这一系列富有思想性的文章使读者可以超越对于耀眼的安全技术的恐惧、不确定和怀疑，从而能够感受到那些需要立即处理的安全问题的更多微妙之美。《安全之美》展示了安全的阴阳两面，以及壮观的破坏力和灿烂的创造力之间基础性的张力。

尽管大多数人在他们个人或者公司的系统没有遭到攻击之前不会给予安全高度的重视，这本充满激辩的书籍依然表明了数字安全不仅仅是值得思考而已，它还是一个可以令人陶醉的话题。罪犯通过大量富有创造力的行为得以成功，防御方也需要付出同等的代价。

《安全之美》通过一些有着深刻见解的文章和分析探索了这样一个具有挑战性的主题，其内容包括：个人信息的秘密机制：它如何工作，罪犯之间的关系，以及一些他们针对被掠食对象发起突袭时所使用的新方法；社交网络、云计算和其他流行趋势如何帮助和伤害我们的在线安全；衡量标准、需求收集、设计和法律如何能够把安全提升到一个更高的高度；PGP真实又少为人知的历史。

PREFACE

1　PSYCHOLOGICAL SECURITY TRAPS

 Learned Helplessness and NaTvet6

 Confirmation Traps

 FunctionaI Fixation

 Summary

2　WIRELESS NETWORKING：FERTILE GROUND FOR SOCIAL ENGINEERING

 Easy Money

 Wi reless Gone Wild

 Still，Wireless Is the Future

3　BEAUTIFUL SECURITY METRICS

 Security Metrics by Analogy：Health

 Security Metrics by Example

 Summary

4　THE UNDERGROUND ECONOMY OF SECURITY BREACHES

 The Makeup and Infrastructure ofthe Cyber Underground

 The Payoff

 How Can We Combat This Growing Underg'round Economy?

 Summary

5 BEAUTlFUL TRADE：RETHINKlNG E．COMMERCE SECURITY

 DeconslructIng Commerce

 Weak Amelioration Attempts

 E-Commerce Redone：A New Security Model

 The New ModeI

6 SECURING ONLINE ADVERTISlNG：RUSTLERS AND SHERIFFS IN THE NEW WILD WEST

 Attacks on Users

 Advertisers As Vi Clims

 Creating Accountability in Online Advertising

7　THE EVOLUTl0N OF PGP’S WEB OF TRUST

 PGP and OpenPGP

 Trust，Validity，and Authority

 PGP and C rypto History

 Enhancements to the Original Web of Trust Model

 Interesting A reas for Further Research

 References

8　OPEN SOURCE HONEYCLIENT：PROACTIVE DETECTION OF CLIENT．SIDE EXPLOITS

 Enter Honeyclients

 Introducing the World’S Fi rst Open Source Honeyclient

 Second-Generation Honeyclients

 Honeyclient OperationaI Results

 Analysis of Exploits

 Limitations ofthe Current Honeyclient Implementation

 Related Work

 The Future of Honeyclients

9　TOMORROW’S SECURITY COGS AND LEVERS

 Cloud Computing and Web Services：The Single Machine Is Here

 ConnectimJ People，Process，and Technology：The Potential for Business Process Management

 Social Networkin9：When People Start Communicatin9，Big Things Change

 Information Security Economics：Supercrunching andthe New Rules oftheGrid

 Platforms ofthe Lon9·Tail Variety：Why the Future Will Be Different for Us All

 Conclusion

 Acknowledgmenls

10　SECURITY BY DESIGN

 Metrics with No Meaning

 Time to Market or Time to Quality?

 How a Di sciplined System Development Lifecycle Can Help

 Conclusion：Beautiful Security Is an Attribute of Beautiful Systems

11 FORClNG FIRMS TO FOCUS：IS SECURE SOFTWARE IN YOUR FUTURE?

 Implicit Requi remenls Can StilI Be Powerful

 How One Firm Came to Demand Secure Software

 Enforcing Security in Off—the—ShelfSoftware

 Analysis：How to Make the World’S Software More Secure

12　0H N0，HERE COME THE INFOSECURITY LAWYERS!

 Culture

 Balance

 Communication

 Doing the Right Thing

13 BEAUTIFUL LOG HANDLING

 byAnton Chuuakin

 Logs in Security Laws and Standards

 Focus on Logs

 When Logs Are Invaluable

 Challenges with Logs

 Case Study：Behind a Trashed Server

 Future Logging

 Conclusions

14　INCIDENT DETECTION：FINDING THE OTHER 68％

 A Common Starting Point

 Improving Detection with Context

 Improving Perspective with Host Logging

 Summary

15　DOING REAL WORK WITHOUT REAL DATA

 A Real．Life Example

 PersonaI Data Stored As a Convenience

 Trade—offs

 Going Deeper

 References

16 CASTING SPELLS：PC SECURITY THEATER

 Growing Attacks．Defenses in Retreat

 The lIlusion Revealed

 Better Practices for Desktop Security

 Conclusion

CONTRIBUTORS

INDEX