1 Encarta World English Dictionary © 1999 Microsoft Corporation. All rights reserved. Developed for Microsoft by Bloomsbury Publishing Plc.
1 www.opengroup.org/projects/jericho/
2 Evolution Data Optimized, a wireless radio broadband protocol used over CDMA (Code Division Multiple Access) cellular phone networks
3 Mary Jo Foley, Microsoft Watch, 4/27/2004
4 Linux vs. Windows Viruses, The Register, 10/6/2003
5 www.symantec.com/avcenter/defs.download.html
6 SANS NewsBites Vol. 8 Num. 94
7 www.leunig.de/_en/_news/prs/2002_02_eps/eps_mfot.htm
8 www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html, “Tracking Prey in the Cyberforest,” Potter and Wotring
9 Blackberry pips Palm to top spot, Vnunet, May 5, 2005
10 www.symbian.com/security/index.html
11 www.f-secure.com/v-descs/cabir.shtml
13 @Stake was a security consulting group that was acquired by Symantec in 2004.
14 www.fwuf.gov/slides/may02slides/havighurst.pdf
15 www.kb.cert.org/vuls/id/570768
17 Hype Cycle for Information Security, 2003, 5/30/2003, Wheatman et al
18 Fort Irwin National Training Center Trip Report, Commanding Officer, Marine Wing Communications Squadron 38, November 9, 2003
19 CSO Magazine,“The Perimeter Problem,” Simpson Garfinkle, 11/2005
1 http://en.wikipedia.org/wiki/Philip_Morris_International
2 http://en.wikipedia.org/wiki/Altria_Group
3 http://aspe.hhs.gov/admnsimp/pl104191.htm
4 Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II)
5 Sarbanes-Oxley Act of 2002, or Public Company Accounting Reform and Investor Protection Act of 2002
6 Gramm-Leach-Bliley Act, or the Financial Modernization Act of 1999
7 http://news.zdnet.com/2100-1009_22-5754773.html
8 Reuters 1/19/04, www.silicon.com/software/security/0,39024655,39117842,00.htm
10 www.cybertrust.com/pr_events/2005/20050405.shtml
11 http://news.com.com/Computer+crime+costs+67+billion,+FBI+says/2100-7349_3-6028946.html
12 www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml (You must register to get the report.)
14 www.earthlink.net/spyaudit/press/
15 Yes, I was part of the machine that I blasted earlier.
16 John B. Horrigan, Ph.D., Senior Research Specialist (202-296-0019), April 2004
17 www.enterprisenetworkingplanet.com/nethub/article.php/3532031
18 www.infonetics.com/resources/purple.shtml?ms05.sec.3q.nr.shtml
19 9/2004, by Tara Seals (Data source Yankee Group 12/03)
20 www.techweb.com/wire/networking/53701345
21 www.infonetics.com/resources/purple.shtml?ms06.cs.sec.3q06.nr.shtml
22 The First to Fly, Sherwood Harris, Tab Aero (1991)
1 I covered what we refers to in the Preface; in case you’re confused about who we are, however, we refers collectively to all the security world.
3 www.cirt.net/code/nikto.shtml
4 Demilitarized zone. A special part of the network that provides limited access to specific applications to Internet users.
5 I had the word dogma here, but some found it too harsh.
6 An ancient method of reproducing documents that used an ink drum and special typewriter-generated stencils to create many copies of the original document.
7 www.faqs.org/rfcs/rfc3580.html 802.1x RFC reference
8 An especially good one is Andrew Jaquith’s book Security Metrics: Replacing Fear, Uncertainty, and Doubt, Addison-Wesley (2007).
9 Actually, it’s 69.554%, but I rounded up for ease of comprehension.
1 RFC 2284, PPP EAP
2 RFC 2865, Remote Authentication Dial In User Service
1 Symantec bought Sygate in 2005. SEP, Sygate Enterprise Protection, was renamed to Symantec Enterprise Protection.
2 D. Bell & L. LaPadula, Secure computer systems: Mathematical foundations. Technical report ESD-TR-73-278, The MITRE Corp, Bedford, MA, 1973
3 http://en.wikipedia.org/wiki/Bell-LaPadula_model (The original paper at MITRE is hard to get.)
