Dr. Durant: CS-4920 Information Security: Older Readings

2014

Heartbleed Bug [discussed 2014-04-10]
- Schneier, Bruce. Heartbleed. Schneier on Security, 2014-04-09.
- Munroe, Randall. XKCD #1353, 2014-04-09.
- Goodin, Dan. Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style: OpenSSL defect still exposing sensitive data even after patch is released, Ars Technica, 2014-04-08.
- Geer, Dan. Heartbleed as Metaphor. Lawfare Blog, 2014-04-21. [added 2014-04-23]
Anderson, Ross. Security Engineering, 2nd Edition, 2008.
Ferguson, Niels, Bruce Schneier, and Tadayoshi Kohno, Cryptography Engineering: Design Principles and Practical Applications, 2010.
Maass, Peter and Megha Rajagopalan. Does Cybercrime Really Cost $1 Trillion?. ProPublica, 2012-08-01 [discussed 2014-03-18].
Cheswick, William. Rethinking Passwords. ACM Queue, 2012-12-29.
Dewar, Robert. The Apple Security Bug Could Have Been Prevented. DesignNews, 2014-03-18.
Ducklin, Paul. Boffins 'crack' HTTPS encryption in Lucky Thirteen attack. nakedsecurity, 2013-02-07. [good article on timing attacks]
Goodin, Dan. Puzzle box: The quest to crack the world's most mysterious malware warhead. Ars Technica, 2013-03-14.
Goodin, Dan. Meet badBIOS the mysterious Mac and PC malware that jumps airgaps. Ars Technica, 2013-10-31.
Green, Matthew. A Few Thoughts on Cryptographic Engineering, Cryptography Engineering Blog, 2013-09-10.
Greenberg, Andy. An Eavesdropping Lamp That Livetweets Private Conversations, Wired, 2014-04-23 [discussed 2014-04-25].
Lapsley, Phil. Phreaking Out Ma Bell. IEEE Spectrum, 2013-02.
Peck, Morgan E. Bitcoin: The Cryptoanarchists’ Answer to Cash. IEEE Spectrum, 2012-06.
Schneier, Bruce. Choosing a Secure Password. Boing Boing, 2014-02-25.
Schneier, Bruce. Security Risks of Embedded Systems. Schneier on Security, 2014-01-09 [discussed 2014-03-11].
Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World, ISBN 978-0471253112, Wiley, 2004.
Schneier, Bruce. The Vulnerabilities Market and the Future of Security. Forbes, 2012-05-30.
Schneier, Bruce. Details of the Target Credit Card Breach. Schneier on Security, 2014-03-17.
Simonite, Tom. New Approach Could Stop Websites from Leaking or Stealing Your Data. MIT Technology Review, 2014-03-25. [discussed 2014-04-01]
Smith, Richard E. Elementary Information Security. Jones and Bartlett Learning, 2012.
Stanley, Jay. Slouching toward a 'collect it all' society, Milwaukee Journal-Sentinel, 2014-02-14.
___. Difference engine: Stalking trolls, The Economist, 2014-03-08 [discussed 2014-03-25].
___. HTTPS Web Server Certificate Fingerprints, Gibson Research, retrieved 2013-04-28.
___. The NSA and cryptography: Cracked credibility, The Economist, 2013-09-14.
Biometrics (vein focus with brief overview of 5 types): http://spectrum.ieee.org/biomedical/imaging/the-biometric-wallet/0
WolframAlpha, WolframAlpha password strength analysis

2012

Bruce Schneier, Liars and Outliers: Enabling the Trust that Society Needs to Thrive, ISBN 978-1118143308, Wiley, 2012.
Gallagher, Sean. How hackers gave Subway a $3 million lesson in point-of-sale security. Ars Technica, 21 December 2011. [distributed 2012-03-07]
Valentino-DeVries, Jennifer. Security Flaws in Feds’ Radios Make for Easy Eavesdropping, Wall Street Journal, 10 August 2011. (see also Schneier blog post) [distributed 2012-03-08]
Thompson, Ken. Reflections on trusting trust, Communications of the ACM, August 1984. [distributed 2012-04-18]
O'Brien, Kevin J. Lax Security Exposes Voice Mail to Hacking, Study Says, New York Times, 26 December 2011.
Bogdanowicz, Anna. Cryptography Breakthrough Is 100th Milestone. IEEE Spectrum, 7 June 2010.
Hypponen, Mikko. Fighting viruses, defending the net, TED.com video, July 2011.
11 July 2011, IEEE Spectrum, "More cyberattacks or just more media attention?"
August, 2011, Breaking the Xilinx Virtex-II FPGA Bitstream Encryption
Stuxnet Raises 'Blowback' Risk In Cyberwar
Stanford Crypto Class
Schneier Blog Post on computer security at international borders, January 2012.
Researchers Find Flaw in an Online Encryption Method, New York Times, 15 February 2012.
NSA's Secure Android Spec, 7 March 2012

2010

Lohr, Steve. How Privacy Vanishes Online. New York Times, 16 March 2010. [distributed 2010-03-18]
Lubacz, Józef et al. Vice Over IP: The VoIP Steganography Threat. IEEE Spectrum, February 2010. [distributed 2010-03-08]
Markoff, John et al. In Digital Combat, U.S. Finds No Easy Deterrent. New York Times, 25 January 2010.
Mills, Elinor. Legal spying via the cell phone system. cnet news, 21 April 2010. [distributed 2010-04-22]
Robertson, Jordan. 'Smart' meters plagued with serious security holds that threaten power grid. Chicago Tribune, 26 March 2010. [distributed 2010-03-29]
Schneier, Bruce, Schneier on Security, ISBN 978-0470395356, Wiley, 2008.
Sniffen, Michael J. Feds' e-mail botch earns a raspberry. MSNBC.com, 12 March 2010. [distributed 2010-03-18]
Waters, John K. RSA Wrap-Up: Feds Push Greater Security Awareness. MCP Magazine, 8 March 2010. [distributed 2010-03-10]

2008

Adee, Sally. The Hunt for the Kill Switch. IEEE Spectrum, May 2008.
Greene, Tim. Experts hack power grid in no time. Network World, 9 April 2008.
Rice, David. Geekonomics: The Real Cost Of Insecure Software, ISBN 0-321-47789-8, Addison Wesley, 2007.
Seacord, Robert et al. Top 10 Secure Coding Practices. CERT, 27 March 2008 et seq.
Schneier, Bruce. Inside the Twisted Mind of the Security Professional. Wired, 20 March 2008.

2007

Foster, Kenneth R. and Jaeger, Jan. RFID inside: The murky ethics of implanted chips. IEEE Spectrum, Vol. 44, no. 3 (NA), March 2007, pp. 24-29.
Gores, Paul. Bank scam linked to Spain. Milwaukee Journal Sentinel, Tuesday 27 November 2007, pp. 1D, 6D.
Graafstra, Amal. Hands On: How Radio-Frequency and I got personal. IEEE Spectrum, Vol. 44, no. 3 (NA), March 2007, pp. 18-23.
Harper, Jim. Identity Crisis: How Identification Is Overused and Misunderstood, ISBN 1930865856, Cato Institute, 2006.
Solove, Daniel J., "I've Got Nothing to Hide" and Other Misunderstandings of Privacy. San Diego Law Review, Vol. 44, 2007.