Death of the Internet - How It May Happen and How It Can Be Stopped

Read more

Informationen zum Autor MARKUS JAKOBSSON, PhD, is Principal Scientist for Consumer Security at PayPal. He is the founder of the security startups RavenWhite and FatSkunk and has held positions at Palo Alto Research Center, RSA Laboratories, and Bell Labs. The editor of RSA's technical newsletter CryptoBytes , Dr. Jakobsson holds numerous U.S. patents, has published more than 100 articles, and authored and edited several books, including Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft (Wiley). He has been interviewed on the subjects of phishing and crimeware on NPR, BBC, and other high-profile media outlets. Klappentext A holistic look at the vast landscape of Internet security-past, present, and futureA major attack on the Internet could wreak havoc on society-bringing down telephony, banking, business, government, media, and the energy grid. This book addresses the growing threats to the Internet from different sources, offering in-depth guidance on how to combat them on both desktop and mobile platforms.Edited by a specialist in holistic security with contributions from experts in industry and academia, The Death of the Internet presents a unique, cross-disciplinary approach to Internet security. It goes beyond computer science to explore its social and psychological components, discussing politically motivated attacks, human error, and criminal tendencies. Geared to non-technical readers and experts alike, the book clearly explains the general concepts of Internet security for managers and decision-makers and provides engineers and industry professionals with detailed instructions on how to develop effective designs with security in mind. The Death of the Internet:* Covers topics of Internet security, online fraud, phishing, and malware* Explores the growing need for dedicated smartphone Internet security* Describes how security threats can result in loss of trust and advertising revenues* Outlines proven countermeasures and explains how to implement them using real-world examples* Reviews state-of-the-art research and future trends in Internet security Zusammenfassung Covering internet security, malware, phishing, and how to combat these serious and growing issues on both desktop and smart phone platforms, this book draws upon state-of-the-art research from industry and academia. The content also describes proven countermeasures using real world examples. Inhaltsverzeichnis Foreword xv Preface xvii Is the Title of this Book a Joke? xix Acknowledgments xxi Contributors xxiii Part I The Problem 1 What Could Kill the Internet? And so What? 3 2 It is About People 7 2.1 Human and Social Issues 7 Markus Jakobsson 2.1.1 Nigerian Scams 8 2.1.2 Password Reuse 9 2.1.3 Phishing 11 2.2 Who are the Criminals? 13 Igor Bulavko 2.2.1 Who are they? 13 2.2.2 Where are they? 14 2.2.3 Deep-Dive: Taking a Look at Ex-Soviet Hackers 14 2.2.4 Let's try to Find Parallels in the World we Live in 16 2.2.5 Crime and Punishment? 16 3 How Criminals Profit 19 3.1 Online Advertising Fraud 20 Nevena Vratonjic, Mohammad Hossein Manshaei, and Jean-Pierre Hubaux 3.1.1 Advertising on the Internet 20 3.1.2 Exploits of Online Advertising Systems 23 3.1.3 Click Fraud 25 3.1.4 Malvertising: Spreading Malware via Ads 31 3.1.5 Inflight Modification of Ad Traffic 32 3.1.6 Adware: Unsolicited Software Ads 34 3.1.7 Conclusion 35 3.2 Toeing the Line: Legal but Deceptive Service Offers 35 Markus Jakobsson and Ruilin Zhu 3.2.1 How Does it Work? 36 3.2.2 What do they Earn? 36 3.3 Phishing and Some Related Attacks 38 Markus Jakobsson and William Leddy 3.3.1 The P...

