CiteULike: Group: Security - library [116 articles]

Information system attacks: A preliminary classification scheme

Fred Cohen — 2008-05-07T11:36:26-00:00

Computers & Security, Vol. 16, No. 1. (1997), pp. 29-46.

It is hoped that this list will be a starting point and not an ending point. If all goes well and many of the readers comment on this listing, efforts will be made to improve and expand upon the list in the future and to relate our results to the readership again at a later date.

A Common Language for Computer Security Incidents

J Howard — 2008-05-07T11:09:08-00:00

(1998)

Much of the computer security information regularly gathered and disseminated by individuals and organizations cannot currently be combined or compared because a "common language" has yet to emerge in the field of computer security. A common language consists of terms and taxonomies (principles of classification) which enable the gathering, exchange and comparison of information. This paper presents the results of a project to develop such a common language for computer security incidents. This ...

Why cryptosystems fail

Ross Anderson — 2005-02-25T13:22:54-00:00

(1993), pp. 215-227.

Vulnerabilities Analysis

M Bishop — 2008-04-28T11:36:34-00:00

(1999)

Introduction and Problem Statement Errors in computer systems and programs are called bugs. Many studies have analyzed the origins of bugs, how to decrease the number of bugs in a system, and how to test for (informally verify) and prove (formally verify) the lack of bugs in a program. Tools such as bounds-checking compilers, dynamic debuggers, and profilers let programmers check for specific bugs in the program. Methodologies such as stepwise refinement breaks the process of design and...

Software vulnerability analysis

Ivan Krsul — 2008-04-17T12:28:50-00:00

(1998)

Major Professor-Eugene H. Spafford

Toward the Use of Automated Static Analysis Alerts for Early Identification of Vulnerability- and Attack-prone Components

M Gegick — 2008-04-17T12:15:58-00:00

Internet Monitoring and Protection, 2007. ICIMP 2007. Second International Conference on (2007), pp. 18-18.

Extensive research has shown that software metrics can be used to identify fault- and failure-prone components. These metrics can also give early indications of overall software quality. We seek to parallel the identification and prediction of fault- and failure-prone components in the reliability context with vulnerability- and attack-prone components in the security context. Our research will correlate the quantity and severity of alerts generated by source code static analyzers to vulnerabilities discovered by manual analyses and testing. A strong correlation may indicate that automated static analyzers (ASA), a potentially early technique for vulnerability identification in the development phase, can identify high risk areas in the software system. Based on the alerts, we may be able to predict the presence of more complex and abstract vulnerabilities involved with the design and operation of the software system. An early knowledge of vulnerability can allow software engineers to make informed risk management decisions and prioritize redesign, inspection, and testing efforts. This paper presents our research objective and methodology.

Towards a Common Enumeration of Vulnerabilities

David Mann — 2008-04-17T11:13:21-00:00

(8 January 1999)

Buffer overflows: attacks and defenses for the vulnerability of the decade

C Cowan — 2007-02-26T17:53:58-00:00

Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems] (2003), pp. 227-237.

From the ground up: the DIMACS software security workshop

G Mcgraw — 2008-03-11T15:34:22-00:00

Security & Privacy, IEEE, Vol. 1, No. 2. (2003), pp. 59-66.

The DIMACS Software Security Workshop held in New Jersey explored issues such as security engineering, architecture and implementation risks, security analysis, mobile and malicious code, education and training, and open research issues. Many promising techniques have grown from connections between computer security, programming languages, and software engineering, and one workshop goal was to bring these communities closer together to crystallize the software security subfield.

Software Security: Building Security In (Addison-Wesley Software Security Series)

Gary Mcgraw — 2008-04-15T12:04:12-00:00

(02 February 2006)

Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More

John Viega — 2008-04-16T13:08:47-00:00

(14 July 2003)

Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult. "Secure Programming Cookbook for C and C++" is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix(R) (including Linux(R)) and Windows(R) environments. Readers will learn: How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems How to properly SSL-enable applications How to create secure channels for client-server communication without SSL How to integrate Public Key Infrastructure (PKI) into applications Best practices for using cryptography properly Techniques and strategies for properly validating input to programs How to launch programs securely How to use file access mechanisms properly Techniques for protecting applications from reverse engineering The book's website supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers. "Secure Programming Cookbook for C and C++" is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.

