id: Гость   вход   регистрация
текущее время 02:02 12/12/2019
создать
просмотр
редакции
ссылки

Ссылки на использованные материалы


[1] Adi Shamir. Cryptography: State of the sci-

ence. ACM A. M. Turing Award Lecture, June
8 2003. awards.acm.org/images/awards/
140/vstream/2002/S/s- pp/shamir_1files_
files/800x600/Slide8.html.

[2] Ryan Singel. PGP Creator Defends Hushmail.

Wired News Threat Level Blog, November 19
2007. www.wired.com/threatlevel/2007/11/
pgp- creator- def.

[3] Johnathan Nightingale. SSL Question Cor-

ner. meandering wild ly (blog), August 5
2008. blog.johnath.com/2008/08/05/ssl-
question- corner/.

[4] Joshua Sunshine, Serge Egelman, Hazim Al-

muhimedi, Neha Atri, and Lorrie F. Cranor.
Crying wolf: An empirical study of SSL warn-
ing effectiveness. In Proceedings of the 18th
Usenix Security Symposium, August 2009.

[5] Ed Felten. Web Certification Fail: Bad

Assumptions Lead to Bad Technol-
ogy. Freedom To Tinker, February 23
2010. www.freedom- to- tinker.com/blog/
felten/web- certification- fail- bad-
assumptions- lead- bad- technology.

[6] Mozilla. Potentially problematic CA practices

, 2010. wiki.mozilla.org/CA:Problematic_
Practices.

[7] Microsoft Root Certificate Program, January

15 2009. technet.microsoft.com/en- us/
library/cc751157.aspx.

[8] Mozilla CA Certificate Policy (Version 1.2).

www.mozilla.org/projects/security/
certs/policy/.

[9] Apple Root Certificate Program.

www.apple.com/certificateauthority/
ca_program.html.

[10] Craig Spiezle. Email conversation with author,

February 15 2010.

[11] Marc Stevens, Alexander Sotirov, Jacob Appel-

baum, Arjen Lenstra, David Molnar, Dag Arne
Osvik, and Benne Weger. Short chosen-prefix
collisions for MD5 and the creation of a rogue
CA certificate. In Proceedings of the 29th An-
nual International Cryptology Conference on
Advances in Cryptology, pages 55­69, Berlin,
Heidelberg, 2009. Springer-Verlag.

[12] Marsh Ray and Steve Dispensa.

Renegotiating tls, November 4 2009.
extendedsubset.com/wp- uploads/2009/
11/renegotiating_tls_20091104_pub.zip.

[13] Stuart E. Schechter, Rachna Dhamija, Andy

Ozment, and Ian Fischer. The emperor's new
security indicators. In SP '07: Proceedings
of the 2007 IEEE Symposium on Security and
Privacy, pages 51­65, Washington, DC, USA,
2007. IEEE Computer Society.

[14] Moxie Marlinspike. sslsniff, July 3 2009. www.

thoughtcrime.org/software/sslsniff/.

[15] Moxie Marlinspike. sslsniff, December 18

2009. www.thoughtcrime.org/software/
sslstrip/.

[16] Windows Root Certificate Program Members,

November 24 2009. download.microsoft.
com/download/1/4/f/14f7067b- 69d3- 473a-
ba5e- 70d04aea5929/windows\%20root\
%20certificate\%20program\%20members.
pdf.

[17] Christopher Soghoian. Caught in the cloud:

Privacy, encryption, and government back
doors in the web 2.0 era. In Journal on
Telecommunications and High Technology Law,
Forthcoming.

[18] Declan McCullagh. Court to FBI: No spying

on in-car computers. CNET News, Novem-
ber 19 2003. news.cnet.com/2100- 1029_3-
5109435.html.

[19] John Markoff. Surveillance of skype messages

found in china. The New York Times, Octo-
ber 1 2008. www.nytimes.com/2008/10/02/
technology/internet/02skype.html.

[20] Andrew Jacobs. China requires censorship soft-

ware on new pcs. The New York Times, June 8
2009. www.nytimes.com/2009/06/09/world/
asia/09china.html.

[21] Christopher Soghoian. 8 Million Reasons for

Real Surveillance Oversight. Slight Paranoia
blog, December 1 2009. paranoia.dubfire.
net/2009/12/8- million- reasons- for-
real- surveillance.html.