List of contents

Foreword xv
 
Preface xvii
 
Is the Title of this Book a Joke? xix
 
Acknowledgments xxi
 
Contributors xxiii
 
Part I The Problem
 
1 What Could Kill the Internet? And so What? 3
 
2 It is About People 7
 
2.1 Human and Social Issues 7
Markus Jakobsson
 
2.1.1 Nigerian Scams 8
 
2.1.2 Password Reuse 9
 
2.1.3 Phishing 11
 
2.2 Who are the Criminals? 13
Igor Bulavko
 
2.2.1 Who are they? 13
 
2.2.2 Where are they? 14
 
2.2.3 Deep-Dive: Taking a Look at Ex-Soviet Hackers 14
 
2.2.4 Let's try to Find Parallels in the World we Live in 16
 
2.2.5 Crime and Punishment? 16
 
3 How Criminals Profit 19
 
3.1 Online Advertising Fraud 20
Nevena Vratonjic, Mohammad Hossein Manshaei, and Jean-Pierre Hubaux
 
3.1.1 Advertising on the Internet 20
 
3.1.2 Exploits of Online Advertising Systems 23
 
3.1.3 Click Fraud 25
 
3.1.4 Malvertising: Spreading Malware via Ads 31
 
3.1.5 Inflight Modification of Ad Traffic 32
 
3.1.6 Adware: Unsolicited Software Ads 34
 
3.1.7 Conclusion 35
 
3.2 Toeing the Line: Legal but Deceptive Service Offers 35
Markus Jakobsson and Ruilin Zhu
 
3.2.1 How Does it Work? 36
 
3.2.2 What do they Earn? 36
 
3.3 Phishing and Some Related Attacks 38
Markus Jakobsson and William Leddy
 
3.3.1 The Problem is the User 38
 
3.3.2 Phishing 38
 
3.3.3 Man-in-the-Middle 39
 
3.3.4 Man-in-the-Browser 40
 
3.3.5 New Attack: Man-in-the-Screen 41
 
3.4 Malware: Current Outlook 42
 
Members of the BITS Security Working Group and staff leads Greg Rattray and Andrew Kennedy
 
3.4.1 Malware Evolution 42
 
3.4.2 Malware Supply and Demand 48
 
3.5 Monetization 53
Markus Jakobsson
 
3.5.1 There is Money Everywhere 53
 
4 How ThingsWork and Fail 57
 
4.1 Online Advertising: With Secret Security 58
Markus Jakobsson
 
4.1.1 What is a Click? 58
 
4.1.2 How Secret Filters are Evaluated 60
 
4.1.3 What do Fraudsters Know? 62
 
4.2 Web Security Remediation Efforts 63
Jeff Hodges and Andy Steingruebl
 
4.2.1 Introduction 63
 
4.2.2 The Multitude of Web Browser Security Mechanisms 64
 
4.2.3 Where do we go from Here? 75
 
4.3 Content-Sniffing XSS Attacks: XSS with Non-HTML Content 75
Juan Caballero, Adam Barth, and Dawn Song
 
4.3.1 Introduction 75
 
4.3.2 Content-Sniffing XSS Attacks 77
 
4.3.3 Defenses 84
 
4.3.4 Conclusion 89
 
4.4 Our Internet Infrastructure at Risk 89
Garth Bruen
 
4.4.1 Introduction 89
 
4.4.2 The Political Structure 90
 
4.4.3 The Domain 92
 
4.4.4 WHOIS: Ownership and Technical Records 94
 
4.4.5 Registrars: Sponsors of Domain Names 96
 
4.4.6 Registries: Sponsors of Domain Extensions 97
 
4.4.7 CCTLDs: The Sovereign Domain Extensions 99
 
4.4.8 ICANN: The Main Internet Policy Body 100
 
4.4.9 Conclusion 102
 
4.5 Social Spam 103
Dimitar Nikolov and Filippo Menczer
 
4.5.1 Introduction 103
 
4.5.2 Motivations for Spammers 105
 
4.5.3 Case Study: Spam in the GiveALink Bookmarking System 108
 
4.5.4 Web Pollution 114
 
4.5.5 The Changing Nature of Social Spam: Content Farms 116
 
4.5.6 Conclusion 117
 
4.6 Understanding CAPTCHAs and Their Weaknesses 117
Elie Bursztein
 
4.6.1 What is a Captcha? 117
 
4.6.2 Types of Captchas 118
 
4.6.3 Evaluating Captcha Attack Effecti

Report

"For those looking for a book to gain situation awareness about the dangers of the Internet, one is hard pressed to find a better title than The Death of the Internet." (Word Virus, 17 April 2013)
 
"For those looking for a book to gain situation awareness about the dangers of the Internet, one is hard pressed to find a better title than The Death of the Internet." (Slashdot, 15 April 2013)
 
"The book includes possible solutions to some of the problems, but the overwhelming appeal of this text is the awareness is provides. Summing Up: Highly recommended. Students of all levels, general readers, and professionals/practitioners." (Choice, 1 January 2012)