4 RFC 2131
5 www.juniper.net/products/aaa
6 www.enterasys.com/products/ids/NSTAM/
7 www.foundrynet.com/solutions/security/NAC.html
8 www.extremenetworks.com/products/securityappliances/
9 www.kb.cert.org/vuls/id/568148
10 www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
1 The Register, 9/1/05, www.theregister.co.uk/2005/09/01/creative_mp3_player_virus_flap/
2 http://www.snort.org - open source IDS solution
1 http://www.ietf.org/rfc/rfc2251.txt
2 Federal Information Processing Standards Publication 180-2
3 Collision Search Attacks on SHA-1, Wang, Yin, Yu, 2/13/2005
4 Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD
5 http://www.mp3newswire.net/stories/5002/KaZaaSecurity.html
6 http://www.securityfocus.com/news/11215
1 The American Heritage Dictionary of the English Language, Fourth Edition.
2 Adobe, Symantec Behind Complaints to EU about Vista, Paul Thurrott, WindowsITPro, 9/21/06
4 http://www.f-secure.com/exclude/blacklight/index.shtml
5 http://www.sysinternals.com/Utilities/RootkitRevealer.html
6 Microsoft bought Sysinternals in July of 2006.
7 http://www.3wdesign.es/security/
8 http://greatis.com/unhackme/
9 http://support.microsoft.com/?kbid=314058
10 http://www.lavasoft.de/software/adaware/
11 http://www.pctools.com/spyware-doctor/
12 http://anti-spyware-review.toptenreviews.com/
13 http://www.webroot.com/land/spysweeper-tt/index.html?rc=3815
14 http://netsecurity.about.com/od/popupsandspyware/tp/aatp082804.htm
15 http://www.safer-networking.org/en/spybotsd/index.html
16 http://www.edoceo.com/products/winlogd.php
17 http://www.microsoft.com/technet/itsolutions/network/vpn/quarantine.mspx
1 http://en.wikipedia.org/wiki/Mach_kernel
2 www.heise.de/english/newsticker/news/69862
3 http://daringfireball.net/2006/02/safari_shell_script_exploit
5 http://securityresponse.symantec.com/avcenter/venc/data/osx.inqtana.a.html
6 www.securityfocus.com/bid/13491
7 http://securityresponse.symantec.com/avcenter/venc/data/osx.leap.a.html
9 http://macscan.securemac.com
11 www.macupdate.com/info.php/id/15850
1 SFGate.com, Rebecca Eisenberg, 8/2/98
2 http://en.wikipedia.org/wiki/Linux_kernel
3 www.oasis-open.org/committees/tc_home.php?wg_abbrev=office
5 www.defcon.org (DEFCON is an annual hacker convention in Las Vegas, Nevada.)
6 Xandros Desktop OS Users Guide, page 193
8 www.vtcif.telstra.com.au/pub/docs/security/tcp_wrapper.txt (The original paper on TCP Wrapper, by Wietse Venema. Great read.)
9 http://seclists.org/bugtraq/1997/May/0212.html
12 www.w3.org (World Wide Web Consortium)
13 www.infoworld.com/article/06/07/05/HNopenofficewarns_1.html
14 Robert Lemos, 8/24/06
15 News Brief, 8/25/06
1 USA Today, 3/28/05, Barbara De Lollis, “Many travelers have tales of missing gadgets”
2 FIPS 140-2 Level 3
3 http://upload.wikimedia.org/wikipedia/commons/c/cb/Windows_CE_Timeline.png
4 http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceintro5/html/wce50oriwelcometowindowsce.asp
5 www.brighthand.com/default.asp?newsID=9147
7 www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#FX, Analyzing Complex Systems: The Blackberry Case, FX, Phenoelit & SABRE Labs
8 www.macworld.com/news/2006/04/07/blackberry/index.php
9 http://mobile.newsforge.com/article.pl?sid=05/12/13/174241&tid=97&tid=2
10 www.infosyncworld.com/news/n/5835.html
11 http://csrc.nist.gov/cryptval/140-1/1401val2005.htm#593
12 www.openmobilealliance.org/index.html
13 Black Hat Briefings 2004, Bluesnarfing - The Risk From Digital Pickpockets
15 Ford-Long Wong and Frank Stajano, University of Cambridge Comp Lab, “Location Privacy in Bluetooth”
16 http://linux.softpedia.com/get/Communications/Telephony/ObexFTP-9007.shtml#
18 Technically, a 2.5 GSM bolt-on
19 CDMA2000
20 By William Millan and Praveen Gauravaram, IEICE 2004
21 Good was purchased in November 2006 by Motorola.
24 www.eweek.com/article2/0,1895,1970784,00.asp
25 www.consumersearch.com/www/software/antivirus-software/reviews.html
1 http://en.wikipedia.org/wiki/Posix
2 http://features.engadget.com/2004/08/17/how-to-use-an-ipod-as-a-bootable-drive/
3 http://ipodlinux.org/Main_Page
5 www.dcbnet.com/datasheet/ethergate.html
7 www.idefense.com/intelligence/vulnerabilities/display.php?id=383
8 http://xforce.iss.net/xforce/xfdb/24304
9 http://packetstorm.linuxsecurity.com/0405-advisories/3COMdos.txt
10 www.samsung.com/homenetwork/HomevitaSolutions/HomeControlling/ApplianceControlSolution.htm
11 Distributed Network Protocol IEE 1379-2000
12 https://www.trustedcomputinggroup.org/groups/tpm/
13 www.school-linktechnologies.com/news_healthyvending_hotbutton.asp