs+67+billion,+FBI+says/2100-7349_3-6028946.html

12 www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml (You must register to get the report.)

13 www.messagelabs.com

14 www.earthlink.net/spyaudit/press/

15 Yes, I was part of the machine that I blasted earlier.

16 John B. Horrigan, Ph.D., Senior Research Specialist (202-296-0019), April 2004

17 www.enterprisenetworkingplanet.com/nethub/article.php/3532031

18 www.infonetics.com/resources/purple.shtml?ms05.sec.3q.nr.shtml

19 9/2004, by Tara Seals (Data source Yankee Group 12/03)

20 www.techweb.com/wire/networking/53701345

21 www.infonetics.com/resources/purple.shtml?ms06.cs.sec.3q06.nr.shtml

22 The First to Fly, Sherwood Harris, Tab Aero (1991)

Chapter 3

1 I covered what we refers to in the Preface; in case you’re confused about who we are, however, we refers collectively to all the security world.

2 www.insecure.org/nmap/

3 www.cirt.net/code/nikto.shtml

4 Demilitarized zone. A special part of the network that provides limited access to specific applications to Internet users.

5 I had the word dogma here, but some found it too harsh.

6 An ancient method of reproducing documents that used an ink drum and special typewriter-generated stencils to create many copies of the original document.

7 www.faqs.org/rfcs/rfc3580.html 802.1x RFC reference

8 An especially good one is Andrew Jaquith’s book Security Metrics: Replacing Fear, Uncertainty, and Doubt, Addison-Wesley (2007).

9 Actually, it’s 69.554%, but I rounded up for ease of comprehension.

Chapter 4

1 RFC 2284, PPP EAP

2 RFC 2865, Remote Authentication Dial In User Service

Chapter 5

1 Symantec bought Sygate in 2005. SEP, Sygate Enterprise Protection, was renamed to Symantec Enterprise Protection.

2 D. Bell & L. LaPadula, Secure computer systems: Mathematical foundations. Technical report ESD-TR-73-278, The MITRE Corp, Bedford, MA, 1973

3 http://en.wikipedia.org/wiki/Bell-LaPadula_model (The original paper at MITRE is hard to get.)

