&tstart=0.
Herley, Cormac. «So long, and no thanks for the externalities: the rational rejection of security advice by users». Proceedings of the 2009 workshop on New security paradigms workshop. 2009.
Hoglund, Greg, and Gary McGraw. Exploiting software: How to break code. Addison-Wesley Professional. 2004.
Hutchins, Eric M., Michael J. Cloppert, Rohan M. Amin. «Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains». Lockheed Martin. 2010. www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf.
Inskeep, Steve. «U.S. Sanctions Cut Off Iranians’ Access To Medicine, Iran Says». National Public Radio. August 21, 2019. kuow.org/stories/u-s-sanctions-cut-off-iranians-access-to-medicine-iran-says.
IEEE. Avoiding the Top 10 Software Security Design Flaws. IEEE Cyber security blog. November 13, 2015. cybersecurity.ieee.org/blog/2015/11/13/avoiding-the-top-10-security-flaws.
Irwin, William. The Ultimate Star Wars and Philosophy: You Must Unlearn What You Have Learned. John Wiley & Sons. 2015.
Kocher, Paul C.Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In N. Koblitz, editor, Advances in Cryptology – CRYPTO ’96, 16th Annual International Cryptology Conference. Santa Barbara, California, USA. August 18–22, 1996. Proceedings, number 1109 in Lecture Notes in Computer Science, pages 104–113. Springer. 1996.
Kührer, M., Hupperich, T., Rossow, C., & Holz, T. (n.d.). Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks.
Lakshmanan, Ravie. Warning: PyPI Feature Executes Code Automatically After Python Package Download. The Hacker News. September 2, 2022. thehackernews.com/2022/09/warning-pypi-feature-executes-code.html.
Lamport, Leslie. Learning TLA+. Last modified December 23, 2021. lamport.azurewebsites.net/tla/learning.html.
Lawrence, Eric. «DLL Hijacking Just Won’t Die». Blog post. 2025. text-slashplain.com/2015/12/18/dll-hijacking-just-wont-die.
Lawrence, Eric. «Web-to-App Communication: App Protocols». August 29, 2019. textslashplain.com/2019/08/29/web-to-app-communication-app-protocols.
Levick, Ryan, Sebastian Fernandez. We need a safer systems programming language. Microsoft blog. July 18, 2019. msrc-blog.microsoft.com/2019/07/18/we-need-a-safer-systems-programming-language, listverse.com/2007/12/17/top-10-scientific-mnemonics.
Lauinger, Tobias, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, and Engin Kirda. «Thou shalt not depend on me: Analysing the use of out-dated javascript libraries on the web». arXiv preprint arXiv:1811.00918. 2018.
Laurie, Ben and Richard Clayton. «Proof-of-work proves not to work; version 0.2». In Workshop on Economics and Information, Security. 2004. www.cl.cam.ac.uk/~rnc1/proofwork2.pdf.
Logitech. «Update: We Will Replace Your Logitech Harmony Links». Logitech Blog. November 9, 2017.
Lucas, George. The Hidden Fortress. Criterion Collection, Bonus Material. 2016. Accessed at www.youtube.com/watch?v=TEJ6CzG9zVc.
Lyon, Andrew W., Kelsey Delayen, Randy Reddekopp. «No Lab Tests». When You Are Born in The Twilight Zone: A Clinical Informatics Case Report. The Journal of Applied Laboratory Medicine, jfaa080. doi.org/10.1093/jalm/jfaa080 as summarized by Paul Eggert in RISKS 32.16., July 30, 2020. cat-less.ncl.ac.uk/Risks/32/16/#subj12.1.
Lyon, Gordon «Fyodor». Nmap Network Scanning. Nmap project. January 1, 2009. nmap.org/book/osdetect-methods.html.
Lysne, Olav. The Huawei and Snowden Questions. Springer. 2018.
Maddison, D. R. and K.-S. Schulz, (eds.). The Tree of Life Web Project. 2007. tolweb.org/Homo/16418.
Marchette, David J. Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. Germany. Springer New York. 2013.
Marshall, John. What Are the Odds of Successfully Navigating an Asteroid Field? Scientific American. August 5, 2015. www.scientificamerican.com/article/what-are-the-odds-of-successfully-navigating-an-asteroid-field.
Mastercard. Test Card Numbers. 2020. www.simplify.com/commerce/docs/testing/test-card-numbers.
Mazegen. X86 Opcode and Instruction Reference Home. ref.x86asm.net/index.html, and ref.x86asm.net/coder32.html. February 18, 2017.
McCarthy, K. Unbreakable smart lock devastated to discover screwdrivers exist. The Register. June 15, 2018. www.theregister.com/2018/06/15/taplock_broken_screwdriver/?page=2.
McCulloch, Gretchen. Because Internet. Riverhead Books. 2019.
McKenna, Chris. 12 Ingenious iOS Screen Time Hacks. Protect Young Eyes. October 4, 2019. protectyoungeyes.com/12-ingenious-screen-time-hacks-how-to-beat-them.
Meidinger, Chris. «The Phishing Kill Chain». Blog post, Agari Email Security Blog. August 5, 2014. www.agari.com/email-security-blog/ phishing-kill-chain.
Meghu, Kellman. How NOT To Do Security: Lessons Learned From The Galactic Empire. BSides San Fransicso. 2012.
