DOCSLIB.ORG

A Macroscopic Study of Network Security Threats at the Organizational Level

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

A Macroscopic Study of Network Security Threats at the Organizational Level by Jing Zhang A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Science and Engineering) in the University of Michigan 2015 Doctoral Committee: Associate Professor Michael Donald Bailey, UIUC, Co-Chair Professor Mingyan Liu, Co-Chair Assistant Professor J. Alex Halderman Professor Farnam Jahanian, Carnegie Mellon University Professor Brian D. Noble Professor Nicholas A. Valentino c Jing Zhang 2015 All Rights Reserved To my mother Min, my father Jianwei, and my husband Hao. ii ACKNOWLEDGEMENTS First and foremost, I’d like to thank my advisors Michael Bailey and Mingyan Liu. During my doctoral studies at the University of Michigan, they have been close advisors to me on personal, academic, and professional levels. I cannot thank Bailey enough for acting as a great mentor and friend and for providing invaluable direction for my research and life. Moreover, Mingyan inspired me with lots of valuable ideas and gave me great support especially after Bailey moved to UIUC. I want to thank the rest of my doctoral committee, including Alex Halderman, Farnam Jahanian, Brian Nobel, and Nicholas Valentino — all of whom have provided guidance and feedback for my dissertation. I’d like to especially thank Farnam, who guided me through my first steps as a graduate student and continued providing that guidance regarding the direction of my research even after he moved to other positions. I also want to express my gratitude to many people that made this dissertation possible. I’d like to thank the IT and security staff at the University, including: Paul, Will, Matt, who have been great resources in problem discussions, providing access to data, and operational advice. I am very fortunate to have worked with many experienced researchers outside of the University, who have provided data access and valuable comments throughout my doctoral study: Robin Berthier and William Sanders at University of Illinois at Urbana- Champaign, Manish Karir and Michael Kallitsis with Merit Network, Marc Eisenbarth at Arbor Networks, Paul Royal at Gatech, and Elie Bursztein at Google. I’d like to thank all of the software faculty that provide a friendly and helpful envi- ronment for the doctoral program. And I’d like to thank my friends and colleagues at the University that have not only provided support, but given me an enjoyable graduate school experience: Yunjing Xu, Jakub Czyz, Kee Shen Quah, Zakir Durumeric, Yang Liu, Shirley iii Zhe Chen, Zhen Qi, Feng Qian, Xiaoen Ju, and Huan Feng. Finally, and most importantly, I wish to thank my beloved family. This dissertation is dedicated to my mother, Min, my father, Jianwei, and my husband, Hao. I’d like to thank them for their constant support and encouragement throughout my life. iv TABLE OF CONTENTS DEDICATION ..................................... ii ACKNOWLEDGEMENTS .............................. iii LIST OF TABLES ................................... viii LIST OF FIGURES ..................................x ABSTRACT ...................................... xiii CHAPTER 1 Introduction . .1 1.1 Perspectives of Network Security Studies . .1 1.2 Overview of Thesis . .3 1.3 Main Contributions . .4 1.4 Structure of Thesis . .7 2 Characterization of IP-based Reputation Blacklists and Their Impact on An Organization’s Traffic . .8 2.1 Data Set . .9 2.2 Characterize IP-based Reputation Blacklists . 10 2.2.1 Timing . 10 2.2.2 Regional Characteristics . 11 2.2.3 Overlap . 11 2.3 Impact of IP-based Reputation . 12 2.4 Impact of Heavy Hitting IPs . 16 2.4.1 External IP Addresses . 16 2.4.2 Internal IP Addresses . 17 2.4.3 Heavy Hitter Distribution . 18 2.5 Summary . 21 3 Measuring the Longitudinal Evolution of Maliciousness at the Organization- Level ..................................... 22 3.1 Constructing Organization Maliciousness . 24 v 3.1.1 Abstraction for Organizations . 24 3.1.2 Construction . 24 3.1.3 Impact of Abstraction on Persistency and Predictability . 26 3.2 Evolution on the Magnitude of Maliciousness . 29 3.2.1 Characterizing Magnitude of Maliciousness . 29 3.2.2 Trend in Average Malicious Magnitude . 31 3.3 Dynamics in Maliciousness . 36 3.3.1 Characterizing Dynamics . 36 3.3.2 Change in Dynamics . 37 3.3.3 Dynamics v.s. Magnitude . 38 3.4 Summary . 43 4 Understanding the Relationship between Organization Maliciousness and Security Mismanagement . 44 4.1 Symptoms of Mismanagement . 45 4.1.1 Open Recursive Resolvers . 46 4.1.2 DNS Source Port Randomization . 47 4.1.3 Consistent A and PTR records . 48 4.1.4 BGP Misconfiguration . 49 4.1.5 Egress Filtering . 50 4.1.6 Untrusted HTTPS Certificates . 50 4.1.7 SMTP server relaying . 51 4.1.8 Publicly Available Out-of-Band Management Cards . 51 4.1.9 Summary and Limitations of Symptoms . 52 4.2 Mismanagement Symptoms at Autonomous System Level . 53 4.2.1 Abstracting Networks . 53 4.2.2 Distribution of Misconfigured Systems . 