Exploiting Software : How to Break Code

Greg Hoglund — 2006-01-05T18:29:14-00:00

(17 February 2004)

Computing hardware would have no value without software; software tells hardware what to do. Software therefore must have special authority within computing systems. All computer security problems stem from that fact, and Exploiting Software: How to Break Code shows you how to design your software so it's as resistant as possible to attack. Sure, everything's phrased in offensive terms (as instructions for the attacker, that is), but this book has at least as much value in showing designers what sorts of attacks their software will face (the book could serve as a checklist for part of a pre-release testing regimen). Plus, the clever reverse-engineering strategies that Greg Hoglund and Gary McGraw teach will be useful in many legitimate software projects. Consider this a recipe book for mayhem, or a compendium of lessons learned by others. It depends on your situation. PHP programmers will take issue with the authors' blanket assessment of their language ("PHP is a study in bad security"), much of which seems based on older versions of the language that had some risky default behaviors--but those programmers will also double-check their servers' register_globals settings. Users of insufficiently patched Microsoft and Oracle products will worry about the detailed attack instructions this book contains. Responsible programmers and administrators will appreciate what amounts to documentation of attackers' rootkits for various operating systems, and will raise their eyebrows at the techniques for writing malicious code to unused EEPROM chips in target systems. --David Wall Topics covered: How to make software fail, either by doing something it wasn't designed to do, or by denying its use to its rightful users. Techniques--including reverse engineering, buffer overflow, and particularly provision of unexpected input--are covered along with the tools needed to carry them out. A section on hardware viruses is detailed and frightening.

Building Secure Software: How to Avoid Security Problems the Right Way (Addison-Wesley Professional Computing Series)

John Viega — 2008-04-16T13:06:17-00:00

(04 October 2001)

Building secure software: better than protecting bad software

G Mcgraw — 2008-04-16T13:02:26-00:00

Software, IEEE, Vol. 19, No. 6. (2002), pp. 57-58.

Software is the biggest problem in computer security today. Most organizations invest in security by buying and maintaining a firewall, but they go on to let anybody access multiple Internet-enabled applications through that firewall. These applications are often remotely exploitable, rendering the firewall impotent (not to mention the fact that the firewall is often a piece of fallible software itself). Real attackers exploit software.

A Critical Analysis of Vulnerability Taxonomies

M Bishop — 2008-04-16T12:25:06-00:00

(1996)

This document was created with FrameMaker 4.0.4 -- 1 --

Computer security: the good, the bad and the ugly

C Meadows — 2008-04-16T12:07:21-00:00

High-Assurance Systems Engineering Workshop, 1996. Proceedings., IEEE (1996), pp. 52-54.

We discuss and characterize different types of solutions to computer security problems in terms of bad (theoretically sound, but expensive and impractical), ugly (practical, but messy and of doubtful assurance), and good (theoretically sound and practical). We also attempt to characterize the different approaches and problems in computer security that would lead to these different types of solutions

An Approach to Model Network Exploitations Using Exploitation Graphs

Wei Li — 2008-04-09T14:12:53-00:00

SIMULATION, Vol. 82, No. 8. (1 August 2006), pp. 523-541.

In this article, a modeling process is defined to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are considered to create exploitation graphs (e-graphs) that are used to represent attack scenarios. Experiments carried out in a cluster computing environment showed the usefulness of proposed techniques in providing in-depth attack scenario analyses for security engineering. Critical vulnerabilities can be identified by employing graph algorithms. Several factors were used to measure the difficulty in executing an attack. A cost/benefit analysis was used for more accurate quantitative analysis of attack scenarios. The authors also show how the attack scenario analyses better help deployment of security products and design of network topologies. 10.1177/0037549706072046

TPM Virtualization: Building a General Framework

Vincent Scarlata — 2008-03-25T17:30:37-00:00

(2007), pp. 43-56.

