Front Matter
 Part I The Problem
  Chapter 1 What Could Kill the Internet? And so What?
  Chapter 2 It is About People
   2.1 Human and Social Issues——arkus Jakobsson
    2.1.1 Nigerian Scams
    2.1.2 Password Reuse
    2.1.3 Phishing
   2.2 Who are the Criminals? —— Igor Bulavko
    2.2.1 Who are they?
    2.2.2 Where are they?
    2.2.3 Deep-Dive: Taking a Look at Ex-Soviet Hackers
    2.2.4 Let’s try to Find Parallels in the World we Live in
    2.2.5 Crime and Punishment?
  Chapter 3 How Criminals Profit
   3.1 Online Advertising Fraud——Nevena Vratonjic, Mohammad Hossein Manshaei, and Jean-Pierre Hubaux
    3.1.1 Advertising on the Internet
    3.1.2 Exploits of Online Advertising Systems
    3.1.3 Click Fraud
    3.1.4 Malvertising: Spreading Malware via Ads
    3.1.5 Inflight Modification of Ad Traffic
    3.1.6 Adware: Unsolicited Software Ads
    3.1.7 Conclusion
   3.2 Toeing the Line: Legal but Deceptive Service Offers ——Markus Jakobsson and Ruilin Zhu
    3.2.1 How Does it Work?
    3.2.2 What do they Earn?
   3.3 Phishing and Some Related Attacks—— Markus Jakobsson and William Leddy
    3.3.1 The Problem is the User
    3.3.2 Phishing
    3.3.3 Man-in-the-Middle
    3.3.4 Man-in-the-Browser
    3.3.5 New Attack: Man-in-the-Screen
   3.4 Malware: Current Outlook——Members of the BITS Security Working Group and staff leads Greg Rattray nd Andrew Kennedy
    3.4.1 Malware Evolution
    3.4.2 Malware Supply and Demand
   3.5 Monetization——Markus Jakobsson
  Chapter 4 How ThingsWork and Fail
   4.1 Online Advertising: With Secret Security—— Markus Jakobsson
    4.1.1 What is a Click?
    4.1.2 How Secret Filters are Evaluated
    4.1.3 What do Fraudsters Know?
   4.2 Web Security Remediation Efforts——Jeff Hodges and Andy Steingruebl
    4.2.1 Introduction
    4.2.2 The Multitude of Web Browser Security Mechanisms
    4.2.3 Where do we go from Here?
   4.3 Content-Sniffing XSS Attacks: XSS with Non-HTML Content——Juan Caballero, Adam Barth, and Dawn Song
    4.3.1 Introduction
    4.3.2 Content-Sniffing XSS Attacks
    4.3.3 Defenses
    4.3.4 Conclusion
   4.4 Our Internet Infrastructure at Risk——Garth Bruen
    4.4.1 Introduction
    4.4.2 The Political Structure
    4.4.3 The Domain
    4.4.4 WHOIS: Ownership and Technical Records
    4.4.5 Registrars: Sponsors of Domain Names
    4.4.6 Registries: Sponsors of Domain Extensions
    4.4.7 CCTLDs: The Sovereign Domain Extensions
    4.4.8 ICANN: The Main Internet Policy Body
    4.4.9 Conclusion
   4.5 Social Spam——Dimitar Nikolov and Filippo Menczer
    4.5.1 Introduction
    4.5.2 Motivations for Spammers
    4.5.3 Case Study: Spam in the GiveALink Bookmarking System
    4.5.4 Web Pollution
    4.5.5 The Changing Nature of Social Spam: Content Farms
    4.5.6 Conclusion
   4.6 Understanding CAPTCHAs and Their Weaknesses——Elie Bursztein
    4.6.1 What is a Captcha?
    4.6.2 Types of Captchas
    4.6.3 Evaluating Captcha Attack Effectiveness
    4.6.4 Design of Captchas
    4.6.5 Automated Attacks
    4.6.6 Crowd-Sourcing: Using Humans to Break Captchas
   4.7 Security Questions——Ariel Rabkin
    4.7.1 Overview
    4.7.2 Vulnerabilities
    4.7.3 Variants and Possible Defenses
    4.7.4 Conclusion
   4.8 Folk Models of Home Computer Security——Rick Wash and Emilee Rader
    4.8.1 The Relationship Between Folk Models and Security
    4.8.2 Folk Models of Viruses and Other Malware
    4.8.3 Folk Models of Hackers and Break-Ins
    4.8.4 Following Security Advice
    4.8.5 Lessons Learned
   4.9 Detecting and Defeating Interception Attacks Against SSL——Christopher Soghoian and Sid Stamm
    4.9.1 Introduction
    4.9.2 Certificate Authorities and the Browser Vendors
    4.9.3 Big Brother in the Browser
    4.9.4 Compelled Assistance
    4.9.5 Surveillance Appliances
    4.9.6 Protecting Users
    4.9.7 Threat Model Analysis
    4.9.8 Related Work
    4.9.9 Conclusion
  Chapter 5 The Mobile Problem
   5.1 Phishing on Mobile Devices——Adrienne Porter Felt and David Wagner
    5.1.1 The Mobile Phishing Threat
    5.1.2 Common Control Transfers
    5.1.3 Phishing Attacks
    5.1.4 Web Sender)Mobile Target
    5.1.5 Web Sender)Web Target
    5.1.6 Attack Prevention
   5.2 Why Mobile Malware will Explode——Markus Jakobsson and Mark Grandcolas
    5.2.1 Nineteen Eighty-Six: When it all Started
    5.2.2 A Glimpse of Users
    5.2.3 Why Market Size Matters
    5.2.4 Financial Trends
    5.2.5 Mobile Malware Outlook
   5.3 Tapjacking: Stealing Clicks on Mobile Devices——Gustav Rydstedt, Baptiste Gourdin, Elie Bursztein, and Dan Boneh
    5.3.1 Framing Attacks
    5.3.2 Phone Tapjacking
    5.3.3 Framing Facebook
    5.3.4 Summary and Recommendations
  Chapter 6 The Internet and the PhysicalWorld
   6.1 Malware-Enabled Wireless Tracking Networks——Nathaniel Husted and Steven Myers
    6.1.1 Introduction
    6.1.2 The Anatomy of a Modern Smartphone
    6.1.3 Mobile Tracking Networks: A Threat to Smartphones
    6.1.4 Conclusion
   6.2 Social Networking Leaks——Mayank Dhiman and Markus Jakobsson
    6.2.1 Introduction
    6.2.2 Motivations for Using Social Networking Sites
    6.2.3 Trust and Privacy
    6.2.4 Known Issues
    6.2.5 Case Study: Social Networking Leaks in the Physical World
   6.3 Abuse of Social Media and Political Manipulation——Bruno Gonc¸alves, Michael Conover, and Filippo Menczer
    6.3.1 The Rise of Online Grassroots Political Movements
    6.3.2 Spam and Astroturfing
    6.3.3 Deceptive Tactics
    6.3.4 The Truthy System for Astroturf Detection
    6.3.5 Discussion
 Part II Thinking About Solutions
  Chapter 7 Solutions to the Problem
   7.1 When and How to Authenticate——Richard Chow, Elaine Shi, Markus Jakobsson, Philippe Golle, Ryusuke Masuoka,Jesus Molina, Yuan Niu, and Jeff Song
    7.1.1 Problem Description
    7.1.2 Use Cases
    7.1.3 System Architecture
    7.1.4 User Privacy
    7.1.5 Machine Learning/Algorithms
    7.1.6 User Study
   7.2 Fastwords: Adapting Passwords to Constrained Keyboards——Markus Jakobsson and Ruj Akavipat
    7.2.1 The Principles Behind Fastwords
    7.2.2 Basic Feature Set
    7.2.3 Extended Feature Set
    7.2.4 Sample Stories and Frequencies
    7.2.5 Recall Rates
    7.2.6 Security Analysis
    7.2.7 The Security of Passwords
    7.2.8 Entry Speed
    7.2.9 Implementation of Fastword Entry
    7.2.10 Conclusion
   7.3 Deriving PINs from Passwords——Markus Jakobsson and Debin Liu
    7.3.1 Introduction
    7.3.2 A Brief Discussion of Passwords
    7.3.3 How to Derive PINs from Passwords
    7.3.4 Analysis of Passwords and Derived PINs
    7.3.5 Security Analysis
    7.3.6 Usability Experiments
   7.4 Visual Preference Authentication——Yuan Niu, Markus Jakobsson, Gustav Rydstedt, and Dahn Tamir
    7.4.1 Password Resets
    7.4.2 Security Questions Aren’t so Secure
    7.4.3 What is Visual Preference-Based Authentication
    7.4.4 Evaluating Visual Preference-Based Authentication
    7.4.5 Case Study: Visual Blue Moon Authentication
    7.4.6 Conclusion
   7.5 The Deadly Sins of Security User Interfaces——Nathan Good
    7.5.1 Security Applications with Frustrating User Interfaces
    7.5.2 The Four Sins of Security Application User Interfaces
    7.5.3 Consumer Choice: A Security Bugbear
    7.5.4 Security by Verbosity
    7.5.5 Walls of Checkboxes
    7.5.6 All or Nothing Switch
    7.5.7 Conclusion
   7.6 SpoofKiller—Let’s Kiss Spoofing Goodbye!——Markus Jakobsson and William Leddy
    7.6.1 A Key to the Solution: Interrupts
    7.6.2 Why can the User Log in to Good Sites, but not Bad Ones?
    7.6.3 What About Sites that are Good ...but not Certified Good?
    7.6.4 SpoofKiller: Under the Hood
    7.6.5 Say we Implement SpoofKiller—then What?
   7.7 Device Identification and Intelligence——Ori Eisen
    7.7.1 1995—2001: The Early Years of Device Identification
    7.7.2 2001—2008: Tagless Device Identification Begins
    7.7.3 2008—Present: Private Browsing and Beyond
   7.8 How can we Determine if a Device is Infected or not?——Aur´elien Francillon, Markus Jakobsson, and Adrian Perrig
    7.8.1 Why Detection is Difficult
    7.8.2 Setting up an Isolated Environment
    7.8.3 What Could go Wrong?
    7.8.4 Brief Comparison with TrustZone
    7.8.5 Summary
  Chapter 8 The Future
   8.1 Security Needs the Best User Experience Hampus Jakobsson
    8.1.1 How the User Won Over Features
    8.1.2 So How Come the iPhone Became so Successful?
    8.1.3 A World of Information Anywhere
    8.1.4 Midas’ Touch Screens
    8.1.5 New Input, New Opportunities
    8.1.6 Zero-Click and Real-Life User Interfaces
    8.1.7 Privacy and User Interfaces
    8.1.8 It all Comes Together
   8.2 Fraud and the Future——Markus Jakobsson
 References
 Index