id: Гость   вход   регистрация
текущее время 21:19 22/07/2024

Ссылки на использованные материалы

[1] Adi Shamir. Cryptography: State of the sci-

ence. ACM A. M. Turing Award Lecture, June
8 2003.
140/vstream/2002/S/s- pp/shamir_1files_

[2] Ryan Singel. PGP Creator Defends Hushmail.

Wired News Threat Level Blog, November 19
pgp- creator- def.

[3] Johnathan Nightingale. SSL Question Cor-

ner. meandering wild ly (blog), August 5
question- corner/.

[4] Joshua Sunshine, Serge Egelman, Hazim Al-

muhimedi, Neha Atri, and Lorrie F. Cranor.
Crying wolf: An empirical study of SSL warn-
ing effectiveness. In Proceedings of the 18th
Usenix Security Symposium, August 2009.

[5] Ed Felten. Web Certification Fail: Bad

Assumptions Lead to Bad Technol-
ogy. Freedom To Tinker, February 23
2010. www.freedom- to-
felten/web- certification- fail- bad-
assumptions- lead- bad- technology.

[6] Mozilla. Potentially problematic CA practices

, 2010.

[7] Microsoft Root Certificate Program, January

15 2009. us/

[8] Mozilla CA Certificate Policy (Version 1.2).

[9] Apple Root Certificate Program.

[10] Craig Spiezle. Email conversation with author,

February 15 2010.

[11] Marc Stevens, Alexander Sotirov, Jacob Appel-

baum, Arjen Lenstra, David Molnar, Dag Arne
Osvik, and Benne Weger. Short chosen-prefix
collisions for MD5 and the creation of a rogue
CA certificate. In Proceedings of the 29th An-
nual International Cryptology Conference on
Advances in Cryptology, pages 55­69, Berlin,
Heidelberg, 2009. Springer-Verlag.

[12] Marsh Ray and Steve Dispensa.

Renegotiating tls, November 4 2009. uploads/2009/

[13] Stuart E. Schechter, Rachna Dhamija, Andy

Ozment, and Ian Fischer. The emperor's new
security indicators. In SP '07: Proceedings
of the 2007 IEEE Symposium on Security and
Privacy, pages 51­65, Washington, DC, USA,
2007. IEEE Computer Society.

[14] Moxie Marlinspike. sslsniff, July 3 2009. www.

[15] Moxie Marlinspike. sslsniff, December 18


[16] Windows Root Certificate Program Members,

November 24 2009.
com/download/1/4/f/14f7067b- 69d3- 473a-
ba5e- 70d04aea5929/windows\%20root\

[17] Christopher Soghoian. Caught in the cloud:

Privacy, encryption, and government back
doors in the web 2.0 era. In Journal on
Telecommunications and High Technology Law,

[18] Declan McCullagh. Court to FBI: No spying

on in-car computers. CNET News, Novem-
ber 19 2003. 1029_3-

[19] John Markoff. Surveillance of skype messages

found in china. The New York Times, Octo-
ber 1 2008.

[20] Andrew Jacobs. China requires censorship soft-

ware on new pcs. The New York Times, June 8

[21] Christopher Soghoian. 8 Million Reasons for

Real Surveillance Oversight. Slight Paranoia
blog, December 1 2009. paranoia.dubfire.
net/2009/12/8- million- reasons- for-
real- surveillance.html.

[22] Kim Zetter. Feds `Pinged' Sprint GPS Data 8

Million Times Over a Year. Wired News Threat
Level Blog, December 1 2009.
threatlevel/2009/12/gps- data/.

[23] Packet Forensics. Export and Re-Export Re-

quirements, 2009. www.packetforensics.

[24] VeriSign. Netdiscovery service sub-

poena processing and handling, 2004.

[25] Why VeriSign.


[26] VeriSign Case Study. VeriSign helps an inno-

vative broadband telephony provider focus on
core business goals, October 16 2006. www.

[27] VeriSign. Cox communications: Complying

with CALEA regulations in a cost-effective
manner, while expanding services, 2004. www.

[28] Ken Belson. The call is cheap. the wiretap

is extra.; enlisting internet phones in the
battle against crime. The New York Times,
August 23 2004.
23/business/call- cheap- wiretap- extra-
enlisting- internet- phones- battle-
against- crime.html.

[29] Kim Zetter. Researcher: Middle East

Blackberry Update Spies on Users. Wired
News Threat Level Blog, July 14 2009.
blackberry- spies/.

[30] Chris Eng. BlackBerry Spyware Dis-

sected. Veracode: Zero in a bit, July
15 2009.
blackberry- spyware- dissected/.

[31] RIM. RIM Customer Statement Regarding

Etisalat / SS8 Software, July 19 2009.

[32] Matthieu Bussiere and Marcel Fratzscher. Low

probability, high impact: Policy making and
extreme events. Journal of Policy Modeling,
30(1):111­121, 2008.

[33] Cormac Herley. So long, and no thanks for the

externalities: the rational rejection of security
advice by users. In NSPW '09: Proceedings of
the 2009 workshop on New security paradigms
workshop, pages 133­144, September 2009.

[34] Certificate patrol, 2010.
[35] Dan Kaminsky. Email conversation with au-

thor, February 28 2010.

[36] Sam Schillace. Default https access for

Gmail. The Official Gmail Blog, January
12 2010.
default- https- access- for- gmail.html.

[37] Kai Engert. Conspiracy — A Mozilla Fire-

fox Extension, March 18 2010.

[38] Dan Wendlandt, David G. Andersen, and

Adrian Perrig. Perspectives: improving ssh-
style host authentication with multi-path prob-
ing. In ATC'08: USENIX 2008 Annual Tech-
nical Conference on Annual Technical Confer-
ence, pages 321­334, Berkeley, CA, USA, 2008.
USENIX Association.

[39] Mansoor Alicherry and Angelos D. Keromytis.

Doublecheck: Multi-path verification against
man-in-the-middle attacks. In ISCC 2009:
IEEE Symposium on Computers and Com-
munications, pages 557­563, Piscataway, NJ,
USA, 2009. IEEE.

[40] David Ahmad. Two Years of Broken Crypto:

Debian's Dress Rehearsal for a Global PKI
Compromise. IEEE Security and Privacy, 6:70­
73, September 2008.

[41] Scott Yilek, Eric Rescorla, Hovav Shacham,

Brandon Enright, and Stefan Savage. When
private keys are public: results from the 2008
Debian OpenSSL vulnerability. In Proceedings
of the 9th ACM SIGCOMM conference on In-
ternet measurement conference, pages 15­27,
New York, NY, USA, 2009. ACM.

[42] The H Security. heise SSL Guardian:

Protection against unsafe SSL certifi-
cates, July 4 2008. www.h-
security/features/Heise- SSL- Guardian-

[43] Mґrton Anka.

a SSL Blacklist 4.0, Jan-
uary 31 2010.

Назад | Оглавление

Комментариев нет [показать комментарии/форму]
Ваша оценка документа [показать результаты]
-3-2-1 0+1+2+3