Trusted Computing has been widely recognized as a useful and necessary extension of more traditional security mechanisms. In today's complex multi-device environment, it is essential to be assured that devices participating in transactions can be trusted. The Trusted Computing Group (TCG) has created a set of specifications and accompanying infrastructure defining means of assurance to build a trusted environment. Continuing interest in virtualization as a way to extend flexibility in diverse computing environments while addressing issues of underutilization of equipment and energy consumption brings additional complexities to current and future models of trusted computing. This chapter is a research paper, rather than a discussion of issues for a practical implementation. We talk about today's trusted computing environment by briefly describing Intel Trusted Execution Technology (formerly LaGrande Technology) as an example implementation of a trusted platform. We dedicate a few sections to the basics of Trusted Platform Modules (TPMs) as defined in TCG specifications, before moving to focus primarily on describing a generalized framework for TPM virtualization. A Virtual TPM (VTPM) framework provides a set of services for trustworthy Virtual TPMs or proprietary TPM-like software. This framework allows multiple mutually distrustful and unaware guests to share a TPM without requiring modifications to guest operating systems or applications that they are running. Additionally, the framework supports the custom cryptographic subsystems with enhanced proprietary functionality that can be adapted to multiple use models. The proposed framework leverages the TPM to ensure that the trustworthiness of the VTPM is rooted in hardware. The proposed framework can be used to design VTPMs with varying security and performance profiles. TPM features optimizing the performance or security in the framework are discussed at the end of the chapter followed by conclusions.

Computer System Intrusion Detection: A Survey

Anita Jones — 2006-11-18T01:13:01-00:00

(1999)

The ability to detect intruders in computer systems increases in importance as computers are increasingly integrated into the systems that we rely on for the correct functioning of society. This paper reviews the history of research in intrusion detection as performed in software in the context of operating systems for a single computer, a distributed system, or a network of computers. There are two basic approaches: anomaly detection and misuse detection. Both have been practiced since the...

Survey of Intrusion Detection Research

Emilie Lundin — 2008-03-05T11:35:08-00:00

The literature holds a great deal of research in the intrusion detection area. Much of this describes the design and implementation of specific intrusion detection systems. While the main focus has been the study of different detection algorithms and methods, there are a number of other issues that are of equal importance to make these systems function well in practice. I believe that the reason that the commercial market does not use many of the ideas described is that there are still...

Public key cryptography empowered smart dust is affordable

Peter — 2008-03-04T12:30:48-00:00

International Journal of Sensor Networks, Vol. 4, No. 1/2. (2008)

SubVirt: Implementing malware with virtual machines

Samuel King — 2008-02-15T14:27:56-00:00

(2006), pp. 314-327.

Securing Web Servers against Insider Attack

Shan Jiang — 2008-02-15T14:25:56-00:00

(2001)

A Safety-Oriented Platform for Web Applications

Richard Cox — 2008-02-15T14:11:43-00:00

(2006), pp. 350-364.

A Secure and Reliable Bootstrap Architecture

William Arbaugh — 2008-02-15T14:06:54-00:00

(1997), pp. 65-71.

Protecting Client Privacy with Trusted Computing at the Server

Alexander Iliev — 2008-02-15T14:18:39-00:00

IEEE Security & Privacy, Vol. 3, No. 2. (March 2005), pp. 20-28.

Current trusted-computing initiatives usually involve large organizations putting physically secure hardware on user machines, potentially violating user privacy. Yet, it's possible to exploit robust server-side secure hardware to enhance user privacy. Two case studies demonstrate using secure coprocessors at the server.

Terra: a virtual machine-based platform for trusted computing

Tal Garfinkel — 2006-12-22T05:26:16-00:00

(2003), pp. 193-206.

Minimal TCB Code Execution

Jonathan Mccune — 2008-02-15T14:33:23-00:00

(2007), pp. 267-272.

Web Wallet: Preventing Phishing Attacks by Revealing User Intentions

Min Wu — 2008-02-15T15:08:04-00:00

(2006), pp. 102-113.