4 RFC 2131

5 www.juniper.net/products/aaa

6 www.enterasys.com/products/ids/NSTAM/

7 www.foundrynet.com/solutions/security/NAC.html

8 www.extremenetworks.com/products/securityappliances/

9 www.kb.cert.org/vuls/id/568148

10 www.microsoft.com/technet/security/Bulletin/MS06-014.mspx

11 www.infoblox.com

Chapter 6

1 The Register, 9/1/05, www.theregister.co.uk/2005/09/01/creative_mp3_player_virus_flap/

2 http://www.snort.org - open source IDS solution

Chapter 7

1 http://www.ietf.org/rfc/rfc2251.txt

2 Federal Information Processing Standards Publication 180-2

3 Collision Search Attacks on SHA-1, Wang, Yin, Yu, 2/13/2005

4 Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD

5 http://www.mp3newswire.net/stories/5002/KaZaaSecurity.html

6 http://www.securityfocus.com/news/11215

Chapter 8

1 The American Heritage Dictionary of the English Language, Fourth Edition.

2 Adobe, Symantec Behind Complaints to EU about Vista, Paul Thurrott, WindowsITPro, 9/21/06

3 www.insecure.org/nmap

4 http://www.f-secure.com/exclude/blacklight/index.shtml

5 http://www.sysinternals.com/Utilities/RootkitRevealer.html

6 Microsoft bought Sysinternals in July of 2006.

7 http://www.3wdesign.es/security/

8 http://greatis.com/unhackme/

9 http://support.microsoft.com/?kbid=314058

10 http://www.lavasoft.de/software/adaware/

11 http://www.pctools.com/spyware-doctor/

12 http://anti-spyware-review.toptenreviews.com/

13 http://www.webroot.com/land/spysweeper-tt/index.html?rc=3815

14 http://netsecurity.about.com/od/popupsandspyware/tp/aatp082804.htm

15 http://www.safer-networking.org/en/spybotsd/index.html

16 http://www.edoceo.com/products/winlogd.php

17 http://www.microsoft.com/technet/itsolutions/network/vpn/quarantine.mspx

Chapter 9

1 http://en.wikipedia.org/wiki/Mach_kernel

2 www.heise.de/english/newsticker/news/69862

3 http://daringfireball.net/2006/02/safari_shell_script_exploit

4 http://onmac.net/

5 http://securityresponse.symantec.com/avcenter/venc/data/osx.inqtana.a.html

6 www.securityfocus.com/bid/13491

7 http://securityresponse.symantec.com/avcenter/venc/data/osx.leap.a.html

8 www.sunncomm.com/Brochure/

9 http://macscan.securemac.com

10 www.versiontracker.com

11 www.macupdate.com/info.php/id/15850

12 www.clamav.net/

13 www.lockdownetworks.com

Chapter 10

1 SFGate.com, Rebecca Eisenberg, 8/2/98

2 http://en.wikipedia.org/wiki/Linux_kernel

3 www.oasis-open.org/committees/tc_home.php?wg_abbrev=office

4 www.winehq.com

5 www.defcon.org (DEFCON is an annual hacker convention in Las Vegas, Nevada.)

6 Xandros Desktop OS Users Guide, page 193

7 www.cups.org

8 www.vtcif.telstra.com.au/pub/docs/security/tcp_wrapper.txt (The original paper on TCP Wrapper, by Wietse Venema. Great read.)

9 http://seclists.org/bugtraq/1997/May/0212.html

10 www.winehq.org

11 www.openoffice.org

12 www.w3.org (World Wide Web Consortium)

13 www.infoworld.com/article/06/07/05/HNopenofficewarns_1.html

14 Robert Lemos, 8/24/06

15 News Brief, 8/25/06

Chapter 11

1 USA Today, 3/28/05, Barbara De Lollis, “Many travelers have tales of missing gadgets”

2 FIPS 140-2 Level 3

3 http://upload.wikimedia.org/wikipedia/commons/c/cb/Windows_CE_Timeline.png

4 http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceintro5/html/wce50oriwelcometowindowsce.asp

5 www.brighthand.com/default.asp?newsID=9147

6 www.symbian.com

7 www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#FX, Analyzing Complex Systems: The Blackberry Case, FX, Phenoelit & SABRE Labs

8 www.macworld.com/news/2006/04/07/blackberry/index.php

9 http://mobile.newsforge.com/article.pl?sid=05/12/13/174241&tid=97&tid=2

10 www.infosyncworld.com/news/n/5835.html

11 http://csrc.nist.gov/cryptval/140-1/1401val2005.htm#593

12 www.openmobilealliance.org/index.html

13 Black Hat Briefings 2004, Bluesnarfing - The Risk From Digital Pickpockets

14 www.schmoo.com

15 Ford-Long Wong and Frank Stajano, University of Cambridge Comp Lab, “Location Privacy in Bluetooth”

16 http://linux.softpedia.com/get/Communications/Telephony/ObexFTP-9007.shtml#

17 www.fte.com/blu07.asp

18 Technically, a 2.5 GSM bolt-on

19 CDMA2000

20 By William Millan and Praveen Gauravaram, IEICE 2004

21 Good was purchased in November 2006 by Motorola.

22 www.good.com

23 www.smobilesystems.com

24 www.eweek.com/article2/0,1895,1970784,00.asp

25 www.consumersearch.com/www/software/antivirus-software/reviews.html

Chapter 12

1 http://en.wikipedia.org/wiki/Posix

2 http://features.engadget.com/2004/08/17/how-to-use-an-ipod-as-a-bootable-drive/

3 http://ipodlinux.org/Main_Page

4 www.odva.org/

5 www.dcbnet.com/datasheet/ethergate.html

6 http://labs.idefense.com

7 www.idefense.com/intelligence/vulnerabilities/display.php?id=383

8 http://xforce.iss.net/xforce/xfdb/24304

9 http://packetstorm.linuxsecurity.com/0405-advisories/3COMdos.txt

10 www.samsung.com/homenetwork/HomevitaSolutions/HomeControlling/ApplianceControlSolution.htm

11 Distributed Network Protocol IEE 1379-2000

12 https://www.trustedcomputinggroup.org/groups/tpm/

13 www.school-linktechnologies.com/news_healthyvending_hotbutton.asp

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset