• Table of Contents

  Page VII

• + Preface

  Page XI

  • Why Security Is Beautiful

    Page XII

  • Audience for This Book

    Page XIII

  • Donation

    Page XIII

  • Organization of the Material

    Page XIII

  • Conventions Used in This Book

    Page XIV

  • Using Code Examples

    Page XIV

  • Safari® Books Online

    Page XV

  • How to Contact Us

    Page XV

• + Chapter 1. Psychological Security Traps

  Page 1

  • + Learned Helplessness and Naïveté

    Page 2

    • A Real-Life Example: How Microsoft Enabled L0phtCrack

      Page 3

    • Password and Authentication Security Could Have Been Better from the Start

      Page 7

    • Naïveté As the Client Counterpart to Learned Helplessness

      Page 8

  • + Confirmation Traps

    Page 10

    • An Introduction to the Concept

      Page 10

    • The Analyst Confirmation Trap

      Page 12

    • Stale Threat Modeling

      Page 12

    • Rationalizing Away Capabilities

      Page 13

  • + Functional Fixation

    Page 14

    • Vulnerability in Place of Security

      Page 15

    • Sunk Costs Versus Future Profits: An ISP Example

      Page 16

    • Sunk Costs Versus Future Profits: An Energy Example

      Page 18

  • Summary

    Page 20

• + Chapter 2. Wireless Networking: Fertile Ground for Social Engineering

  Page 21

  • + Easy Money

    Page 22

    • Setting Up the Attack

      Page 23

    • A Cornucopia of Personal Data

      Page 24

    • A Fundamental Flaw in Web Security: Not Trusting the Trust System

      Page 25

    • Establishing Wireless Trust

      Page 26

    • Adapting a Proven Solution

      Page 26

  • + Wireless Gone Wild

    Page 28

    • Wireless As a Side Channel

      Page 29

    • What About the Wireless Access Point Itself?

      Page 30

  • Still, Wireless Is the Future

    Page 31

• + Chapter 3. Beautiful Security Metrics

  Page 33

  • + Security Metrics by Analogy: Health

    Page 34

    • Unreasonable Expectations

      Page 35

    • Data Transparency

      Page 35

    • Reasonable Metrics

      Page 36

  • + Security Metrics by Example

    Page 38

    • + Barings Bank: Insider Breach

      Page 38

      • The players

        Page 38

      • How it happened

        Page 39

      • What went wrong

        Page 43

      • Barings: “What if...”

        Page 43

      • Barings: Some security metrics

        Page 46

    • + TJX: Outsider Breach

      Page 49

      • The players

        Page 49

      • How it happened

        Page 50

      • What went wrong

        Page 53

      • TJX: “What if...”

        Page 54

      • TJX: Some security metrics

        Page 55

    • More Public Data Sources

      Page 59

  • Summary

    Page 60

• + Chapter 4. The Underground Economy of Security Breaches

  Page 63

  • + The Makeup and Infrastructure of the Cyber Underground

    Page 64

    • The Underground Communication Infrastructure

      Page 65

    • The Attack Infrastructure

      Page 66

  • + The Payoff

    Page 66

    • The Data Exchange

      Page 67

    • Information Sources

      Page 68

    • + Attack Vectors

      Page 68

      • Exploiting website vulnerabilities

        Page 68

      • Malware

        Page 69

      • Phishing, facilitated by social-engineering spam

        Page 70

    • The Money-Laundering Game

      Page 70

  • + How Can We Combat This Growing Underground Economy?

    Page 71

    • Devalue Data

      Page 71

    • Separate Permission from Information

      Page 71

    • Institute an Incentive/Reward Structure

      Page 72

    • Establish a Social Metric and Reputation System for Data Responsibility

      Page 72

  • Summary

    Page 72

• + Chapter 5. Beautiful Trade: Rethinking E-Commerce Security

  Page 73

  • + Deconstructing Commerce

    Page 74

    • Analyzing the Security Context

      Page 75

  • + Weak Amelioration Attempts

    Page 76

    • + 3-D Secure

      Page 76

      • 3-D Secure transactions

        Page 76

      • Evaluation of 3-D Secure

        Page 77

    • + Secure Electronic Transaction

      Page 78

      • SET transactions

        Page 79

      • Evaluation of SET

        Page 79

    • + Single-Use and Multiple-Use Virtual Cards

      Page 79

      • How virtual cards work

        Page 79

    • + Broken Incentives

      Page 80

      • Consumer

        Page 81

      • Merchant and service provider

        Page 81

      • Acquiring and issuing banks

        Page 82

      • Card association

        Page 82

      • He who controls the spice

        Page 82

  • + E-Commerce Redone: A New Security Model

    Page 83

    • Requirement 1: The Consumer Must Be Authenticated

      Page 83

    • Requirement 2: The Merchant Must Be Authenticated

      Page 83

    • Requirement 3: The Transaction Must Be Authorized

      Page 84

    • Requirement 4: Authentication Data Should Not Be Shared Outside of Authenticator and Authenticated