Accountability and Freedom

Butler Lampson — 2008-02-15T15:29:44-00:00

(Oct 2005)

TCG Inside? - A Note on TPM Specification Compliance

Ahmad-Reza Sadeghi — 2008-02-15T15:38:45-00:00

(2006)

The Trusted Computing Group (TCG) has addressed a new generation of computing platforms employing both supplemental hardware and software with the primary goal to improve the security and the trustworthiness of future IT systems. The core component of the TCG proposal is the Trusted Platform Module (TPM) providing certain cryptographic functions. Many vendors currently equip their platforms with a TPM claiming to be TCG compliant. However, there is no feasible way for application developers and users of TPM-enabled systems to verify this compliance. In practice, manufacturers may exploit the flexibility that the specification itself provides, or they may deviate from it by inappropriate design that might lead to security vulnerabilities. Hence, it is crucial to have an independent means for testing the compliance as well as analyzing the security of different TPMs. In this paper, we aim at making the first steps towards fulfilling this requirement: We have developed a test strategy as well as a prototype test suite for TPM compliance testing. Although our test does not cover the complete TCG specification, our test results show that many TPM implementations do not meet the TCG specification and have bugs. Moreover, we discuss that non-compliance may have crucial impact on security, and point out the corresponding security problems in case of a widespread TPM.

Protecting the creation of digital signatures with trusted computing platform technology against attacks by Trojan Horse programs

Adrian Spalka — 2008-02-20T12:08:13-00:00

(2001), pp. 403-419.

A Comparison of Commercial and Military Computer Security Policies

DD Clark — 2008-02-15T15:12:49-00:00

(1987), pp. 184-194.

Towards Trustworthy Virtualisation Environments: Xen Library OS Security Service Infrastructure

Melvin Anderson — 2008-02-21T17:39:35-00:00

No. HPL-2007-69. (April 2007)

New cost effective commodity PC hardware now includes fully virtualisable processors and the Trusted Computing Group's trusted platform module (TPM). This provides the opportunity to combine virtualisation, trusted computing and open source software development to tackle the security challenges modern computing faces. We believe that leveraging this technology to partition critical operating system services and applications into small modules with strictly controlled interactions is a good way to improve trustworthiness. To support the development of small applications running in Xen domains we built a library OS. We ported the GNU cross-development tool chain and standard C libraries to the small operating system kernel included with the Xen distribution, and wrote an inter-domain communications (IDC) library for communications between Xen domains. To confirm the usability of our library OS we ported a software TPM to run on it as a typical application. We evaluated the performance of our IDC system and showed that it has good performance for the applications we envisage. We have shown that a lightweight library OS offers a convenient and practical way of reducing the trusted computing base of applications by running security sensitive components in separate Xen domains.

vTPM: Virtualizing the Trusted Platform Module

Stefan Berger — 2008-02-21T17:29:19-00:00

(August 2006), pp. 305-320.

Intel's Security Vision for Xen

Carlos Rozas — 2008-02-21T17:44:26-00:00

(April 2005)

Building a High-Performance, Programmable Secure Coprocessor

Sean Smith — 2008-02-22T18:03:24-00:00

Computer Networks, Vol. 31, No. 8. (April 1999), pp. 831-860.

Trusting Trusted Hardware: Towards a Formal Model for Programmable Secure Coprocessors

Sean Smith — 2007-06-17T20:05:13-00:00

pp. 83-98.

Secure coprocessors provide a foundation for many exciting electronic commerce applications, as previous work [20,21] has demonstrated. As our recent work [6, 13, 14] has explored, building a high-end secure coprocessor that can be easily programmed and deployed by a wide range of third parties can be an important step toward realizing this promise. But this step requires trusting trusted hardware -- and achieving this trust can be difficult in the face of a problem and solution space that can...

Integrity (I) codes: message integrity protection and authentication over insecure channels

M Cagalj — 2007-11-23T00:58:10-00:00

Security and Privacy, 2006 IEEE Symposium on (2006), 15 pp..

