DotCrime Manifesto: How to Stop Internet Crime / Edition 1

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 94%)
Other sellers (Hardcover)
  • All (15) from $1.99   
  • New (4) from $2.99   
  • Used (11) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$2.99
Seller since 2007

Feedback rating:

(179)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
Brand New. Remainder mark. Ship daily. Pack carefully. E-mail when shipped. 63C

Ships from: Denver, CO

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
$7.99
Seller since 2010

Feedback rating:

(383)

Condition: New
2008-01-08 Hardcover New New, unread book with light shelf wear. May have a remainder mark.

Ships from: Amherst, NY

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$10.17
Seller since 2006

Feedback rating:

(59624)

Condition: New
With CD! BRAND NEW 100% Money Back Guarantee. Shipped to over one million happy customers. Your purchase benefits world literacy!

Ships from: Mishawaka, IN

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$50.00
Seller since 2014

Feedback rating:

(148)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by

Overview

Internet crime keeps getting worse...but it doesn’t have to be that way. In this book, Internet security pioneer Phillip Hallam-Baker shows how we can make the Internet far friendlier for honest people–and far less friendly to criminals.

The dotCrime Manifesto begins with a revealing new look at the challenge of Internet crime–and a surprising look at today’s Internet criminals. You’ll discover why the Internet’s lack of accountability makes it so vulnerable, and how this can be fixed –technically, politically, and culturally.

Hallam-Baker introduces tactical, short-term measures for countering phishing, botnets, spam, and other forms of Internet crime. Even more important, he presents a comprehensive plan for implementing accountability-driven security infrastructure: a plan that draws on tools that are already available, and rapidly emerging standards and products. The result: a safer Internet that doesn’t sacrifice what people value most: power, ubiquity, simplicity, flexibility, or privacy.

Tactics and strategy: protecting Internet infrastructure from top to bottom

Building more secure transport, messaging, identities, networks, platforms, and more

Gaining safety without sacrificing the Internet’s unique power and value

Making the Internet safer for honest people without sacrificing ubiquity, simplicity, or privacy

Spam: draining the swamp, once and for all

Why spam contributes to virtually every form of Internet crime–and what we can do about it

Design for deployment: how to really make it happen

Defining security objectives, architecture, strategy, and design–and evangelizing them

How to Build a Safer, Better Internet

You’ll find yourself deeply concerned, then fascinated, then hopeful as you read about

• Building an Internet that resists online crime

• Phishing, botnets, and spam: tactical, workable, immediate countermeasures

• Establishing the “Accountable Web”: a strategic, long-term solution to Internet crime

• Improving security without sacrificing what people love about the Internet

The Internet is today’s Wild West: too much lawlessness, too little accountability. Now, one of the Internet’s leading pioneers shows how we can build a more trustworthy Internet: one that resists crime without frustrating honest people or compromising privacy and civil liberties. Drawing on years at the cutting edge of Internet and security research, Phillip Hallam-Baker offers a complete plan for reinventing the Internet: a plan that addresses everything from technology to politics and culture. Whether you’re a technology professional, policymaker, or citizen, this book will show you how we can make the Internet better, smarter, and above all, safer.

informit.com/aw

Preface xix

Acknowledgments xxiv

About the Author xxviii

Chapter 1: Motive 1

Chapter 2: Famous for Fifteen Minutes 37

Chapter 3: Learning from Mistakes 51

Chapter 4: Making Change Happen 81

Chapter 5: Design for Deployment 107

Chapter 6: Spam Whack-a-Mole 119

Chapter 7: Stopping Spam 135

Chapter 8: Stopping Phishing 155

Chapter 9: Stopping Botnets 175

Chapter 10: Cryptography 199

Chapter 11: Establishing Trust 215

Chapter 12: Secure Transport 227

Chapter 13: Secure Messaging 251

Chapter 14: Secure Identity 277

Chapter 15: Secure Names 311

Chapter 16: Secure Networks 323

Chapter 17: Secure Platforms 343

Chapter 18: Law 355

Chapter 19: The dotCrime Manifesto 377

Further Reading 383

References 387

Index 395

Read More Show Less

Product Details

  • ISBN-13: 9780321503589
  • Publisher: Addison-Wesley
  • Publication date: 1/12/2008
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 415
  • Product dimensions: 6.30 (w) x 9.50 (h) x 1.03 (d)

Meet the Author

Dr. Phillip Hallam-Baker has been at the center of the development of the World Wide Web, electronic commerce, and Internet security for more than a decade. A member of the CERN team that created the original Web specifications, his list of design credits has few rivals and includes substantial contributions to the design of HTTP, the core protocol of the World Wide Web.

A frequent speaker at international conferences with more than 100 appearances over the past four years and numerous media interviews, Hallam-Baker is known for his passionate advocacy of what he calls technology for real people. His mission is to democratize technology, making technology serve the needs of the ordinary person rather than interest technologists or an artificial business model. The dotCrime Manifesto serves this mission by reaching out beyond the field of network security specialists to provide a firsthand, accessible account of the measures needed to control Internet crime.

Dr. Hallam-Baker was also responsible for setting up the first-ever political Web site on the World Wide Web and worked with the Clinton-Gore ’92 Internet campaign, correctly predicting that the Web would change the future of political communication, a prediction that led to the creation of the Clinton Presidential Web site, whitehouse.gov. While at the MIT Laboratory for Artificial Intelligence, Dr. Hallam-Baker worked on developing a security plan to allow deployment of the groundbreaking Internet publications system at the executive office of the president.

VeriSign Inc. was founded in 1995 to provide a trust infrastructure for the Internet that would allow people to buy and sell over the Web without worrying that a criminal might be able to steal their credit card number. This trust infrastructure was the key technology that allowed the development of online retail stores and banks. Dr. Hallam-Baker joined VeriSign in 1998 and became its first principal scientist in 2000. His first commission as principal scientist was to design a second-generation trust infrastructure for the Internet. This research work led to the design of

Since 2002, Dr. Hallam-Baker has increasingly focused on the problem of how to stop Internet crime. He played a leading role in the fight against spam and was one of the first researchers to argue for the authentication-based approach to spam control that has since become the Industry standard. In 2004, Dr. Hallam-Baker testified at the Federal Trade Commission workshop on authentication-based approaches to stopping spam.

Dr. Hallam-Baker holds a degree in electronic engineering from Southampton University and a doctorate in computer science from the Nuclear Physics Lab at Oxford University. He has worked at internationally respected research institutions such as DESY, CERN (as a European Union Fellow), and MIT. He is a member of the Oxford Union Society and a Fellow of the British Computer Society.

Read More Show Less

Read an Excerpt

The dotCrime ManifestoPreface

For more than a decade, surveys of Internet users, administrators, and developers have consistently ranked "security" as the top concern. Despite the advances in Internet security technology, the problem of criminal activity on the Internet has only become worse.

As Nicholas Negroponte, founder of the MIT Media Lab and the One Laptop Per Child association observed: bits not atoms. As the world goes digital, so does crime. Only the venue is new in Internet crime. Every one of the crimes described in this book is a new twist on an ancient story. Willie Horton robbed banks because, "That's where the money is." Today, the money is on the Internet, and so are the criminals trying to steal it.

People not bits: Internet crime is about people. Money is the means; technology is merely an end. Some Internet criminals are world-class technology experts, but rather fewer than you might expect. Most Internet criminals are experts in manipulating and exploiting the behavior of people rather than machines.

Internet crime is caused by the criminals, but certain limitations of the original design of the Internet and the Web have encouraged its growth. To change the behavior of people, we must change the environment in which they interact. Understanding the problem of Internet crime as a social process paradoxically leads us to solutions that are primarily expressed as technical proposals.

If we are going to beat the Internet criminals, we are going to need both strategy and tactics. In the short term, we must respond tacticallymdfoiling attacks in progress even if doing so costs more thanaccepting the loss. In the longer term, we must change the infrastructure of the Internet so that it is no longer a lawless frontier but do this in a way that does not compromise the privacy and liberties that have attracted people to the Internet in the first place.

We must pursue both courses. Unless we can bring Internet crime under short-term control through a tactical response, it will be too late for strategy. If we don't use the time bought by the tactical approach to advance a long-term strategy, we will eventually run out of tactical options.

The Internet has more than a billion users. It is a complex and expensive infrastructure. Changing the Internet is difficult, particularly when success requires many changes to be made at the same time and the people who must bear the cost are not always the ones who will see the benefit.

I am currently a participant in six different working groups tasked with changing a small part of the Internet. I have interactions with and occasionally appear at 20 more. Taken individually, none of the groups are likely to have a significant effect on the level of Internet crime. The best that can be hoped for is to move the problem from one place to another. Secure the e-mail system, and the criminals will start infiltrating Instant Messaging; secure Instant Messaging, and they will attack blogs or voice communications.

Taken together, the groups are working toward something that is much larger: a new Internet infrastructure that is a friendlier place for the honest person and a less advantageous environment for criminals.

The purpose of this book is to show how these pieces come together. In particular, it is an argument for a particular approach to Internet security based on accountability.

This book is arranged in four sections providing a rough narrative from problem to solution and from people issues to technology issues.Section One: People Not Bits

Before we start to look at solutions, we need to understand both the problem we want to solve and the reasons it has not been solved before. What might surprise some readers is the fact that technology plays only a minor role. Money is the motive; people are the cause. You don't need to be a technology expert to understand how these crimes work; the typical Internet criminal is not a technology expert.

The first two chapters deal with the problem. Chapter 1, "Money Is the Motive," looks at the crimes themselves, every one a new twist on an ages-old scam, and Chapter 2, "Famous for Fifteen Mouse Clicks," looks at the criminals behind the scams. The common theme running through both chapters is that these crimes are due to the lack of accountability in the design of the Internet and the Web. To combat Internet crime, we must establish an accountable Web.

The next three chapters consider the problem of changing the Internet infrastructure to make it a less crime-friendly environment, how to make the changes necessary to establish accountability. Chapter 3, "Learning from Mistakes," looks back at the reasons that the Internet is the way that it is. Chapter 4, "Making Change Happen," looks forward and sets out a strategy for changing the Internet that is driven by pain and opportunity. Chapter 5, "Design for Deployment," describes an engineering approach based on that strategy: design for deployment.Section Two: Stopping the Cycle

Having looked at the problem, we can begin to look at solutions to specific types of Internet crime, such as phishing and measures to limit the use of the criminal infrastructures that support them.

At this point, we are looking at measures that can be deployed in the short term with minimal changes to the existing Internet infrastructure. As a result, the measures tend to offer tactical rather than strategic advantage. Although tactical measures are valuable in the short run, we must accept that the respite they offer is temporary and use the time that they provide to deploy strategic changes to the Internet infrastructure that bring lasting benefits that the criminals find much harder to circumvent and make a profit from their activities.

Chapter 6, "Spam Whack-a-Mole," looks at previous efforts to control spam and the reasons that they have failed. Chapter 7, "Stopping Spam," describes more recent efforts to control spam by establishing an accountability infrastructure for e-mail use.

Chapter 8, "Stopping Phishing," examines the problem of phishing. Although phishing is not the only form of bank fraud on the Internet, it is currently the one that causes the most widespread concern.

Spam is one of the two principle engines of Internet crime. Chapter 9, "Stopping the Botnets," looks at ways to disrupt the use of the other principle engine of Internet crime: networks of captured computers known as botnets.Section Three: Tools of the Trade

Before looking at how to change the Internet infrastructure to make strategic changes, it is necessary to describe the technical tools available, in particular the use of cryptography.

Chapter 10, "Cryptography," presents a brief introduction to modern cryptography. Cryptography is a powerful tool but must be used with care. Security is a property of a system. A program can employ the most advanced cryptographic techniques known and still fail to control real risks and thus provide security in the real world.

Chapter 11, "Establishing Trust," describes mechanisms that are used to establish trust in the online world today and some of the recent developments in the state of the art that will help us to establish the infrastructure we need to meet our future needs.Section Four: The Accountable Web

The final section of this book presents the actual technical architecture of the accountable Web. Each chapter focuses on a particular layer of security infrastructure, beginning with those where work is already well advanced.

Chapters 12, "Secure Transport," and 13, "Secure Messaging," describe work that is currently underway to create the next-generation transport and messaging layer security infrastructures. In particular, the design of Extended Validation certificates and Secure Internet Letterhead are examined.

Chapters 14, "Secure Identity," and 15, "Secure Names," address the issues identity and naming. This area is currently hotly contested with OpenID, CardSpace, and SAML all competing for position. I believe that in the long run, all of these technologies will develop complementary niches within a common Identity 2.0 ecology.

Chapter 16, "Secure Networks," looks at the network layer and describes Default Deny Infrastructure, an architecture designed to meet the challenge of deperimeterization. Chapter 17, "Secure Platforms," describes some of the work currently underway to develop a secure operating system and the use of next-generation code signing.

Chapter 18, "Law," examines the use of the legal system to reduce Internet crime, ensuring that law enforcement and prosecutors have the tools they need to do their job. Chapter 19, "The dotCrime Manifesto," ... A Note on Jargon

Most technologists (sometimes including me) use rather too much jargon. After 25 years in the technology business, I have come to the conclusion that the more jargon a person uses, the less he is likely to know.

While preparing to edit this book, I reread an older book on a similar topic that was also aimed at a similar audience written some years ago. I was somewhat surprised to find it somewhat heavy going even though I had found it a light read at the time. The field has moved on since then, and so has the language. Will anyone remember what a "Joe job" is in ten years' time? I hope not. I hope we have made both the attack and the jargon name for it obsolete.

To avoid this problem, I have adopted the following principles.

  • Where a term has been used as a term of art for many years in the field, I use it. The term social engineering has been used in the security field to describe obtaining information from a person through some form of confidence trick.

  • Where a jargon term is widely used in the establishment media, I use it. The term phishing is widely used to describe the theft of credentials through a social engineering attack.

  • Where a term has been recently introduced and is either self-explanatory or readily remembered after explanation, I use that term after giving an explanation. The term capture site is used to refer to a Web site used to collect credentials stolen in a phishing attack.

  • Where a term is used with different meanings inside and outside the field or is otherwise ambiguous, I avoid it. Even though the term hacker is commonly used to refer to computer criminals, it is often used in the field in the original sense of an expert trickster.

  • Where a term is not widely used outside a specialist clique and is not self-explanatory without reference to other jargon terms, I avoid it. In particular, I make a point of avoiding the hacker jargon leet speak. The point of leet speak is that it allows cliques to show each other how clever they are through use of a private code.

Word games can be fun, but we won't beat the criminals if we allow them to choose the rules and the game. I was recently in a meeting where a speaker had a cute term for every Internet crime imaginable. The next morning they were all forgotten.

© Copyright Pearson Education. All rights reserved.

Read More Show Less

Table of Contents

Preface xix

Acknowledgments xxiv

About the Author xxviii

Chapter 1: Motive 1

Chapter 2: Famous for Fifteen Minutes 37

Chapter 3: Learning from Mistakes 51

Chapter 4: Making Change Happen 81

Chapter 5: Design for Deployment 107

Chapter 6: Spam Whack-a-Mole 119

Chapter 7: Stopping Spam 135

Chapter 8: Stopping Phishing 155

Chapter 9: Stopping Botnets 175

Chapter 10: Cryptography 199

Chapter 11: Establishing Trust 215

Chapter 12: Secure Transport 227

Chapter 13: Secure Messaging 251

Chapter 14: Secure Identity 277

Chapter 15: Secure Names 311

Chapter 16: Secure Networks 323

Chapter 17: Secure Platforms 343

Chapter 18: Law 355

Chapter 19: The dotCrime Manifesto 377

Further Reading 383

References 387

Index 395

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)