Web Security

RSS
Sort By:

Blaster Revisited

What lessons can we learn from the carnage the Blaster worm created? The following tale is based upon actual circumstances from corporate enterprises that were faced with confronting and eradicating the Blaster worm, which hit in August 2003. The story provides views from many perspectives, illustrating the complexity and sophistication needed to combat new blended threats.

by Jim Morrison | August 31, 2004

0 comments

Network Forensics

The dictionary defines forensics as "the use of science and technology to investigate and establish facts in criminal or civil courts of law." I am more interested, however, in the usage common in the computer world: using evidence remaining after an attack on a computer to determine how the attack was carried out and what the attacker did.

by Ben Laurie | August 31, 2004

0 comments

Lack of Priority Queuing Considered Harmful

Most modern routers consist of several line cards that perform packet lookup and forwarding, all controlled by a control plane that acts as the brain of the router, performing essential tasks such as management functions, error reporting, control functions including route calculations, and adjacency maintenance. This control plane has many names; in this article it is the route processor, or RP. The route processor calculates the forwarding table and downloads it to the line cards using a control-plane bus. The line cards perform the actual packet lookup and forwarding.

by Vijay Gill | December 6, 2004

0 comments

Cybercrime:
An Epidemic

Painted in the broadest of strokes, cybercrime essentially is the leveraging of information systems and technology to commit larceny, extortion, identity theft, fraud, and, in some cases, corporate espionage. Who are the miscreants who commit these crimes, and what are their motivations? One might imagine they are not the same individuals committing crimes in the physical world. Bank robbers and scam artists garner a certain public notoriety after only a few occurrences of their crimes, yet cybercriminals largely remain invisible and unheralded. Based on sketchy news accounts and a few public arrests, such as Mafiaboy, accused of paralyzing Amazon, CNN, and other Web sites, the public may infer these miscreants are merely a subculture of teenagers.

by Team Cymru | November 10, 2006

1 comments

Criminal Code:
The Making of a Cybercriminal

NOTE: This is a fictional account of malware creators and their experiences. Although the characters are made up, the techniques and events are patterned on real activities of many different groups developing malicious software.

by Thomas Wadlow, Vlad Gorelik | November 10, 2006

0 comments

Playing for Keeps

Inflection points come at you without warning and quickly recede out of reach. We may be nearing one now. If so, we are now about to play for keeps, and “we” doesn’t mean just us security geeks. If anything, it’s because we security geeks have not worked the necessary miracles already that an inflection point seems to be approaching at high velocity.

by Daniel E. Geer | November 10, 2006

0 comments

Security in the Browser

Web browsers leave users vulnerable to an ever-growing number of attacks. Can we make them secure while preserving their usability?

by Thomas Wadlow, Vlad Gorelik | March 16, 2009

CACM This article appears in print in Communications of the ACM, Volume 52 Issue 5

0 comments

Cybercrime 2.0: When the Cloud Turns Dark

Web-based malware attacks are more insidious than ever. What can be done to stem the tide?

by Niels Provos, Moheeb Abu Rajab, Panayiotis Mavrommatis | March 20, 2009

0 comments

Browser Security:
Lessons from Google Chrome

Google Chrome developers focused on three key problems to shield the browser from attacks.

by Charles Reis, Adam Barth, Carlos Pizano | June 18, 2009

CACM This article appears in print in Communications of the ACM, Volume 52 Issue 8

6 comments

CTO Roundtable: Malware Defense

The battle is bigger than most of us realize.

by Mache Creeger | February 24, 2010

0 comments

CTO Roundtable: Malware Defense Overview

Key points from ACM's CTO Roundtable on malware defense

by Mache Creeger | February 25, 2010

1 comments

The Web Won't Be Safe or Secure until We Break It

Unless you've taken very particular precautions, assume every Web site you visit knows exactly who you are.

by Jeremiah Grossman | November 6, 2012

CACM This article appears in print in Communications of the ACM, Volume 56 Issue 1

14 comments

Browser Security Case Study: Appearances Can Be Deceiving

A discussion with Jeremiah Grossman, Ben Livshits, Rebecca Bace, and George Neville-Neil

by Jeremiah Grossman, Ben Livshits, Rebecca Bace, George Neville-Neil | November 20, 2012

1 comments

Splinternet Behind the Great Firewall of China

Once China opened its door to the world, it could not close it again.

by Daniel Anderson | November 30, 2012

4 comments

Securing the Tangled Web

Preventing script injection vulnerabilities through software design

by Christoph Kern | August 25, 2014

CACM This article appears in print in Communications of the ACM, Volume 57 Issue 9

0 comments

Certificate Transparency

Public, verifiable, append-only logs

by Ben Laurie | September 8, 2014

CACM This article appears in print in Communications of the ACM, Volume 57 Issue 10

1 comments

Why Is It Taking So Long to Secure Internet Routing?

Routing security incidents can still slip past deployed security defenses.

by Sharon Goldberg | September 11, 2014

CACM This article appears in print in Communications of the ACM, Volume 57 Issue 10

1 comments

Security Collapse in the HTTPS Market

Assessing legal and technical solutions to secure HTTPS

by Axel Arnbak, Hadi Asghari, Michel Van Eeten, Nico Van Eijk | September 23, 2014

CACM This article appears in print in Communications of the ACM, Volume 57 Issue 10

2 comments