[Onion] CIA Realizes It’s Been Using Black Highlighters All These Years. November 30, 2005. www.theonion.com/cia-realizes-its-been-using-black-highlighters-all-thes-1819568147.
Oorschot, Paul C. van. «Computer Security and the Internet: Tools and Jewels». Springer. 2020.
OWASP. Canonicalization, locale and Unicode. www.owasp.org/index.php/Canonicalization,_locale_and_Unicod, last modified May 12, 2013.
Palladino, Valantia. Tech – Logitech to shut down «service and support» for Harmony Link devices in 2018. Ars Technica. November 8, 2017. arstechnica.com/gadgets/2017/11/logitech-to-shut-down-service-and-support-for-harmony-link-devices-in-2018.
Parikh, Jugal, Randy Treit, Holly Stewart. Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks. Blackhat USA. August 9, 2018. www.blackhat.com/us-18/briefings/schedule/ #protecting-the-protector-hardening-machine-learning-defenses-against-adversarial-attacks-11669.
PCI Security Standards Council, Information Supplement. Effective Daily Log Monitoring. May 2016, listings.pcisecuritystandards.org/documents/Effective-Daily-Log-Monitoring-Guidance.pdf.
Petitcolas, Fabien. Kerckhoffs’ principles from «La cryptographie militaire». Webpage. www.petitcolas.net/kerckhoffs/index.html, last visited August 27, 2022.
Pieczul, Olgierd, Simon Foley, and Mary Ellen Zurko. 2017. Developer-centered security and the symmetry of ignorance. In Proceedings of the 2017 New Security Paradigms Workshop (NSPW 2017). Association for Computing Machinery, New York, NY, USA, 46–56. DOI: doi.org/10.1145/3171533.3171539.
Pocock, Chris. The Revolutionary but Thorny U.S. Predator-Reaper Program. AINOnline. June 13, 2015. www.ainonline.com/aviation-news/defense/2015-06-13/revolutionary-thorny-us-predator-reaper-program.
Poulsen, Kevin. «Nimda’ worm hits net». Security Focus. September 18, 2001. www.securityfocus.com/news/253.
Ptacek, Thomas H., and Timothy N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Secure Networks inc Calgary Alberta. 1998. users.ece.cmu.edu/~adrian/731-sp04/readings/Ptacek-Newsham-ids98.pdf.
Reeder, Rob. Expandable Grids: A user interface visualization technique and a policy semantics to support fast, accurate security and privacy policy authoring. PhD thesis. Carnegie Mellon University Computer Science Department. CMU tech report number CMU-CS-08-143. July, 2008.
Reick, Philip. Answer to Parse Phone Number into component parts. Stack Overflow. October 22, 2008. stackoverflow.com/questions/227473/parse-phone-number-into-component-parts.
Roberts, Paul. MIT: Discarded hard drives yield private info. IDG News Service. 2003. www.computerworld.com/article/2580013/mit-discarded-hard-drives-yield-private-info.html.
Roth, Emma. Intel’s 12th Gen CPU can’t handle the Bar exam. The Verge. July 13, 2022. www.theverge.com/2022/7/13/23209784/intel-law-students-12th-gen-processor-bar-exam-examplify-examsoft.
Saldana, Grace. China’s Newest Bio-Weapon Unleashed. FreedomWire. July 30, 2020. freedomwire.com/china-bioweapon-seeds.
Sanger, David E. Obama Order Sped Up Wave of Cyberattacks Against Iran. New York Times. June 1, 2012. www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html.
Shachtman, Noah. Most U.S. Drones Openly Broadcast Secret Video Feeds. Wired. October 29, 2012. www.wired.com/2012/10/hack-proof-drone.
Schmitt, Emanuel and Jan-Niklas Voigt-Antons. Predicting Tap Locations on Touch Screens in the Field Using Accelerometer and Gyroscope Sensor Readings. In HCI for Cybersecurity, Privacy and Trust: Second International Conference, HCI–CPT 2020, Held as Part of the 22nd HCI International Conference, HCII 2020. Copenhagen, Denmark. July 19–24, 2020. Proceedings. Springer-Verlag, Berlin, Heidelberg, 637–651. doi.org/10.1007/978-3-030-50309-3_43.
Seebach, Peter. OOXML: What’s the big deal? IBM Developerworks. February 19, 2008. web.archive.org/web/20091003044227/www.ibm.com/developerworks/library/x-ooxmlstandard.html.
Sharma, Ax. Dev corrupts NPM libs «colors» and «faker» breaking thousands of apps. Bleeping Computer. January 9, 2022. www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps.
Schneier, Brice. «Attack trees». Dr. Dobb’s journal 24, no. 12 (1999): 21–29.
Seariac, Hanna. What happens if I don’t put my phone on airplane mode? Deseret News. September 22, 2022. www.deseret.com/u-s-world/ 2022/9/22/23365792/phone-airplane-mode-why.
Shostack, Adam. Buffer Overflows and history a request. October 2008. www.emergent chaos.com/archives/2008/10/buffer-overflows-and-history-a-request.html.
Shostack, Adam. Lessons Learning Workstream. 2022. shostack.org/resources/lessons.
Shostack, Adam. Reverse Engineering Compliance. Blackhat Asia. 2021. www.youtube.com/watch?v=j7nDXgLahhU&list=PLCVhBqLDKoONr9 yrBmUKf6gb-FifkeEGL&index=10.
Shostack, Adam. Threat Modeling: Designing for Security. Wiley. 2014.
Siguza. «Psychic Paper». May 1, 2020. siguza.github.io/psychicpaper.
Sinan, Mehmet Inci, Berk Gulmezoglu, Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. «Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud». Preprint. September 15, 2015. eprint.iacr.org/2015/898.
[Smug] Comfortably Smug. The Radicalization of Luke Skywalker: A Jedi’s Path to Jihad by Comfortably Smug. December 11, 2015. decider.com/2015/12/11/the-radicalization-of-luke-skywalker-a-jedis-path-to-jihad.
Snyk. Zip Slip Vulnerability. 2018. snyk.io/research/zip-slip-vulnerability.
Soltani, Ashkan, Edward W. Felten, Matt Blaze, Steven M. Bellovin, Bruce Schneier, Joseph Lorenzo Hall, Morgan Marquis-Boire, Nicholas Weaver, Stephen Checkoway, Dan S. Wallach, Adam Shostack, Rebecca Wright, Carrie E. Gates, Scott Bradner, Susan Landau, Ben Adida, Nadia Heninger, Philip Zimmermann, and Sharon Goldberg. Amicus Brief in Carpenter vs United States. August 15, 2017. knightcolumbia.org/content/supreme-court-brief-technologists-warn-against-warrantless-access-cell-phone-location-data.
Stern, Alan, and David Grinspoon. Chasing New Horizons: inside the epic first mission to Pluto. Picador. 2018.
Sunstein, Cass R. The World According to Star Wars. Dey Street Books. 2016.
Sussman, Noah. «Falsehoods programmers believe about time». Blog post. Sunday, June 17, 2012. and infiniteundo.com/post/25326999628/falsehoods-programmers-believe-about-time; «More falsehoods programmers believe about time; “wisdom of the crowd” edition», Wednesday, June 20, 2017. Falsehoodsabouttime.com.
Thompson, Ken. Reflections on trusting trust. Commun. ACM 27, 8, 761–763. August, 1984. DOI: doi.org/10.1145/358198.358210.
Tims, Anna. «Postcode loophole enables fraudsters to hijack eBay parcels». The Guardian. September 22, 2019. www.theguardian.com/money/2019/sep/22/fraudsters-hijack-ebay-parcels-postcode-scam.
Tofel, Kevin. Your iPhone 6 has a barometric sensor and this weather app wants to use it. ZDNet. June 15, 2015. www.zdnet.com/article/dark-sky-weather-app-iphone-6-plus-barometer.
Udell, Jon. Access control, monoculture, and accountability Infoworld. September 17, 2004. www.infoworld.com/article/2664548/access-control-monoculture-and-accountability.html.
Unicode Consortium, Confusables. Version 3.9, util.unicode.org/UnicodeJsps/confusables.jsp?a=Yoda&r=None, last visited February 14, 2022.
Ullrich, Steffe., «Breaking DKIM – on Purpose and by Chance». October, 2017. noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html.
Washington State Department of Agriculture. Public asked to turn in suspicious seeds mailed from other countries. Press release July 29, 2020. agr.wa.gov/about-wsda/news-and-media-relations/news-releases?article=31411.
Weinbaum, Cortney, Steven Berner, Bruce McClintock. SIGINT for Anyone, The Growing Availability of Signals Intelligence in the Public Domain. RAND. 2017. www.rand.org/pubs/perspectives/PE273.html.
Whitwam, Ryan. Scientists Rename Genes So Excel Won’t Reformat Them as Dates. ExtremeTech. August 7, 2020. www.extremetech.com/extreme/313567-scientists-rename-genes-so-excel-wont-reformat-them-as-dates.
Wildenhain, Tom. On the Turing Completeness of MS PowerPoint. April 9, 2020. www.andrew.cmu.edu/user/twildenh/PowerPointTM/Paper.pdf.
Winkler, Ira, Tracy Celaya Brown. You Can Stop Stupid. Wiley. 2020.
Young, Adam, and Moti Yung. «Cryptovirology: Extortion-based security threats and countermeasures». In Proceedings 1996 IEEE Symposium on Security and Privacy, pp. 129–140, IEEE. 1996. citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.44.9122&rep=rep1&type=pdf.
Zalewski, Michal. The tangled Web: A guide to securing modern web applications. No Starch Press. 2011.
Указатель сюжетов
На протяжении всей этой книги я использовал «Звездные войны» как своего рода дворец памяти – способ для вас разложить свои новые знания по забавным закуткам. Если вы забыли технические подробности, но помните сюжетную линию, к которой они были привязаны, что ж, вы можете просто перечитать книгу, но, если это не удастся… этот указатель может быть вашей единственной надеждой.
Источники перечислены в хронологическом порядке вселенной «Звездных войн», а не в порядке их выпуска в нашей галактике. Внутри каждого из них за кратким описанием сцены или цитатой следует ссылка на главу и ближайший подзаголовок, чтобы побудить вас перечитать этот раздел для справки. (В оглавлении перечислены разделы; этот указатель содержит заголовки более низкого уровня.)
• «Страх рождает гнев. Гнев рождает ненависть. Ненависть влечет…» (раздел «Заключение» в главе 7 «Предсказуемость и случайность»).