乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,6]],"date-time":"2024-09-06T04:40:25Z","timestamp":1725597625917},"reference-count":140,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"4","license":[{"start":{"date-parts":[[2020,8,17]],"date-time":"2020-08-17T00:00:00Z","timestamp":1597622400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,10,1]]},"abstract":"Abstract<\/jats:title>\n We systematize the knowledge on data breaches into concise step-by-step breach workflows and use them to describe the breach methods. We present the most plausible workflows for 10 famous data breaches. We use information from a variety of sources to develop our breach workflows, however, we emphasize that for many data breaches, information about crucial steps was absent. We researched such steps to develop complete breach workflows; as such, our workflows provide descriptions of data breaches that were previously unavailable. For generalizability, we present a general workflow of 50 data breaches from 2015. Based on our data breach analysis, we develop requirements that organizations need to meet to thwart data breaches. We describe what requirements are met by existing security technologies and propose future research directions to thwart data breaches.<\/jats:p>","DOI":"10.2478\/popets-2020-0067","type":"journal-article","created":{"date-parts":[[2020,8,28]],"date-time":"2020-08-28T14:43:23Z","timestamp":1598625803000},"page":"153-174","source":"Crossref","is-referenced-by-count":16,"title":["SoK: Anatomy of Data Breaches"],"prefix":"10.56553","volume":"2020","author":[{"given":"Hamza","family":"Saleem","sequence":"first","affiliation":[{"name":"University of Southern California"}]},{"given":"Muhammad","family":"Naveed","sequence":"additional","affiliation":[{"name":"University of Southern California"}]}],"member":"35752","published-online":{"date-parts":[[2020,8,17]]},"reference":[{"key":"2022061423191175876_j_popets-2020-0067_ref_001_w2aab3b7c18b1b6b1ab1ab1Aa","unstructured":"[1] W. contributors, \u201cAshley madison data breach \u2014 Wikipedia, the free encyclopedia,\u201d Mar. 2020."},{"key":"2022061423191175876_j_popets-2020-0067_ref_002_w2aab3b7c18b1b6b1ab1ab2Aa","unstructured":"[2] C. Baraniuk, \u201cAshley madison: \u2018suicides\u2019 over website hack,\u201d Aug. 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_003_w2aab3b7c18b1b6b1ab1ab3Aa","unstructured":"[3] T. Lamont, \u201cLife after the ashley madison affair,\u201d Feb. 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_004_w2aab3b7c18b1b6b1ab1ab4Aa","doi-asserted-by":"crossref","unstructured":"[4] J. Pagliery, \u201cThe ashley madison hack ruined my life,\u201d Aug. 2015.10.1016\/S1353-4858(15)30080-5","DOI":"10.1016\/S1353-4858(15)30080-5"},{"key":"2022061423191175876_j_popets-2020-0067_ref_005_w2aab3b7c18b1b6b1ab1ab5Aa","unstructured":"[5] K. Zetter, \u201cHackers finally post stolen ashley madison data,\u201d 08 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_006_w2aab3b7c18b1b6b1ab1ab6Aa","unstructured":"[6] C. at Microsoft, \u201cAnatomy of a breach - how hackers break in and how you can fight back,\u201d tech. rep., Microsoft, Nov. 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_007_w2aab3b7c18b1b6b1ab1ab7Aa","unstructured":"[7] C. at MWR InfoSecurity, \u201cDetecting and deterring data exfiltration - guide for implementers,\u201d tech. rep., MWR InfoSecurity, Feb. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_008_w2aab3b7c18b1b6b1ab1ab8Aa","unstructured":"[8] C. at Symantec, \u201cAnatomy of a data breach - why breaches happen and what to do about it,\u201d tech. rep., Symantec."