THE DEATH OF THE INTERNET -- Contents -- Foreword -- Preface -- Is the Title of this Book a Joke? -- Acknowledgments -- Contributors -- Part I The Problem -- 1 What Could Kill the Internet? And so What? -- 2 It is About People -- 2.1 Human and Social Issues -- 2.1.1 Nigerian Scams -- 2.1.2 Password Reuse -- 2.1.3 Phishing -- 2.2 Who are the Criminals? -- 2.2.1 Who are they? -- 2.2.2 Where are they? -- 2.2.3 Deep-Dive: Taking a Look at Ex-Soviet Hackers -- 2.2.4 Let's try to Find Parallels in the World we Live in -- 2.2.5 Crime and Punishment? -- 3 How Criminals Profit -- 3.1 Online Advertising Fraud -- 3.1.1 Advertising on the Internet -- 3.1.1.1 Ad serving architecture -- 3.1.1.2 Targeted advertising -- 3.1.1.3 Revenue models -- 3.1.2 Exploits of Online Advertising Systems -- 3.1.2.1 Adversary -- 3.1.2.2 Ad Fraud -- 3.1.3 Click Fraud -- 3.1.3.1 Case study: advertisers scammed by porn sites -- 3.1.3.2 Countermeasures to fight click fraud -- 3.1.4 Malvertising: Spreading Malware via Ads -- 3.1.4.1 Countermeasures to fight malvertising -- 3.1.5 Inflight Modification of Ad Traffic -- 3.1.5.1 Countermeasures to fight inflight modification of ad traffic -- 3.1.6 Adware: Unsolicited Software Ads -- 3.1.6.1 Countermeasures to fight adware -- 3.1.7 Conclusion -- 3.2 Toeing the Line: Legal but Deceptive Service Offers -- 3.2.1 How Does it Work? -- 3.2.2 What do they Earn? -- 3.3 Phishing and Some Related Attacks -- 3.3.1 The Problem is the User -- 3.3.2 Phishing -- 3.3.3 Man-in-the-Middle -- 3.3.4 Man-in-the-Browser -- 3.3.5 New Attack: Man-in-the-Screen -- 3.4 Malware: Current Outlook -- 3.4.1 Malware Evolution -- 3.4.1.1 Malware categories -- 3.4.1.2 Malware example -- 3.4.1.3 Polymorphic malware -- 3.4.2 Malware Supply and Demand -- 3.4.2.1 The malware industry -- 3.4.2.2 Malware supply chain -- 3.5 Monetization -- 3.5.1 There is Money Everywhere.

4 How Things Work and Fail -- 4.1 Online Advertising: With Secret Security -- 4.1.1 What is a Click? -- 4.1.2 How Secret Filters are Evaluated -- 4.1.2.1 Third-party click scoring -- 4.1.2.2 Ad network check: new filter, old clicks -- 4.1.2.3 Ad network check: old filter, new clicks -- 4.1.3 What do Fraudsters Know? -- 4.2 Web Security Remediation Efforts -- 4.2.1 Introduction -- 4.2.2 The Multitude of Web Browser Security Mechanisms -- 4.2.2.1 Web browser-based built-in security mechanisms -- 4.2.2.2 Selectively invocable browser-based security mechanisms -- 4.2.2.3 Advanced browser-based web security mechanisms -- 4.2.3 Where do we go from Here? -- 4.3 Content-Sniffing XSS Attacks: XSS with Non-HTML Content -- 4.3.1 Introduction -- 4.3.2 Content-Sniffing XSS Attacks -- 4.3.2.1 Content-sniffing -- 4.3.2.2 A detailed view of content-sniffing XSS attacks -- 4.3.2.3 Why do mismatches happen? -- 4.3.2.4 Finding content-sniffing XSS attacks -- 4.3.2.5 Example 1: Under the hood of the HotCRP attack -- 4.3.2.6 Example 2: An attack on wikipedia -- 4.3.3 Defenses -- 4.3.3.1 Server-side defenses -- 4.3.3.2 Secure content-sniffing -- 4.3.3.3 Adoption -- 4.3.4 Conclusion -- 4.4 Our Internet Infrastructure at Risk -- 4.4.1 Introduction -- 4.4.2 The Political Structure -- 4.4.3 The Domain -- 4.4.4 WHOIS: Ownership and Technical Records -- 4.4.5 Registrars: Sponsors of Domain Names -- 4.4.6 Registries: Sponsors of Domain Extensions -- 4.4.7 CCTLDs: The Sovereign Domain Extensions -- 4.4.8 ICANN: The Main Internet Policy Body -- 4.4.9 Conclusion -- 4.5 Social Spam -- 4.5.1 Introduction -- 4.5.2 Motivations for Spammers -- 4.5.3 Case Study: Spam in the GiveALink Bookmarking System -- 4.5.3.1 Supervised learning applied to spam detection -- 4.5.3.2 Unit of spam -- 4.5.3.3 Detection features -- 4.5.3.4 System evaluation -- 4.5.4 Web Pollution.