53 4.2.3 Correlations between Symptoms . 57 4.3 Unified Network Mismanagement Metric . 59 4.3.1 Combining Symptoms . 59 4.3.2 Geographical Distribution . 59 4.3.3 Topological Roles . 60 4.4 Mismanagement and Maliciousness . 61 4.4.1 Maliciousness of Autonomous Systems . 61 4.4.2 Are Mismanaged Networks more Malicious? . 62 4.4.3 Impact of Aggregation Type on Maliciousness Correlations 67 4.5 Limitations . 67 4.6 Summary . 68 5 Exploring the Tradeoffs of Network Takedowns . 69 5.1 Tradeoff Analysis Framework . 71 5.1.1 Network Abstraction for Takedowns . 72 5.1.2 Cost and Benefit Metrics . 73 5.1.3 Pareto Efficiency Analysis of Costs and Benefits . 75 5.2 Application . 76 vi 5.2.1 Identifying Disreputable Organizations . 77 5.2.2 Measuring the Costs and Benefits . 78 5.2.3 Pareto Efficiency Analysis . 87 5.3 Implications . 90 5.4 Summary . 92 6 Related Work . 93 6.1 Measuring security threats at the organizational level . 93 6.2 Detecting rogue organizations and Detecting threats at the organization- level ................................. 94 6.3 Mitigating solutions at the organization level . 95 6.4 Understanding security threats at the organizational level . 95 7 Conclusion and Future Work . 97 7.1 Summary of Contributions . 97 7.2 Insights and Future Work . 99 7.2.1 Granularity of organizations . 100 7.2.2 External and internal study of organizational security . 100 7.2.3 Proactive and reactive defense . 101 7.2.4 Incentive to secure networks . 102 BIBLIOGRAPHY ................................... 104 vii LIST OF TABLES Table 2.1 Blacklists data sources and attack categories. .9 2.2 Geographic distribution of IPs for each blacklist (%). Reputation black- lists in the same classes share affinity for specific geographic distributions: RIPE and APNIC dominate SPAM; ARIN and RIPE dominate phishing and malware. 11 2.3 The average % (of column) overlap between blacklists (row, column). Classes of blacklists show significant internal entry overlap, but little similarity is seen between classes. 12 2.4 Blacklist entries touched by our network traffic. 14 2.5 Distribution over TCP/UDP ports for top blacklisted external IPs. 17 2.6 Organization of blacklisted internal IP addresses. 18 2.7 Top TCP/UDP ports for traffic tainted by top 50 contributors per blacklist. 20 2.8 Service hosts in top 50 contributors for each blacklist. 20 4.1 Summary of mismanagement metrics and the third-party, public data sources used for validation . 46 4.2 Correlation coefficients and p-values between different mismanagement symptoms. There are significant correlations between different symptoms. (RED: Moderate correlation; BLUE: Weak correlation.) . 58 4.3 Correlation coefficients and p-values between mismanagement and mali- ciousness. There is a statistically significant correlation between our mis- management symptoms and maliciousness. 63 4.4 Multivariate regression with rank of mismanagement as the dependent vari- able and the four social and economic factors as independent variables. All the factors significantly influence the organization’s rank of mismanage- ment: the higher the GDP/GDP per capita, the better the management; the more the customers and peers, the worse the management. 64 4.5 Multivariate regression with rank of maliciousness as the dependent vari- able and the four social and economical factors as independent variables. The results are similar to those of mismanagement in Table 4.4. 65 viii 4.6 Multivariate regression with rank of maliciousness as the dependent vari- able, and mismanagement and the four social and economic factors as in- dependent variables. 66 4.7 Final multivariate regression model for maliciousness and mismanagement when controlled by social and economic factors. Mismanagement is a sig- nificant influencing factor for organization maliciousness when controlled by these latent variables. 66 4.8 Aggregation at BGP prefix level: Correlation coefficient and p-value be- tween mismanagement and maliciousness. 67 5.1 Summary of cost and benefit metrics. 72 5.2 Summary of datasets used in measuring costs and benefits. 73 5.3 T-tests on the difference in number of authoritative name servers between disreputable ASes and other ASes. Disreputable service providers host sig- nificantly fewer name servers than other ASes at a 95% confidence level. 81 5.4 T-tests on the difference in number of TLD queries between disreputable ASes and other ASes. Both disreputable ASes enterprise customers and service providers sent significantly more queries than other ASes at a 95% confidence level. 83 5.5 T-tests on the centrality (degree) in AS-graph between disreputable ASes and others. The disreputable service providers occupied significantly less central positions in routing topology than other providers at a 95% confi- dence level. 84 5.6 T-tests on the difference in number of update events between disreputable ASes and others. The disreputable ASes announced significantly more BGP update events than other ASes at a 95% confidence level.
Recommended publications
  • That Ain't You: Detecting Spearphishing Emails Before They