},{"key":"2022061423191175876_j_popets-2020-0067_ref_009_w2aab3b7c18b1b6b1ab1ab9Aa","unstructured":"[9] A. Rashid, R. Ramdhany, M. Edwards, S. M. Kibirige, A. Babar, D. Hutchison, and R. Chitchyan, \u201cDetecting and preventing data exfiltration,\u201d April 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_010_w2aab3b7c18b1b6b1ab1ac10Aa","unstructured":"[10] C. Bielinski, \u201cTrustwave global security report 2018,\u201d tech. rep., Trustwave, 2018."},{"key":"2022061423191175876_j_popets-2020-0067_ref_011_w2aab3b7c18b1b6b1ab1ac11Aa","unstructured":"[11] Y. Liu, A. Sarabi, J. Zhang, P. Naghizadeh, M. Karir, M. Bailey, and M. Liu, \u201cCloudy with a chance of breach: Forecasting cyber security incidents,\u201d in USENIX Security 15, 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_012_w2aab3b7c18b1b6b1ab1ac12Aa","doi-asserted-by":"crossref","unstructured":"[12] L. Bilge, Y. Han, and M. Dell\u2019Amico, \u201cRiskteller: Predicting the risk of cyber incidents,\u201d 10 2017.10.1145\/3133956.3134022","DOI":"10.1145\/3133956.3134022"},{"key":"2022061423191175876_j_popets-2020-0067_ref_013_w2aab3b7c18b1b6b1ab1ac13Aa","doi-asserted-by":"crossref","unstructured":"[13] K. M. Gatzlaff and K. A. McCullough, \u201cThe effect of data breaches on shareholder wealth,\u201d RMIR, pp. 61\u201383, 2010.10.1111\/j.1540-6296.2010.01178.x","DOI":"10.1111\/j.1540-6296.2010.01178.x"},{"key":"2022061423191175876_j_popets-2020-0067_ref_014_w2aab3b7c18b1b6b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] P. Institute, \u201cCost of a data breach report 2019,\u201d tech. rep., Ponemon Institute, 2019.10.1016\/S1361-3723(19)30081-8","DOI":"10.1016\/S1361-3723(19)30081-8"},{"key":"2022061423191175876_j_popets-2020-0067_ref_015_w2aab3b7c18b1b6b1ab1ac15Aa","unstructured":"[15] J. Winter, \u201cNsa played key role linking north korea to sony hack,\u201d Jan. 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_016_w2aab3b7c18b1b6b1ab1ac16Aa","unstructured":"[16] G. Keizer, \u201cSony hackers targeted employees with fake apple id emails,\u201d April 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_017_w2aab3b7c18b1b6b1ab1ac17Aa","unstructured":"[17] J. Cox, \u201cYahoo \u2018aware\u2019 hacker is advertising 200 million supposed accounts on dark web,\u201d Aug. 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_018_w2aab3b7c18b1b6b1ab1ac18Aa","unstructured":"[18] B. Krebs, \u201cCards stolen in target breach flood underground markets,\u201d Dec. 2013."},{"key":"2022061423191175876_j_popets-2020-0067_ref_019_w2aab3b7c18b1b6b1ab1ac19Aa","unstructured":"[19] C. U. Libraries, \u201cEvaluating online sources.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_020_w2aab3b7c18b1b6b1ab1ac20Aa","unstructured":"[20] M. Zimdars, \u201cFalse, misleading, clickbait-y, and\/or satirical \u201cnews\u201d sources,\u201d 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_021_w2aab3b7c18b1b6b1ab1ac21Aa","unstructured":"[21] U. Libraries, \u201cFinding reliable sources: What is a reliable source?,\u201d Oct. 2019."},{"key":"2022061423191175876_j_popets-2020-0067_ref_022_w2aab3b7c18b1b6b1ab1ac22Aa","unstructured":"[22] U. Libraries, \u201cEvaluating internet resources.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_023_w2aab3b7c18b1b6b1ab1ac23Aa","unstructured":"[23] O. Celestino, \u201cWatering hole 101,\u201d Feb. 2013."},{"key":"2022061423191175876_j_popets-2020-0067_ref_024_w2aab3b7c18b1b6b1ab1ac24Aa","unstructured":"[24] Novetta, \u201cOperation blockbuster. unraveling the long thread of the sony attack.,\u201d tech. rep., Novetta, 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_025_w2aab3b7c18b1b6b1ab1ac25Aa","unstructured":"[25] RBA, \u201cA breakdown and analysis of the december, 2014 sony hack,\u201d 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_026_w2aab3b7c18b1b6b1ab1ac26Aa","unstructured":"[26] \u201cWikileaks sony breach archives,\u201d April 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_027_w2aab3b7c18b1b6b1ab1ac27Aa","unstructured":"[27] A. DeSimone, \u201cSony\u2019s nightmare before christmas,\u201d tech. rep., The Johns Hopkins University Applied Physics Laboratory, April 2018."