Inspired by unidirectional error detecting codes that are used in situations where only one kind of bit errors are possible (e.g., it is possible to change a bit "0" into a bit "1", but not the contrary), we propose integrity codes (I-codes) for a radio communication channel, which enable integrity protection of messages exchanged between entities that do not hold any mutual authentication material (i.e. public keys or shared secret keys). The construction of I-codes enables a sender to encode any message such that if its integrity is violated in transmission over a radio channel, the receiver is able to detect it. In order to achieve this, we rely on the physical properties of the radio channel. We analyze in detail the use of I-codes on a radio communication channel and we present their implementation on a Mica2 wireless sensor platform as a "proof of concept". We finally introduce a novel concept called "authentication through presence" that can be used for several applications, including for key establishment and for broadcast authentication over an insecure radio channel. We perform a detailed analysis of the security of our coding scheme and we show that it is secure with respect to a realistic attacker model.

NetSpy: Automatic Generation of Spyware Signatures for NIDS

Hao Wang — 2007-07-08T01:24:56-00:00

Computer Security Applications Conference, 2006. ACSAC '06. 22nd Annual (2006), pp. 99-108.

We present NetSpy, a tool to automatically generate network-level signatures for spyware. NetSpy determines whether an untrusted program is spyware by correlating user input with network traffic generated by the untrusted program. If classified as spyware, NetSpy also generates a signature characterizing the malicious substrate of the spyware's network behavior. Such a signature can be used by network intrusion detection systems to detect spyware installations in large networks. In our experiments, NetSpy precisely identified each of the 7 spyware programs that we considered and generated network-level signatures for them. Of the 9 supposedly-benign programs that we considered, NetSpy correctly characterized 6 of them as benign. The remaining 3 programs showed network behavior that was highly suggestive of spying activity

Extended protection against stack smashing attacks without performance loss

Younan — 2008-02-16T18:07:11-00:00

Extended Protection against Stack Smashing Attacks without Performance Loss

Yves Younan — 2008-02-16T18:05:28-00:00

Computer Security Applications Conference, 2006. ACSAC '06. 22nd Annual (2006), pp. 429-438.

In this paper we present an efficient countermeasure against stack smashing attacks. Our countermeasure does not rely on secret values (such as canaries) and protects against attacks that are not addressed by state-of-the-art countermeasures. Our technique splits the standard stack into multiple stacks. The allocation of data types to one of the stacks is based on the chances that a specific data element is either a target of attacks and/or an attack vector. We have implemented our solution in a C-compiler for Linux. The evaluation shows that the overhead of using our countermeasure is negligible

Implications of Radio Fingerprinting on the Security of Sensor Networks

Kasper Rasmussen — 2008-02-14T16:23:07-00:00

(2007)

AutoPaG: towards automated software patch generation with source code root cause identification and repair

Zhiqiang Lin — 2008-02-07T14:12:01-00:00

(2007), pp. 329-340.

A key-distribution scheme for wireless home automation networks

A Wacker — 2008-02-05T15:55:35-00:00

Consumer Communications and Networking Conference, 2004. CCNC 2004. First IEEE (2004), pp. 47-52.

Wireless home automation networks are one example of how wireless technologies may soon become part of our daily life, yet security in existing products is woefully inadequate. An important problem in this area is the question of secure key distribution. We present a key-distribution scheme geared towards home automation networks, but also applicable to other networks with related properties. Our approach uses a decentralized scheme that is designed to work on resource-poor devices, allows easy addition and removal of devices and limits the workload on the end user while guaranteeing the secrecy of the exchanged keys even in the presence of subverted nodes.

Key Exchange for Service Discovery in Secure Content Addressable Sensor Networks

Hans-Joachim Hof — 2008-01-31T14:04:58-00:00

Kommunikation in Verteilten Systemen (KiVS) (2007), pp. 139-150.

Secure Content Addressable Network (SCAN) is an architecture for service discovery in service centric sensor networks that enables dynamic service composition. This paper proposes two new security mechanisms for SCAN: Single Path Key Exchange (SPX) and Multi Path Key Exchange (MPX). Both security mechanisms allow two arbitrary nodes of SCAN to exchange a symmetric key for secure communication. We also propose to use replication service information and majority vote to achieve security. We evaluated the performance and security of Secure Content Addressable Networks with Single Path Key Exchange, Multi Path Key Exchange and replication using a worst case attack model. It has been found, that in a network with 1000 nodes and 5% malicious nodes the probability of a successful lookup operation is still 80%. The results of the simulation indicate, that the overhead and the security level of SCAN with SPX and MPX scale with an increasing number of nodes. The simulation results also show that SCAN is suitable for networks with 100 to 1000 nodes.