    That Ain't You: Detecting Spearphishing Emails Before They

    That Ain't You: Blocking Spearphishing Emails Before They Are Sent Gianluca Stringhinix and Olivier Thonnardz xUniversity College London z Amadeus [email protected] [email protected] Abstract 1 Introduction Companies and organizations are constantly under One of the ways in which attackers try to steal sen- attack by cybercriminals trying to infiltrate corpo- sitive information from corporations is by sending rate networks with the ultimate goal of stealing sen- spearphishing emails. This type of emails typically sitive information from the company. Such an attack appear to be sent by one of the victim's cowork- is often started by sending a spearphishing email. At- ers, but have instead been crafted by an attacker. tackers can breach into a company's network in many A particularly insidious type of spearphishing emails ways, for example by leveraging advanced malware are the ones that do not only claim to come from schemes [21]. After entering the network, attackers a trusted party, but were actually sent from that will perform additional activities aimed at gaining party's legitimate email account that was compro- access to more computers in the network, until they mised in the first place. In this paper, we pro- are able to reach the sensitive information that they pose a radical change of focus in the techniques used are looking for. This process is called lateral move- for detecting such malicious emails: instead of look- ment. Attackers typically infiltrate a corporate net- ing for particular features that are indicative of at- work, gain access to internal machines within a com- tack emails, we look for possible indicators of im- pany and acquire sensitive information by sending personation of the legitimate owners.
  • Discussion Paper Countering Spam: How to Craft an Effective Anti-Spam

    Discussion Paper Countering Spam: How to Craft an Effective Anti-Spam

    DISCUSSION PAPER COUNTERING SPAM: HOW TO CRAFT AN EFFECTIVE ANTI-SPAM LAW International Telecommunication Union This paper has been prepared for the ITU World Summit on the Information Society (WSIS) thematic workshop on Countering Spam, organized under the ITU New Initiatives Programme by the Strategy and Policy Unit (SPU). The paper was written by Matthew B. Prince, CEO and co-founder of Unspam, LLC, a Chicago-based business and government consulting company helping to draft and enforce effective anti-spam laws. He is a member of the Illinois Bar and an Adjunct Professor at the John Marshall Law School. He received his J.D. from the University of Chicago Law School and his B.A. from Trinity College, Hartford, Connecticut. For more information visit: http://www.unspam.com/. The meeting project is managed by Robert Shaw ([email protected]) and Claudia Sarrocco ([email protected]) of the Strategy and Policy Unit (SPU) and the series is organized under the overall responsibility of Tim Kelly, Head, SPU. This and the other papers in the series are edited by Joanna Goodrick. The views expressed in this paper are those of the author and do not necessarily represent those of ITU or its membership. 1 Introduction Since the first anti-spam law worldwide was passed in 1997, at least 75 governments around the world have passed anti-spam laws.1 That first anti-spam law was in fact passed at state-level in the United States, by the state of Nevada.2 The anti-spam laws in existence today take the form of so-called “opt-in” or “opt-out” regulations.
  • Characterizing Spam Traffic and Spammers