},{"key":"2022061423191175876_j_popets-2020-0067_ref_028_w2aab3b7c18b1b6b1ab1ac28Aa","unstructured":"[28] G. Sanchez, \u201cCase study: Critical controls that sony should have implemented,\u201d tech. rep., SANS Intitute, June 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_029_w2aab3b7c18b1b6b1ab1ac29Aa","unstructured":"[29] D. E. Sangar, \u201cThe world once laughed at north korean cyberpower. no more.,\u201d 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_030_w2aab3b7c18b1b6b1ab1ac30Aa","unstructured":"[30] C. Osborne, \u201cSony hires fireeye\u2019s mandiant following internal security breach,\u201d Dec. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_031_w2aab3b7c18b1b6b1ab1ac31Aa","unstructured":"[31] \u201cTargeted destructive malware,\u201d Dec. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_032_w2aab3b7c18b1b6b1ab1ac32Aa","unstructured":"[32] C. at Microsoft, \u201cMs-smb: Server message block (smb) protocol,\u201d tech. rep., Microsoft, July 2013."},{"key":"2022061423191175876_j_popets-2020-0067_ref_033_w2aab3b7c18b1b6b1ab1ac33Aa","unstructured":"[33] W. contributors, \u201cServer message block \u2014 wikipedia - the free encyclopedia,\u201d 2019."},{"key":"2022061423191175876_j_popets-2020-0067_ref_034_w2aab3b7c18b1b6b1ab1ac34Aa","unstructured":"[34] W. contributors, \u201cLan manager \u2014 wikipedia - the free encyclopedia,\u201d 2018."},{"key":"2022061423191175876_j_popets-2020-0067_ref_035_w2aab3b7c18b1b6b1ab1ac35Aa","unstructured":"[35] W. contributors, \u201cNt lan manager \u2014 Wikipedia, the free encyclopedia,\u201d 2019."},{"key":"2022061423191175876_j_popets-2020-0067_ref_036_w2aab3b7c18b1b6b1ab1ac36Aa","unstructured":"[36] C. at Microsoft, \u201cMicrosoft kerberos,\u201d tech. rep., Microsoft, May 2018."},{"key":"2022061423191175876_j_popets-2020-0067_ref_037_w2aab3b7c18b1b6b1ab1ac37Aa","unstructured":"[37] C. Sanders, \u201cHow i cracked your windows password (part 1),\u201d Jan. 2010."},{"key":"2022061423191175876_j_popets-2020-0067_ref_038_w2aab3b7c18b1b6b1ab1ac38Aa","unstructured":"[38] Spiceworks, \u201cThe future of network and endpoint security,\u201d tech. rep., June 2019."},{"key":"2022061423191175876_j_popets-2020-0067_ref_039_w2aab3b7c18b1b6b1ab1ac39Aa","unstructured":"[39] J. MULLIGAN, \u201cProtecting personal consumer information from cyber attacks and data breaches,\u201d March 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_040_w2aab3b7c18b1b6b1ab1ac40Aa","unstructured":"[40] E. A. Haris, \u201cFor target, the breach numbers grow,\u201d Jan. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_041_w2aab3b7c18b1b6b1ab1ac41Aa","unstructured":"[41] \u201cCyxtera - easy solutions.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_042_w2aab3b7c18b1b6b1ab1ac42Aa","unstructured":"[42] J. Finkle, \u201cTarget cyber breach hits 40 million payment cards at holiday peak,\u201d Dec. 2013."},{"key":"2022061423191175876_j_popets-2020-0067_ref_043_w2aab3b7c18b1b6b1ab1ac43Aa","unstructured":"[43] A. Labs, \u201cThe untold story of the target attack step by step,\u201d tech. rep., Aorato Labs, August 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_044_w2aab3b7c18b1b6b1ab1ac44Aa","unstructured":"[44] K. Jarvis, \u201cInside a targeted point-of-sale data breach,\u201d tech. rep., Dell, Jan. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_045_w2aab3b7c18b1b6b1ab1ac45Aa","unstructured":"[45] ThreatScape, \u201cKaptoxa point-of-sale compromise,\u201d tech. rep., ThreatScape, Jan. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_046_w2aab3b7c18b1b6b1ab1ac46Aa","unstructured":"[46] B. Krebs, \u201cInside target corp., days after 2013 breach,\u201d Sep. 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_047_w2aab3b7c18b1b6b1ab1ac47Aa","unstructured":"[47] B. Krebs, \u201cNew clues in the target breach,\u201d Jan. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_048_w2aab3b7c18b1b6b1ab1ac48Aa","unstructured":"[48] B. Krebs, \u201cA first look at the target intrusion, malware,\u201d Jan. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_049_w2aab3b7c18b1b6b1ab1ac49Aa","unstructured":"[49] Semantic, \u201cTrojan.zbot,\u201d Jan. 2010."},{"key":"2022061423191175876_j_popets-2020-0067_ref_050_w2aab3b7c18b1b6b1ab1ac50Aa","unstructured":"[50] J. Segura, \u201cCitadel: a cyber-criminal\u2019s ultimate weapon?,\u201d Nov. 2012."},{"key":"2022061423191175876_j_popets-2020-0067_ref_051_w2aab3b7c18b1b6b1ab1ac51Aa","unstructured":"[51] P. Trivedi, \u201cFile inclusion attacks,\u201d Dec. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_052_w2aab3b7c18b1b6b1ab1ac52Aa","unstructured":"[52] M. Kumar, \u201c23-year-old russian hacker confessed to be original author of blackpos malware,\u201d Jan. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_053_w2aab3b7c18b1b6b1ab1ac53Aa","unstructured":"[53] C. Poulin, \u201cWhat retailers need to learn from the target breach to protect against similar attacks,\u201d Jan. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_054_w2aab3b7c18b1b6b1ab1ac54Aa","unstructured":"[54] C. at Microsoft, \u201cActive directory domain services overview,\u201d May 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_055_w2aab3b7c18b1b6b1ab1ac55Aa","unstructured":"[55] B. Ewaida, \u201cPass-the-hash attacks: Tools and mitigation,\u201d tech. rep., SANS Institute, 2010."},{"key":"2022061423191175876_j_popets-2020-0067_ref_056_w2aab3b7c18b1b6b1ab1ac56Aa","unstructured":"[56] \u201cMicrosoft ntlm,\u201d 2018."},{"key":"2022061423191175876_j_popets-2020-0067_ref_057_w2aab3b7c18b1b6b1ab1ac57Aa","unstructured":"[57] \u201cmimikatz.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_058_w2aab3b7c18b1b6b1ab1ac58Aa","unstructured":"[58] M. Russinovich, \u201cPsexec v2.2,\u201d June 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_059_w2aab3b7c18b1b6b1ab1ac59Aa","unstructured":"[59] N. Perlroth, \u201cYahoo says hackers stole data on 500 million users in 2014,\u201d Sept. 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_060_w2aab3b7c18b1b6b1ab1ac60Aa","unstructured":"[60] U. S. D. C. N. D. O. California, \u201cIndictment,\u201d Feb. 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_061_w2aab3b7c18b1b6b1ab1ac61Aa","unstructured":"[61] V. Goel, \u201cRussian agents were behind yahoo hack, u.s. says,\u201d March 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_062_w2aab3b7c18b1b6b1ab1ac62Aa","unstructured":"[62] M. Williams, \u201cInside the russian hack of yahoo: How they did it,\u201d Oct. 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_063_w2aab3b7c18b1b6b1ab1ac63Aa","unstructured":"[63] S. GALLAGHER and D. KRAVETS, \u201cHow did yahoo get breached? employee got spear phished, fbi suggests,\u201d Mar. 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_064_w2aab3b7c18b1b6b1ab1ac64Aa","unstructured":"[64] J. Goldman, \u201cRussian fsb officers charged with involvement in yahoo breach,\u201d March 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_065_w2aab3b7c18b1b6b1ab1ac65Aa","unstructured":"[65] A. Mitre, \u201cPrivilege escalation.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_066_w2aab3b7c18b1b6b1ab1ac66Aa","unstructured":"[66] B. Oliveira, \u201cMy 5 top ways to escalate privileges,\u201d Dec. 2012."