4.5.5 The Changing Nature of Social Spam: Content Farms -- 4.5.6 Conclusion -- 4.6 Understanding CAPTCHAs and Their Weaknesses -- 4.6.1 What is a Captcha? -- 4.6.2 Types of Captchas -- 4.6.3 Evaluating Captcha Attack Effectiveness -- 4.6.4 Design of Captchas -- 4.6.4.1 Unusable captchas -- 4.6.4.2 Case study: designing a text-based captcha scheme -- 4.6.4.3 Case study: designing an audio captcha scheme -- 4.6.5 Automated Attacks -- 4.6.5.1 The old Microsoft text captchas -- 4.6.5.2 TheYahoo audio captcha case -- 4.6.5.3 The ASIRRA captcha case -- 4.6.6 Crowd-Sourcing: Using Humans to Break Captchas -- 4.6.6.1 Hiring human solvers -- 4.6.6.2 Tricking human solvers -- 4.6.6.3 Coercing human solvers -- 4.7 Security Questions -- 4.7.1 Overview -- 4.7.1.1 Threats -- 4.7.1.2 An overview of fallback authentication -- 4.7.2 Vulnerabilities -- 4.7.2.1 Security versus usability -- 4.7.2.2 Estimating vulnerability -- 4.7.3 Variants and Possible Defenses -- 4.7.3.1 Alternative forms of questions -- 4.7.3.2 User-chosen questions -- 4.7.3.3 Questions with secret answers -- 4.7.4 Conclusion -- 4.8 Folk Models of Home Computer Security -- 4.8.1 The Relationship Between Folk Models and Security -- 4.8.1.1 Common elements of all folk models -- 4.8.2 Folk Models of Viruses and Other Malware -- 4.8.2.1 Virus model 1: viruses are generically "bad" -- 4.8.2.2 Virus model 2: viruses are buggy software -- 4.8.2.3 Virus model 3: viruses cause mischief -- 4.8.2.4 Virus model 4: viruses support crime -- 4.8.2.5 Multiple types of viruses -- 4.8.3 Folk Models of Hackers and Break-Ins -- 4.8.3.1 Hacker model 1: hackers are digital graffiti artists -- 4.8.3.2 Hacker model 2: hackers are opportunistic burglars -- 4.8.3.3 Hacker model 3: hackers are criminals who target big fish -- 4.8.3.4 Hacker model 4: hackers are contractors who support criminals.