    Characterizing Spam Traffic and Spammers

    2007 International Conference on Convergence Information Technology Characterizing Spam traffic and Spammers Cynthia Dhinakaran and Jae Kwang Lee , Department of Computer Engineering Hannam University, South Korea Dhinaharan Nagamalai Wireilla Net Solutions Inc, Chennai, India, Abstract upraise of Asian power houses like China and India, the number of email users have increased tremendously There is a tremendous increase in spam traffic [15]. These days spam has become a serious problem these days [2]. Spam messages muddle up users inbox, to the Internet Community [8]. Spam is defined as consume network resources, and build up DDoS unsolicited, unwanted mail that endangers the very attacks, spread worms and viruses. Our goal is to existence of the e-mail system with massive and present a definite figure about the characteristics of uncontrollable amounts of message [4]. Spam brings spam and spammers. Since spammers change their worms, viruses and unwanted data to the user’s mode of operation to counter anti spam technology, mailbox. Spammers are different from hackers. continues evaluation of the characteristics of spam and Spammers are well organized business people or spammers technology has become mandatory. These organizations that want to make money. DDoS attacks, evaluations help us to enhance the existing technology spy ware installations, worms are not negligible to combat spam effectively. We collected 400 thousand portion of spam traffic. According to research [5] most spam mails from a spam trap set up in a corporate spam originates from USA, South Korea, and China mail server for a period of 14 months form January respectively. Nearly 80% of all spam are received from 2006 to February 2007.
  • Criminals Become Tech Savvy

    Criminals Become Tech Savvy

    Attack Trends Elias Levy, [email protected] Ivan Arce, [email protected] Criminals Become Tech Savvy n this installment of Attack Trends, I’ll look at the growing 2003 alone. Fraud schemes are usu- ELIAS LEVY ally peddled by individuals who Symantec convergence of technically savvy computer crackers with spam potential victims (www. brightmail.com/brc_fraud-stats. financially motivated criminals. Historically, most com- html), such as the Nigerian, or 419, scam (see the 419 Coalition’s Web puter crime on the Internet has not been financially moti- site at http://home.rica.net/alphae/ I 419coal/). But as the number of vated: it was the result of either curious or malicious technical fraud cases has increased, so has the public’s awareness of them; fraudsters attackers, called crackers. This changed Increasingly on the defensive, are increasingly forced to resort to as the Internet became more com- spammers are fighting back by be- more intricate schemes. mercialized and more of the public has coming more sophisticated, generat- We’re now seeing the practice of gone online. Financially motivated ing unique messages, and finding new “phishing” gaining popularity with actors in the fauna of the Internet’s open proxies or SMTP relays to send fraudsters. Using this scheme, crimi- seedy underbelly—spammers and messages and hide their true sources. nals create email messages with re- fraudsters—soon joined crackers to turn addresses, links, and branding exploit this new potential goldmine. Fraud that seem to come from trusted, Internet fraud has also become a se- well-known organizations; the hope Spam rious problem.
  • Locating Political Power in Internet Infrastructure by Ashwin Jacob