      Page 84

    • Requirement 5: The Process Must Not Rely Solely on Shared Secrets

      Page 85

    • Requirement 6: Authentication Should Be Portable (Not Tied to Hardware or Protocols)

      Page 85

    • Requirement 7: The Confidentiality and Integrity of Data and Transactions Must Be Maintained

      Page 85

  • The New Model

    Page 86

• + Chapter 6. Securing Online Advertising: Rustlers and Sheriffs in the New Wild West

  Page 89

  • + Attacks on Users

    Page 89

    • Exploit-Laden Banner Ads

      Page 89

    • Malvertisements

      Page 92

    • Deceptive Advertisements

      Page 94

  • + Advertisers As Victims

    Page 98

    • False Impressions

      Page 98

    • + Escaping Fraud-Prone CPM Advertising

      Page 100

      • Gaming CPC advertising

        Page 100

      • Inflating CPA costs

        Page 102

    • Why Don’t Advertisers Fight Harder?

      Page 103

    • Lessons from Other Procurement Contexts: The Special Challenges of Online Procurement

      Page 104

  • Creating Accountability in Online Advertising

    Page 105

• + Chapter 7. The Evolution of PGP’s Web of Trust

  Page 107

  • PGP and OpenPGP

    Page 108

  • + Trust, Validity, and Authority

    Page 108

    • Direct Trust

      Page 109

    • Hierarchical Trust

      Page 109

    • Cumulative Trust

      Page 110

    • The Basic PGP Web of Trust

      Page 112

    • + Rough Edges in the Original Web of Trust

      Page 114

      • Supervalidity

        Page 114

      • The social implications of signing keys

        Page 114

  • + PGP and Crypto History

    Page 116

    • Early PGP

      Page 116

    • Patent and Export Problems

      Page 117

    • The Crypto Wars

      Page 118

    • From PGP 3 to OpenPGP

      Page 119

  • + Enhancements to the Original Web of Trust Model

    Page 120

    • + Revocation

      Page 120

      • The basic model for revocation

        Page 120

      • Key revocation and expiration

        Page 121

      • Designated revokers

        Page 121

      • Freshness

        Page 122

      • Reasons for revocation

        Page 122

    • + Scaling Issues

      Page 123

      • Extended introducers

        Page 123

      • Authoritative keys

        Page 123

    • + Signature Bloat and Harassment

      Page 124

      • Exportable signatures

        Page 125

      • Key-editing policies

        Page 126

    • In-Certificate Preferences

      Page 126

    • The PGP Global Directory

      Page 127

    • Variable Trust Ratings

      Page 128

  • + Interesting Areas for Further Research

    Page 128

    • Supervalidity

      Page 128

    • Social Networks and Traffic Analysis

      Page 128

  • References

    Page 129

• + Chapter 8. Open Source Honeyclient: Proactive Detection of Client-Side Exploits

  Page 131

  • Enter Honeyclients

    Page 133

  • Introducing the World’s First Open Source Honeyclient

    Page 133

  • Second-Generation Honeyclients

    Page 135

  • + Honeyclient Operational Results

    Page 139

    • Transparent Activity from Windows XP

      Page 139

    • Storing and Correlating Honeyclient Data

      Page 140

  • Analysis of Exploits

    Page 141

  • Limitations of the Current Honeyclient Implementation

    Page 143

  • Related Work

    Page 144

  • The Future of Honeyclients

    Page 146

• + Chapter 9. Tomorrow’s Security Cogs and Levers

  Page 147

  • + Cloud Computing and Web Services: The Single Machine Is Here

    Page 150

    • Builders Versus Breakers

      Page 151

    • Clouds and Web Services to the Rescue

      Page 152

    • A New Dawn

      Page 153

  • + Connecting People, Process, and Technology: The Potential for Business Process Management

    Page 154

    • Diffuse Security in a Diffuse World

      Page 155

    • BPM As a Guide to Multisite Security

      Page 156

  • + Social Networking: When People Start Communicating, Big Things Change

    Page 158

    • The State of the Art and the Potential in Social Networking

      Page 159

    • Social Networking for the Security Industry

      Page 160

    • Security in Numbers

      Page 161

  • Information Security Economics: Supercrunching and the New Rules of the Grid

    Page 162

  • + Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All

    Page 165

    • Democratization of Tools for Production

      Page 165

    • Democratization of Channels for Distribution

      Page 166

    • Connection of Supply and Demand

      Page 167

  • Conclusion

    Page 168

  • Acknowledgments

    Page 169

• + Chapter 10. Security by Design

  Page 171

  • Metrics with No Meaning

    Page 172

  • Time to Market or Time to Quality?

    Page 174

  • How a Disciplined System Development Lifecycle Can Help

    Page 178

  • Conclusion: Beautiful Security Is an Attribute of Beautiful Systems

    Page 181

• + Chapter 11. Forcing Firms to Focus: Is Secure Software in Your Future?