[22] Kim Zetter. Feds `Pinged' Sprint GPS Data 8

Million Times Over a Year. Wired News Threat
Level Blog, December 1 2009. www.wired.com/
threatlevel/2009/12/gps- data/.

[23] Packet Forensics. Export and Re-Export Re-

quirements, 2009. www.packetforensics.
com/export.safe.

[24] VeriSign. Netdiscovery service sub-

poena processing and handling, 2004.
www.verisign.com/stellent/groups/
public/documents/data_sheet/001928.pdf.

[25] Why VeriSign. www.verisign.com/ssl/why-

verisign/index.html.

[26] VeriSign Case Study. VeriSign helps an inno-

vative broadband telephony provider focus on
core business goals, October 16 2006. www.
verisign.com/static/039933.pdf.

[27] VeriSign. Cox communications: Complying

with CALEA regulations in a cost-effective
manner, while expanding services, 2004. www.
verisign.com/stellent/groups/public/
documents/success_stories/002378.pdf.

[28] Ken Belson. The call is cheap. the wiretap

is extra.; enlisting internet phones in the
battle against crime. The New York Times,
August 23 2004. www.nytimes.com/2004/08/
23/business/call- cheap- wiretap- extra-
enlisting- internet- phones- battle-
against- crime.html.

[29] Kim Zetter. Researcher: Middle East

Blackberry Update Spies on Users. Wired
News Threat Level Blog, July 14 2009.
www.wired.com/threatlevel/2009/07/
blackberry- spies/.

[30] Chris Eng. BlackBerry Spyware Dis-

sected. Veracode: Zero in a bit, July
15 2009. www.veracode.com/blog/2009/07/
blackberry- spyware- dissected/.

[31] RIM. RIM Customer Statement Regarding

Etisalat / SS8 Software, July 19 2009.
www.securityprivacyandthelaw.com/
uploads/file/RIM%20Statement.pdf.

[32] Matthieu Bussiere and Marcel Fratzscher. Low

probability, high impact: Policy making and
extreme events. Journal of Policy Modeling,
30(1):111­121, 2008.

[33] Cormac Herley. So long, and no thanks for the

externalities: the rational rejection of security
advice by users. In NSPW '09: Proceedings of
the 2009 workshop on New security paradigms
workshop, pages 133­144, September 2009.

[34] Certificate patrol, 2010. patrol.psyced.org/.
[35] Dan Kaminsky. Email conversation with au-

thor, February 28 2010.

[36] Sam Schillace. Default https access for

Gmail. The Official Gmail Blog, January
12 2010. gmailblog.blogspot.com/2010/01/
default- https- access- for- gmail.html.

[37] Kai Engert. Conspiracy — A Mozilla Fire-

fox Extension, March 18 2010. kuix.de/
conspiracy/.

[38] Dan Wendlandt, David G. Andersen, and

Adrian Perrig. Perspectives: improving ssh-
style host authentication with multi-path prob-
ing. In ATC'08: USENIX 2008 Annual Tech-
nical Conference on Annual Technical Confer-
ence, pages 321­334, Berkeley, CA, USA, 2008.
USENIX Association.

[39] Mansoor Alicherry and Angelos D. Keromytis.

Doublecheck: Multi-path verification against
man-in-the-middle attacks. In ISCC 2009:
IEEE Symposium on Computers and Com-
munications, pages 557­563, Piscataway, NJ,
USA, 2009. IEEE.

[40] David Ahmad. Two Years of Broken Crypto:

Debian's Dress Rehearsal for a Global PKI
Compromise. IEEE Security and Privacy, 6:70­
73, September 2008.

[41] Scott Yilek, Eric Rescorla, Hovav Shacham,

Brandon Enright, and Stefan Savage. When
private keys are public: results from the 2008
Debian OpenSSL vulnerability. In Proceedings
of the 9th ACM SIGCOMM conference on In-
ternet measurement conference, pages 15­27,
New York, NY, USA, 2009. ACM.

[42] The H Security. heise SSL Guardian:

Protection against unsafe SSL certifi-
cates, July 4 2008. www.h- online.com/
security/features/Heise- SSL- Guardian-
746213.html.

[43] Mґrton Anka.

a SSL Blacklist 4.0, Jan-
uary 31 2010. www.codefromthe70s.org/
sslblacklist.aspx.

Назад | Оглавление


 
Комментариев нет [показать комментарии/форму]
Ваша оценка документа [показать результаты]
-3-2-1 0+1+2+3