    Locating Political Power in Internet Infrastructure by Ashwin Jacob

    Where in the World is the Internet? Locating Political Power in Internet Infrastructure by Ashwin Jacob Mathew A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Information in the Graduate Division of the University of California, Berkeley Committee in charge: Professor John Chuang, Co-chair Professor Coye Cheshire, Co-chair Professor Paul Duguid Professor Peter Evans Fall 2014 Where in the World is the Internet? Locating Political Power in Internet Infrastructure Copyright 2014 by Ashwin Jacob Mathew This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.1 1The license text is available at http://creativecommons.org/licenses/by-nc-sa/4.0/. 1 Abstract Where in the World is the Internet? Locating Political Power in Internet Infrastructure by Ashwin Jacob Mathew Doctor of Philosophy in Information University of California, Berkeley Professor John Chuang, Co-chair Professor Coye Cheshire, Co-chair With the rise of global telecommunications networks, and especially with the worldwide spread of the Internet, the world is considered to be becoming an information society: a society in which social relations are patterned by information, transcending time and space through the use of new information and communications technologies. Much of the popular press and academic literature on the information society focuses on the dichotomy between the technologically-enabled virtual space of information, and the physical space of the ma- terial world. However, to understand the nature of virtual space, and of the information society, it is critical to understand the politics of the technological infrastructure through which they are constructed.
  • Opting out of Spam: a Domain Level Do-Not-Spam Registry

    Opting out of Spam: a Domain Level Do-Not-Spam Registry

    Opting Out of Spam: A Domain Level Do-Not-Spam Registry Rebecca Bolint INTRODUCTION Spain, or unsolicited commercial email,' drastically lowers the costs of advertising directly to prospective consumers by exploiting open electronic mail protocols. And it has become an obnoxious big business. Markets, norms, and technological measures 2 have all failed to change sufficiently the economics of the spain business model. Spare is clogging businesses' servers and users' inboxes, and costing too much money and time in return for too little benefit. This Note argues that despite widespread criticism, current federal spain law has in fact effectively targeted the most egregious senders. But it has also created an entitlement to send spam--one free message-before a recipient's wish to avoid spain must be honored. This reverses the entitlement set in other media and ignores consumer demand for privacy and a Do-Not-Call Registry for email. Part I of this Note describes spain, its scale, and its costs and benefits. Part II analyzes attempts to use the market and state legislation to fix the problem. It explains why these efforts failed, and why federal legislation was required. Part III outlines the successes of CAN-SPAM, the groundbreaking federal spain law, as well as the interlocking set of state laws used to combat spainmers. Part IV compares spain law to policies addressing unsolicited commercial speech in other media and proposes a policy suggested in CAN-SPAM, but ultimately overlooked: a Do-Not-Call Registry for email. This Note concludes that a Do- Not-Spain Registry balances the easy detection of a strict liability rule with the t Yale Law School, J.D.
  • Monthly Security Bulletin

    Monthly Security Bulletin

    Advanced Security Operations Center Telelink Business Services www.telelink.com Monthly Security Bulletin March 2020 This security bulletin is powered by Telelink’s Advanced Security Operations Center The modern cybersecurity threat landscape is constantly evolving. Why Advanced Security New vulnerabilities and zero-day attacks are discovered every day. The Operations Center (ASOC) by old vulnerabilities still exist. The tools to exploit these vulnerabilities are Telelink? applying more complex techniques. But are getting easier to use. • Delivered as a service, which Mitigating modern cyber threats require solutions for continuous guarantees fast implementation, monitoring, correlation, and behavior analysis that are expensive and clear responsibility in the require significant amount of time to be implemented. Moreover, many Supplier and ability to cancel the organizations struggle to hire and retain the expensive security experts contract on a monthly basis. needed to operate those solutions and provide value by defending the • Built utilizing state of the art organizations. leading vendor’s solutions. • Can be sized to fit small, The ASOC by Telelink allows organizations get visibility, control, and medium and large business recommendations on improving their security posture for a fixed and needs. predictable monthly fee. • No investment in infrastructure, team, trainings or required technology. • Flexible packages and add-ons that allow pay what you need approach. • Provided at a fraction of the cost of operating your own SOC. LITE
  • How Is E-Mail Sender Authentication Used and Misused?

    How Is E-Mail Sender Authentication Used and Misused?