Microsoft, 2011 Microsoft. «Ten Immutable Laws Of Security (Version 2.0)». 2011. web.archive.org/web/20170606182438/technet.microsoft.com/en-us/library/hh278941.aspx?f=255&MSPPError=-2147217396.
Microsoft. «Auditing Security Events». March 30, 2017. docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/auditing-security-events.
Microsoft. «Audit Policy Recommendations». May 30, 2017. docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations.
Microsoft. 2018a Microsoft. «App Capability declarations». November 25, 2018. docs.microsoft.com/en-us/windows/uwp/packaging/app-capability-declarations.
Microsoft. 2018b [Netuseradd]. «NetUserAdd function». April 12, 2018. docs.microsoft.com/en-us/windows/desktop/api/Lmaccess/nf-lmaccess-netuseradd.
Microsoft. 2018c Microsoft. «Open files and folders with a picker». December 18, 2018. docs.microsoft.com/en-us/windows/uwp/files/quickstart-using-file-and-folder-pickers.
Microsoft. 2018d Microsoft. «Security Boundaries». May 30, 2018. docs.microsoft.com/en-us/windows/desktop/cossdk/security-boundaries.
Microsoft. «What is a User?». May 30, 2018. docs.microsoft.com/en-us/windows/desktop/ad/what-is-a-user.
Microsoft. 2020a Microsoft. «Privilege Constants». docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, last visited March 28, 2020.
Microsoft. 2020b Microsoft. «Privileges». docs.microsoft.com/en-us/windows/win32/secauthz/privileges, last visited March 28, 2020.
Microsoft. 2021. Order of ACEs in a DACL. docs.microsoft.com/en-us/windows/win32/secauthz/order-of-aces-in-a-dacl.
Microsoft. 2022. WinVerifyTrust Signature Validation Vulnerability. Jan 21, 2022. Msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900.
Miller, Mark. «Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control». PhD Thesis, Johns Hopkins. 2006.
Miller, Bart P. L. Fredriksen, and B. So. «An Empirical Study of the Reliability of UNIX Utilities». Communications of the ACM 33, 12. December, 1990.
Mogul, Richand Shawn Harris. Break the Top 1 °Cloud Attack Killchains. Session CSV-T08, RSA Conference. February, 2020. www.rsaconference.com/usa/us-2020/agenda/break-the-top-10-cloud-attack-killchains-session-viewing-point.
Mogull, Rich. Goodbye «Kill Chains», Hello «Attack Sequences». Firemon Blog. 2022.www.firemon.com/goodbye-kill-chains-hello-attack-sequences.
Momot, F., S. Bratus, Sven M. Hallberg and M. L. Patterson. «The Seven Turrets of Babel: A Taxonomy of LangSec Errors and How to Expunge Them». IEEE Cybersecurity Development (SecDev), 2016, pp. 45–52, doi: 10.1109/SecDev.2016.019. ieeexplore.ieee.org/document/7839788.
Morris, Robert and Ken Thompson. «Password Security: A Case History». Communications of the ACM, Volume 22, Number 11. November, 1979. citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.128.1635&rep=rep1&type=pdf.
Montalbano, Elizabeth. Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple. Threatpost. February 10, 2021. threatpost.com/supply-chain-hack-paypal-microsoft-apple/163814.
Morszczyzna, Mateusz. What’s really wrong with node_modules and why this is your fault. Hackernoon. November 27, 2017. hackernoon.com/whats-really-wrong-with-node-modules-and-why-this-is-your-fault-8ac9fa893823.
Mydans, Seth. «Samoa Sacrifices a Day for Its Future», New York Times, December 29, 2011, www.nytimes.com/2011/12/30/world/asia/samoa-to-skip-friday-and-switch-time-zones.html.
Nadel, Ben. Canonicalizing A URL By Its Individual Components In Lucee CFML 5.3.6.61. Blog. May 22, 2020. www.bennadel.com/blog/3832-canonicalizing-a-url-by-its-individual-components-in-lucee-cfml-5-3-6-61.htm.
National Cyber Security Centre. Introduction to logging for security purposes, version 1.0. July 8, 2018. www.ncsc.gov.uk/guidance/introduction-logging-security-purposes.
Newcombe, Chris, Tim Rath, Fan Zhang, Bogdan Munteanu, Marc Brooker, Michael Deardeuff. Communications of the ACM, Vol. 58 No. 4, Pages 66–73 10.1145/2699417. April, 2015 cacm.acm.org/magazines/2015/4/184701-how-amazon-web-services-uses-formal-met hods/fulltext.
NIST. NIST’s Inclusive Language Guidance Aims for Clarity in Standards Publications. April 29, 2021. www.nist.gov/news-events/news/2021/04/nists-inclusive-language-guidance-aims-clarity-standards-publications.
NIST. NIST Special Publication 800-90B. Recommendation for the Entropy Sources Used for Random Bit Generation, Meltem Sönmez Turan et al. 2018. nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf.
Oberhaus, Daniel. The World’s Oldest Blockchain Has Been Hiding in the New York Times Since 1995. Vice Motherboard. August 27, 2018. www.vice.com/en/ article/j5nzx4/what-was-the-first-blockchain.