},{"key":"2022061423191175876_j_popets-2020-0067_ref_067_w2aab3b7c18b1b6b1ab1ac67Aa","unstructured":"[67] N. Provos and D. Mazi\u00e8res, \u201cA future-adaptive password scheme,\u201d in Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC \u201999, pp. 32\u201332, USENIX Association, 1999."},{"key":"2022061423191175876_j_popets-2020-0067_ref_068_w2aab3b7c18b1b6b1ab1ac68Aa","unstructured":"[68] A. Mitre, \u201cDeep panda.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_069_w2aab3b7c18b1b6b1ab1ac69Aa","unstructured":"[69] \u201cMultistate targeted market conduct and financial examination,\u201d tech. rep., Dec. 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_070_w2aab3b7c18b1b6b1ab1ac70Aa","unstructured":"[70] J. DiMaggio, \u201cThe black vine cyberespionage group,\u201d tech. rep., Symantec, Aug. 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_071_w2aab3b7c18b1b6b1ab1ac71Aa","unstructured":"[71] \u201cSakula.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_072_w2aab3b7c18b1b6b1ab1ac72Aa","unstructured":"[72] \u201cSakula,\u201d 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_073_w2aab3b7c18b1b6b1ab1ac73Aa","unstructured":"[73] D. Stama, \u201cBackdoor.mivast,\u201d Feb. 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_074_w2aab3b7c18b1b6b1ab1ac74Aa","unstructured":"[74] A. Mitre, \u201cCredential dumping.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_075_w2aab3b7c18b1b6b1ab1ac75Aa","unstructured":"[75] A. Mitre, \u201cBypass user account control.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_076_w2aab3b7c18b1b6b1ab1ac76Aa","unstructured":"[76] \u201cThe opm data breach: How the government jeopardized our national security for more than a generation,\u201d tech. rep., Oversight and Government Reform, Sep. 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_077_w2aab3b7c18b1b6b1ab1ac77Aa","unstructured":"[77] B. Koerner, \u201cInside the cyberattack that shocked the us government,\u201d 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_078_w2aab3b7c18b1b6b1ab1ac78Aa","unstructured":"[78] \u201cPlugx,\u201d 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_079_w2aab3b7c18b1b6b1ab1ac79Aa","unstructured":"[79] A. Sternstein and J. Moore, \u201cTimeline: What we know about the opm breach (updated),\u201d June 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_080_w2aab3b7c18b1b6b1ab1ac80Aa","unstructured":"[80] Symantec, \u201cThe waterbug attack group,\u201d Jan. 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_081_w2aab3b7c18b1b6b1ab1ac81Aa","unstructured":"[81] GovCERT.ch, \u201cTechnical report about the espionage case at ruag,\u201d tech. rep., GovCERT, May 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_082_w2aab3b7c18b1b6b1ab1ac82Aa","unstructured":"[82] \u201cProcess injection.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_083_w2aab3b7c18b1b6b1ab1ac83Aa","unstructured":"[83] E. Snowden, Permanent Record. Metropolitan Books, 09 2019."},{"key":"2022061423191175876_j_popets-2020-0067_ref_084_w2aab3b7c18b1b6b1ab1ac84Aa","unstructured":"[84] \u201cReview of the unauthorized disclosures of former national security agency contractor edward snowden,\u201d tech. rep., House Permanent Select Committee on Intelligence, 9 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_085_w2aab3b7c18b1b6b1ab1ac85Aa","unstructured":"[85] ICO, \u201cCarphone warehouse monetary penalty notice,\u201d Jan. 2018."},{"key":"2022061423191175876_j_popets-2020-0067_ref_086_w2aab3b7c18b1b6b1ab1ac86Aa","unstructured":"[86] J. Leyden, \u201cHackers hid carphone warehouse breach with ddos smokescreen \u2013 report,\u201d Aug. 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_087_w2aab3b7c18b1b6b1ab1ac87Aa","unstructured":"[87] M. J. Schwartz, \u201cCarphone warehouse breach: \u2018striking\u2019 failures trigger fine,\u201d Jan. 2018."},{"key":"2022061423191175876_j_popets-2020-0067_ref_088_w2aab3b7c18b1b6b1ab1ac88Aa","unstructured":"[88] \u201cNikto web scanner.