    How is E-mail Sender Authentication Used and Misused? Tatsuya Mori Yousuke Takahashi NTT Service Integration Laboratories NTT Service Integration Laboratories 3-9-11 Midoricho Musashino 3-9-11 Midoricho Musashino Tokyo, Japan 180-8585 Tokyo, Japan 180-8585 [email protected] [email protected] Kazumichi Sato Keisuke Ishibashi NTT Service Integration Laboratories NTT Service Integration Laboratories 3-9-11 Midoricho Musashino 3-9-11 Midoricho Musashino Tokyo, Japan 180-8585 Tokyo, Japan 180-8585 [email protected] [email protected] ABSTRACT tive way of avoiding spam filtration. Thus, e-mail sender authen- E-mail sender authentication is a promising way of verifying the tication mechanisms have attracted attention as a promising way sources of e-mail messages. Since today’s primary e-mail sender of verifying sender identities. Large webmail service providers authentication mechanisms are designed as fully decentralized ar- such as Google have leveraged sender authentication mechanisms chitecture, it is crucial for e-mail operators to know how other or- to classify authenticated sending domains as either likely legit or ganizations are using and misusing them. This paper addresses the spammy [23]. question “How is the DNS Sender Policy Framework (SPF), which Of the several e-mail sender authentication mechanisms, we fo- is the most popular e-mail sender authentication mechanism, used cus on Sender Policy Framework (SPF) [28], which is the most and misused in the wild?” To the best of our knowledge, this is used sender authentication mechanism today [16, 26, 12, 23]. Ac- the first extensive study addressing the fundamental question.
  • Draft NIST Special Publication 800-177, Trustworthy Email

    Draft NIST Special Publication 800-177, Trustworthy Email

    This (First) DRAFT of Special Publication 800-177 document has been superceded by the following draft publication: The first draft has been attached for HISTORICAL PURPOSE – PLEASE refer to the Second Draft (see details below): Publication Number: Second Draft Special Publication 800-177 Title: Trustworthy Email Publication Date: March 2016 Second Draft Publication: http://csrc.nist.gov/publications/PubsDrafts.html#800-177 Information on other publications: http://csrc.nist.gov/publications/ The following information was posted with the attached DRAFT document: NIST requests comments on the second draft of Special Publication (SP) 800-177, Trustworthy Email. This draft is a complimentary guide to NIST SP 800-45 Guidelines on Electronic Mail Security and covers protocol security technologies to secure email transactions. This draft guide includes recommendations for the deployment of domain-based authentication protocols for email as well as end-to-end cryptographic protection for email contents. Technologies recommended in support of core Simple Mail Transfer Protocol (SMTP) and the Domain Name System (DNS) include mechanisms for authenticating a sending domain (Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain based Message Authentication, Reporting and Conformance (DMARC). Email content security is facilitated through encryption and authentication of message content using S/MIME and/or Transport Layer Security (TLS) with SMTP. This guide is written for the federal agency email administrator, information
  • QUICK LOOK • Blacklists, Also Called 'Blocklists', Are Lists of Mail Servers Or Domains That Have Been Identified by a Blacklist Provider As Being a Source of Spam

    QUICK LOOK • Blacklists, Also Called 'Blocklists', Are Lists of Mail Servers Or Domains That Have Been Identified by a Blacklist Provider As Being a Source of Spam

    QUICK LOOK • Blacklists, also called 'blocklists', are lists of mail servers or domains that have been identified by a blacklist provider as being a source of spam. • There are dozens of blacklists across the Internet; however, only a handful are considered reliable enough for widespread usage. • The criteria for appearing on blacklists are different for each list, and may be factbased or completely arbitrary, making it sometimes challenging to get removed from blacklists. • Given the unique nature of each blacklist, appearance on a blacklist may or may not present meaningful deliverability challenges. OVERVIEW A blacklist is a list of mail servers (or domains) that have been identified by an individual or group as senders of spam. Some lists are compiled automatically, while others are manually compiled by individuals. Blacklist services range from respected and formalized groups to one-man operations, sometimes self-appointed vigilantes of the email world. Both methods can be extremely arbitrary and often result in "false positives" (e.g. email desired by the recipient that does not get delivered due to filtering or blocking). There is no single reason a sender may get listed on a blacklist. In general, blacklisting services target companies perceived to be sending spam. Typically, this is because the group or individual maintaining the blacklist has received unsolicited email from the listed server. Some public groups, such as SpamCop, base their listings on the number of complaints issued from consumers. Even one complaint can cause a block to be issued. There also is no one single source for blacklists, making it difficult if not impossible to identify every blacklist currently active.