Design of a Secure Distributed Service Directory for Wireless Sensornetworks

Hans-Joachim Hof — 2008-01-30T16:22:28-00:00

Wireless Sensor Networks (2004), pp. 276-290.

Sensor networks consist of a potentially huge number of very small and resource limited self-organizing devices. This paper presents the design of a general distributed service directory architecture for sensor networks which especially focuses on the security issues in sensor networks. It ensures secure construction and maintenance of the underlying storage structure, a Content Addressable Network. It also considers integrity of the distributed service directory and secures communication between service provider and inquirer using self-certifying path names. Key area of application of this architecture are gradually extendable sensor networks where sensors and actuators jointly perform various user defined tasks, e.g., in the field of an office environment.

Secretly Monopolizing the CPU Without Superuser Privileges

Dan — 2007-10-31T11:32:10-00:00

pp. 239-256.

We describe a “cheat” attack, allowing an ordinary process to hijack any desirable percentage of the CPU cycles without requiring superuser/administrator privileges. Moreover, the nature of the attack is such that, at least in some systems, listing the active processes will erroneously show the cheating process as not using any CPU resources: the “missing” cycles would either be attributed to some other process or not be reported at all (if the machine is otherwise idle). Thus, certain malicious operations generally believed to have required overcoming the hardships of obtaining root access and installing a rootkit, can actually be launched by non-privileged users in a straightforward manner, thereby making the job of a malicious adversary that much easier. We show that most major general-purpose operating systems are vulnerable to the cheat attack, due to a combination of how they account for CPU usage and how they use this information to prioritize competing processes. Furthermore, recent scheduler changes attempting to better support interactive workloads increase the vulnerability to the attack, and naive steps taken by certain systems to reduce the danger are easily circumvented. We show that the attack can nevertheless be defeated, and we demonstreate this by implementing a patch for Linux that eliminates the problem with negligible overhead.

OSLO: Improving the Security of Trusted Computing

Bernhard Kauer — 2007-10-31T11:31:03-00:00

pp. 229-237.

In this paper we describe bugs and ways to attack trusted computing systems based on a static root of trust such as Microsoft's Bitlocker. We propose to use the dynamic root of trust feature of newer x86 processors as this shortens the trust chain, can minimize the Trusted Computing Base of applications and is less vulnerable to TPM and BIOS attacks. To support our claim we implemented the Open Secure LOader (OSLO), the first publicly available bootloader based on AMDs <TT>skinit</TT> instruction.

Proximity Breeds Danger: Emerging Threats in Metro-area Wireless Networks

2007-10-31T11:24:23-00:00

pp. 323-338.

The growing popularity of wireless networks and mobile devices is starting to attract unwanted attention especially as potential targets for malicious activities reach critical mass. In this study, we try to quantify the threat from large-scale distributed attacks on wireless networks, and, more specifically, wifi networks in densely populated metropolitan areas. We focus on three likely attack scenarios: “wildfire” worms that can spread contagiously over and across wireless LANs, coordinated citywide phishing campaigns based on wireless spoofing, and rogue systems for compromising location privacy in a coordinated fashion. The first attack illustrates how dense wifi deployment may provide opportunities for attackers who want to quickly compromise large numbers of machines. The last two attacks illustrate how botnets can amplify wifi vulnerabilities, and how botnet power is amplified by wireless connectivity. To quantify these threats, we rely on real-world data extracted from wifi maps of large metropolitan areas in the States and Singapore. Our results suggest that a carefully crafted wireless worm can infect up to 80% of all wifi connected hosts in some metropolitan areas within 20 minutes, and that an attacker can launch phishing attacks or build a tracking system to monitor the location of 10-50% of wireless users in these metropolitan areas with just 1,000 zombies under his control.