4.8.3.5 Multiple types of hackers -- 4.8.4 Following Security Advice -- 4.8.4.1 Antivirus use -- 4.8.4.2 Other security software -- 4.8.4.3 Email security -- 4.8.4.4 Web browsing -- 4.8.4.5 Computer maintenance -- 4.8.5 Lessons Learned -- 4.9 Detecting and Defeating Interception Attacks Against SSL -- 4.9.1 Introduction -- 4.9.2 Certificate Authorities and the Browser Vendors -- 4.9.2.1 Certificate Authorities -- 4.9.2.2 Man-in-the-middle -- 4.9.3 Big Brother in the Browser -- 4.9.4 Compelled Assistance -- 4.9.5 Surveillance Appliances -- 4.9.6 Protecting Users -- 4.9.6.1 Design motivations -- 4.9.6.2 Country-based trust -- 4.9.6.3 Only blocking bad certificates -- 4.9.6.4 Implementation details -- 4.9.7 Threat Model Analysis -- 4.9.7.1 Why sites should consider the country of the CA they use -- 4.9.8 Related Work -- 4.9.9 Conclusion -- 5 The Mobile Problem -- 5.1 Phishing on Mobile Devices -- 5.1.1 The Mobile Phishing Threat -- 5.1.1.1 User interfaces on mobile devices -- 5.1.1.2 Mobile security measures -- 5.1.1.3 Application control transfers -- 5.1.2 Common Control Transfers -- 5.1.2.1 Mobile Sender => MobileTarget -- 5.1.2.2 Mobile Sender => WebTarget -- 5.1.2.3 Web Sender => MobileTarget -- 5.1.2.4 Web Sender => WebTarget -- 5.1.3 Phishing Attacks -- 5.1.3.1 Mobile Sender => MobileTarget -- 5.1.3.2 Mobile Sender => WebTarget -- 5.1.4 Web Sender => Mobile Target -- 5.1.4.1 Direct attack -- 5.1.4.2 Man-in-the-middle -- 5.1.5 Web Sender => Web Target -- 5.1.5.1 Direct attack -- 5.1.5.2 Man-in-the-middle -- 5.1.6 Attack Prevention -- 5.2 Why Mobile Malware will Explode -- 5.2.1 Nineteen Eighty-Six: When it all Started -- 5.2.2 A Glimpse of Users -- 5.2.3 Why Market Size Matters -- 5.2.4 Financial Trends -- 5.2.5 Mobile Malware Outlook -- 5.3 Tapjacking: Stealing Clicks on Mobile Devices -- 5.3.1 Framing Attacks -- 5.3.1.1 Defenses.

5.3.1.2 Framing attacks on mobile websites -- 5.3.1.3 Lessons -- 5.3.2 Phone Tapjacking -- 5.3.2.1 Tapjacking the iPhone web browser -- 5.3.2.2 Other mobile browsers -- 5.3.3 Framing Facebook -- 5.3.4 Summary and Recommendations -- 6 The Internet and the Physical World -- 6.1 Malware-Enabled Wireless Tracking Networks -- 6.1.1 Introduction -- 6.1.2 The Anatomy of a Modern Smartphone -- 6.1.3 Mobile Tracking Networks: A Threat to Smartphones -- 6.1.3.1 Tracking network scenarios -- 6.1.3.2 An overview of the 802.11 wireless standard -- 6.1.3.3 The design and implementation of a WiFi-based tracking network -- 6.1.3.4 Methodology for Evaluating Effectiveness ofTracking Networks -- 6.1.3.5 Performance results -- 6.1.3.6 The UDelModels simulator -- 6.1.3.7 Defending against mobile location tracking networks -- 6.1.4 Conclusion -- 6.2 Social Networking Leaks -- 6.2.1 Introduction -- 6.2.2 Motivations for Using Social Networking Sites -- 6.2.3 Trust and Privacy -- 6.2.4 Known Issues -- 6.2.5 Case Study: Social Networking Leaks in the Physical World -- 6.2.5.1 Experiment -- 6.2.5.2 Technical details -- 6.2.5.3 Analysis and potential misuse -- 6.2.5.4 Potential uses -- 6.3 Abuse of Social Media and Political Manipulation -- 6.3.1 The Rise of Online Grassroots Political Movements -- 6.3.2 Spam and Astroturfing -- 6.3.3 Deceptive Tactics -- 6.3.3.1 Centrally and computer controlled accounts -- 6.3.3.2 Content injection -- 6.3.3.3 Followback groups -- 6.3.4 The Truthy System for Astroturf Detection -- 6.3.4.1 Data collection -- 6.3.4.2 Detection of astroturf -- 6.3.5 Discussion -- Part II Thinking About Solutions -- 7 Solutions to the Problem -- 7.1 When and How to Authenticate -- 7.1.1 Problem Description -- 7.1.2 Use Cases -- 7.1.2.1 Lost/stolen device -- 7.1.2.2 Primary factor authentication -- 7.1.2.3 Secondary factor authentication.

7.1.2.4 Collective authentication.