  • OPINION Security Columns Standards Book Reviews

    DECEMBER 2008 VOLUME 33 NUMBER 6 OPINION Musings 2 Rik Farrow SECURITY Masquerade: Simulating a Thousand Victims 6 Sam Small, JoShua maSon, Ryan macaRthuR, and Fabian monRoSe THE USENIX MAGAZINE SCADA: Issues, Vulnerabilities, and Future Directions 14 tim yaRdley Highly Predictive Blacklisting 21 Jian Zhang, PhilliP Porr aS, and JohanneS ullRich Investigating Argos 29 Jeffrey beRg, evan teRan, and Sam StoveR Architecture and Threat Analysis of a Campus Wireless Network 36 calvin Ardi and daniel chen CoLUMns Practical Perl Tools: This Column Is Password-Protected. 46 david n. blank-edelman Pete’s All Things Sun: The Death of Solaris 51 PeteR baeR galvin iVoyeur: You Should Write an NEB Module, Revisited 57 david JoSePhSen /dev/random 61 RobeRt g. Ferrell STANDARDs Update on Standards: Diary of a Standards Geek, Part 2 63 nick Stoughton BooK REVIEWS Book Reviews 68 eliZabeth Zwicky et al. USEniX NOTES Thanks to Our Volunteers 72 ellie young ConFERENCES Security ’08 Reports 75 WOOT ’08 Reports 99 EVT ’08 Reports 102 HotSec ’08 Reports 109 Metricon 3.0 114 The Advanced Computing Systems Association DecCovers.indd 1 11/13/08 10:36:40 AM Upcoming Events 1s t Wo r k s h o p o n t h e th e o r y a n d pr a c t i c e o f 6t h USENIX sy M p o s i um o n ne t W o r k e d sy s t e M s pr o v e n a n c e (taPP ’09) de s i g n a n d iM p l e M e n t a t i o n (NSDI ’09) Co-located with FAST ’09 Sponsored by USENIX in cooperation with ACM SIGCOMM February 23, 2009, San FranciSco, CA, uSa and ACM SIGOPS http://www.usenix.org/tapp09 april 22–24, 2009,
  • Drpjournal 5Pm S1 2011.Pdf

    Drpjournal 5Pm S1 2011.Pdf

    table of contents table of contents Digital Publishing: what we gain and what we lose 4 The Impact of Convergence Culture on News Publishing: the Shutong Wang rise of the Blogger 112 Renae Englert Making Online Pay: the prospect of the paywall in a digital and networked economy 14 The New Design of Digital Contents for Government Yi Wang Applications: new generations of citizens and smart phones applications 120 E-mail Spam: advantages and impacts in digital publishing 22 Lorena Hevia Haoyu Qian Solving the Digital Divide: how the National Broadband Net- Advertising in the new media age 32 work will impact inequality of online access in Australia Quan Quan Chen 133 Michael Roberts Twitter Theatre: notes on theatre texts and social media platforms 40 The Blurring of Roles: journalists and citizens in the new Alejandra Montemayor Loyo media landscape Nikki Bradley 145 The appearance and impacts of electronic magazines from the perspective of media production and consumption 50 Wikileaks and its Spinoffs:new models of journalism or the new Ting Xu media gatekeepers? 157 Nadeemy Chen Pirates Versus Ninjas: the implications of hacker culture for eBook publishing 60 Shannon Glass Online Library and Copyright Protection 73 Yang Guo Identities Collide: blogging blurs boundaries 81 Jessica Graham How to Use Sina Microblog for Brand Marketing 90 Jingjing Yu Inheriting the First Amendment: a comparative framing analysis of the opposition to online content regulation 99 Sebastian Dixon journal of digital research + publishing - 2011 2 journal of digital research + publishing - 2011 3 considerably, reaching nearly 23% of the level of printed book Digital Publishing: what we gain and usage.