Это старая редакция страницы Библиотека / Статьи / Certified Lies / References за 02/04/2010 16:34.
Ссылки на использованные материалы
[1] Adi Shamir. Cryptography: State of the sci-
8 2003. awards.acm.org/images/awards/
140/vstream/2002/S/s- pp/shamir_1files_
files/800x600/Slide8.html.
[2] Ryan Singel. PGP Creator Defends Hushmail.
2007. www.wired.com/threatlevel/2007/11/
pgp- creator- def.
[3] Johnathan Nightingale. SSL Question Cor-
2008. blog.johnath.com/2008/08/05/ssl-
question- corner/.
[4] Joshua Sunshine, Serge Egelman, Hazim Al-
Crying wolf: An empirical study of SSL warn-
ing effectiveness. In Proceedings of the 18th
Usenix Security Symposium, August 2009.
[5] Ed Felten. Web Certification Fail: Bad
ogy. Freedom To Tinker, February 23
2010. www.freedom- to- tinker.com/blog/
felten/web- certification- fail- bad-
assumptions- lead- bad- technology.
[6] Mozilla. Potentially problematic CA practices
Practices.
[7] Microsoft Root Certificate Program, January
library/cc751157.aspx.
[8] Mozilla CA Certificate Policy (Version 1.2).
certs/policy/.
[9] Apple Root Certificate Program.
ca_program.html.
[10] Craig Spiezle. Email conversation with author,
[11] Marc Stevens, Alexander Sotirov, Jacob Appel-
Osvik, and Benne Weger. Short chosen-prefix
collisions for MD5 and the creation of a rogue
CA certificate. In Proceedings of the 29th An-
nual International Cryptology Conference on
Advances in Cryptology, pages 5569, Berlin,
Heidelberg, 2009. Springer-Verlag.
[12] Marsh Ray and Steve Dispensa.
extendedsubset.com/wp- uploads/2009/
11/renegotiating_tls_20091104_pub.zip.
[13] Stuart E. Schechter, Rachna Dhamija, Andy
security indicators. In SP '07: Proceedings
of the 2007 IEEE Symposium on Security and
Privacy, pages 5165, Washington, DC, USA,
2007. IEEE Computer Society.
[14] Moxie Marlinspike. sslsniff, July 3 2009. www.
[15] Moxie Marlinspike. sslsniff, December 18
sslstrip/.
[16] Windows Root Certificate Program Members,
com/download/1/4/f/14f7067b- 69d3- 473a-
ba5e- 70d04aea5929/windows\%20root\
%20certificate\%20program\%20members.
pdf.
[17] Christopher Soghoian. Caught in the cloud:
doors in the web 2.0 era. In Journal on
Telecommunications and High Technology Law,
Forthcoming.
[18] Declan McCullagh. Court to FBI: No spying
ber 19 2003. news.cnet.com/2100- 1029_3-
5109435.html.
[19] John Markoff. Surveillance of skype messages
ber 1 2008. www.nytimes.com/2008/10/02/
technology/internet/02skype.html.
1[20] Andrew Jacobs. China requires censorship soft-
2009. www.nytimes.com/2009/06/09/world/
asia/09china.html.
[21] Christopher Soghoian. 8 Million Reasons for
blog, December 1 2009. paranoia.dubfire.
net/2009/12/8- million- reasons- for-
real- surveillance.html.
[22] Kim Zetter. Feds `Pinged' Sprint GPS Data 8
Level Blog, December 1 2009. www.wired.com/
threatlevel/2009/12/gps- data/.
[23] Packet Forensics. Export and Re-Export Re-
com/export.safe.
[24] VeriSign. Netdiscovery service sub-
www.verisign.com/stellent/groups/
public/documents/data_sheet/001928.pdf.
[25] Why VeriSign. www.verisign.com/ssl/why-
[26] VeriSign Case Study. VeriSign helps an inno-
core business goals, October 16 2006. www.
verisign.com/static/039933.pdf.
[27] VeriSign. Cox communications: Complying
manner, while expanding services, 2004. www.
verisign.com/stellent/groups/public/
documents/success_stories/002378.pdf.
[28] Ken Belson. The call is cheap. the wiretap
battle against crime. The New York Times,
August 23 2004. www.nytimes.com/2004/08/
23/business/call- cheap- wiretap- extra-
enlisting- internet- phones- battle-
against- crime.html.
[29] Kim Zetter. Researcher: Middle East
News Threat Level Blog, July 14 2009.
www.wired.com/threatlevel/2009/07/
blackberry- spies/.
[30] Chris Eng. BlackBerry Spyware Dis-
15 2009. www.veracode.com/blog/2009/07/
blackberry- spyware- dissected/.
[31] RIM. RIM Customer Statement Regarding
www.securityprivacyandthelaw.com/
uploads/file/RIM%20Statement.pdf.
[32] Matthieu Bussiere and Marcel Fratzscher. Low
extreme events. Journal of Policy Modeling,
30(1):111121, 2008.
[33] Cormac Herley. So long, and no thanks for the
advice by users. In NSPW '09: Proceedings of
the 2009 workshop on New security paradigms
workshop, pages 133144, September 2009.
[34] Certificate patrol, 2010. patrol.psyced.org/.
[35] Dan Kaminsky. Email conversation with au-
[36] Sam Schillace. Default https access for
12 2010. gmailblog.blogspot.com/2010/01/
default- https- access- for- gmail.html.
[37] Kai Engert. Conspiracy — A Mozilla Fire-
conspiracy/.
[38] Dan Wendlandt, David G. Andersen, and
style host authentication with multi-path prob-
ing. In ATC'08: USENIX 2008 Annual Tech-
nical Conference on Annual Technical Confer-
ence, pages 321334, Berkeley, CA, USA, 2008.
USENIX Association.
[39] Mansoor Alicherry and Angelos D. Keromytis.
man-in-the-middle attacks. In ISCC 2009:
IEEE Symposium on Computers and Com-
munications, pages 557563, Piscataway, NJ,
USA, 2009. IEEE.
[40] David Ahmad. Two Years of Broken Crypto:
Compromise. IEEE Security and Privacy, 6:70
73, September 2008.
[41] Scott Yilek, Eric Rescorla, Hovav Shacham,
private keys are public: results from the 2008
Debian OpenSSL vulnerability. In Proceedings
of the 9th ACM SIGCOMM conference on In-
ternet measurement conference, pages 1527,
New York, NY, USA, 2009. ACM.
[42] The H Security. heise SSL Guardian:
cates, July 4 2008. www.h- online.com/
security/features/Heise- SSL- Guardian-
746213.html.
[43] M´rton Anka.
uary 31 2010. www.codefromthe70s.org/
sslblacklist.aspx.