  Page 183

  • Implicit Requirements Can Still Be Powerful

    Page 184

  • + How One Firm Came to Demand Secure Software

    Page 185

    • + How I Put a Security Plan in Place

      Page 186

      • Choosing a focus and winning over management

        Page 186

      • Setting up formal quality processes for security

        Page 187

      • Developer training

        Page 188

      • When the security process really took hold

        Page 188

    • Fixing the Problems

      Page 189

    • Extending Our Security Initiative to Outsourcing

      Page 190

  • Enforcing Security in Off-the-Shelf Software

    Page 190

  • + Analysis: How to Make the World’s Software More Secure

    Page 193

    • The Best Software Developers Create Code with Vulnerabilities

      Page 193

    • Microsoft Leading the Way

      Page 194

    • Software Vendors Give Us What We Want but Not What We Need

      Page 195

• + Chapter 12. Oh No, Here Come the Infosecurity Lawyers!

  Page 199

  • Culture

    Page 200

  • + Balance

    Page 202

    • The Digital Signature Guidelines

      Page 202

    • The California Data Privacy Law

      Page 203

    • Security’s Return on Investment

      Page 205

  • + Communication

    Page 207

    • How Geeks Need Lawyers

      Page 207

    • Success Driven from the Top, Carried Out Through Collaboration

      Page 210

    • A Data Breach Tiger Team

      Page 210

  • Doing the Right Thing

    Page 211

• + Chapter 13. Beautiful Log Handling

  Page 213

  • Logs in Security Laws and Standards

    Page 213

  • Focus on Logs

    Page 214

  • When Logs Are Invaluable

    Page 215

  • Challenges with Logs

    Page 216

  • + Case Study: Behind a Trashed Server

    Page 218

    • Architecture and Context for the Incident

      Page 218

    • The Observed Event

      Page 218

    • The Investigation Starts

      Page 219

    • Bringing Data Back from the Dead

      Page 220

    • Summary

      Page 221

  • + Future Logging

    Page 221

    • A Proliferation of Sources

      Page 221

    • Log Analysis and Management Tools of the Future

      Page 222

  • Conclusions

    Page 223

• + Chapter 14. Incident Detection: Finding the Other 68%

  Page 225

  • A Common Starting Point

    Page 226

  • + Improving Detection with Context

    Page 228

    • Improving Coverage with Traffic Analysis

      Page 229

    • Correlating with Watch Lists

      Page 230

  • + Improving Perspective with Host Logging

    Page 232

    • Building a Resilient Detection Model

      Page 233

  • Summary

    Page 237

• + Chapter 15. Doing Real Work Without Real Data

  Page 239

  • How Data Translucency Works

    Page 240

  • A Real-Life Example

    Page 243

  • Personal Data Stored As a Convenience

    Page 244

  • Trade-offs

    Page 244

  • Going Deeper

    Page 245

  • References

    Page 246

• + Chapter 16. Casting Spells: PC Security Theater

  Page 247

  • + Growing Attacks, Defenses in Retreat

    Page 248

    • On the Conveyor Belt of the Internet

      Page 248

    • Rewards for Misbehavior

      Page 249

    • A Mob Response

      Page 250

  • + The Illusion Revealed

    Page 252

    • + Strict Scrutiny: Traditional and Updated Anti-Virus Scanning

      Page 252

      • The evolution of the blacklist method

        Page 252

      • The whitelist alternative

        Page 253

      • Host-based Intrusion Prevention Systems

        Page 253

      • Applying artificial intelligence

        Page 254

    • + Sandboxing and Virtualization: The New Silver Bullets

      Page 254

      • Virtual machines, host and guest

        Page 255

      • Security-specific virtualization

        Page 255

      • Security of saved files in Returnil

        Page 256

  • Better Practices for Desktop Security

    Page 257

  • Conclusion

    Page 258

• Contributors

  Page 259

• Index

  Page 269

Although most people don't give security much attention until their personal or business systems are attacked, this thought-provoking anthology demonstrates that digital security is not only worth thinking about, it's also a fascinating topic. Criminals succeed by exercising enormous creativity, and those defending against them must do the same.

Beautiful Security explores this challenging subject with insightful essays and analysis on topics that include:

• The underground economy for personal information: how it works, the relationships among criminals, and some of the new ways they pounce on their prey

• How social networking, cloud computing, and other popular trends help or hurt our online security

• How metrics, requirements gathering, design, and law can take security to a higher level

• The real, little-publicized history of PGP

This book includes contributions from:

• Peiter "Mudge" Zatko

• Jim Stickley

• Elizabeth Nichols

• Chenxi Wang

• Ed Bellis

• Ben Edelman

• Phil Zimmermann and Jon Callas

• Kathy Wang

• Mark Curphey

• John McManus

• James Routh

• Randy V. Sabett

• Anton Chuvakin

• Grant Geyer and Brian Dunphy

• Peter Wayner

• Michael Wood and Fernando Francisco

All royalties will be donated to the Internet Engineering Task Force (IETF).