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_089_w2aab3b7c18b1b6b1ab1ac89Aa","unstructured":"[89] \u201cMeet wordpress.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_090_w2aab3b7c18b1b6b1ab1ac90Aa","unstructured":"[90] GAO, \u201cActions taken by equifax and federal agencies in response to the 2017 breach,\u201d tech. rep., United States Government Accountability Office, Aug. 2018."},{"key":"2022061423191175876_j_popets-2020-0067_ref_091_w2aab3b7c18b1b6b1ab1ac91Aa","unstructured":"[91] \u201cCVE-2017-5638.\u201d National Vulnerability Database, Mar. 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_092_w2aab3b7c18b1b6b1ab1ac92Aa","unstructured":"[92] S. Sahu, \u201cCve-2017-5638: Apache struts 2 vulnerability leads to remote code execution.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_093_w2aab3b7c18b1b6b1ab1ac93Aa","unstructured":"[93] G. Patidar, \u201cSecurity notice,\u201d May 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_094_w2aab3b7c18b1b6b1ab1ac94Aa","unstructured":"[94] G. Patidar, \u201cSecurity notice update,\u201d May 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_095_w2aab3b7c18b1b6b1ab1ac95Aa","unstructured":"[95] D. Goyal, \u201cSecurity update \u2013 what really happened? and what next?,\u201d May 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_096_w2aab3b7c18b1b6b1ab1ac96Aa","unstructured":"[96] L. Franceschi-Bicchierai, \u201cCrowdfunding site patreon gets hacked,\u201d Oct. 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_097_w2aab3b7c18b1b6b1ab1ac97Aa","unstructured":"[97] M. McGee, \u201cFraud case centers on alleged stolen pediatric clinic data,\u201d Sep. 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_098_w2aab3b7c18b1b6b1ab1ac98Aa","unstructured":"[98] ICO, \u201cTalktalk cyber attack \u2013 how the ico\u2019s investigation unfolded,\u201d Oct. 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_099_w2aab3b7c18b1b6b1ab1ac99Aa","unstructured":"[99] C. at DataBreaches.net, \u201cMx: Vivanuncios user data stolen by hacker (nah \u2013 scraped by competitor),\u201d Mar. 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_100_w2aab3b7c18b1b6b1ab1ad100Aa","unstructured":"[100] H. Journal, \u201cNorth east medical services hipaa breach reported: 69,246 affected,\u201d Aug 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_101_w2aab3b7c18b1b6b1ab1ad101Aa","unstructured":"[101] A. Greenberg, \u201cOakland family services notifies 16k clients of information breach,\u201d Sep. 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_102_w2aab3b7c18b1b6b1ab1ad102Aa","unstructured":"[102] BreachLevelIndex, \u201cData breach database.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_103_w2aab3b7c18b1b6b1ab1ad103Aa","doi-asserted-by":"crossref","unstructured":"[103] E. Bursztein, B. Benko, D. Margolis, and T. Pietraszek, \u201cHandcrafted fraud and extortion: Manual account hijacking in the wild,\u201d in IMC \u201914, 2014.10.1145\/2663716.2663749","DOI":"10.1145\/2663716.2663749"},{"key":"2022061423191175876_j_popets-2020-0067_ref_104_w2aab3b7c18b1b6b1ab1ad104Aa","doi-asserted-by":"crossref","unstructured":"[104] M. Golla, M. Wei, J. Hainline, L. Filipe, M. D\u00fcrmuth, E. Redmiles, and B. Ur, \u201c\u201cwhat was that site doing with my facebook password?\u201d: Designing password-reuse notifications,\u201d CCS \u201918, 2018.10.1145\/3243734.3243767","DOI":"10.1145\/3243734.3243767"},{"key":"2022061423191175876_j_popets-2020-0067_ref_105_w2aab3b7c18b1b6b1ab1ad105Aa","doi-asserted-by":"crossref","unstructured":"[105] S. Axelsson, \u201cThe base-rate fallacy and the difficulty of intrusion detection,\u201d Aug. 2000.10.1145\/319709.319710","DOI":"10.1145\/319709.319710"},{"key":"2022061423191175876_j_popets-2020-0067_ref_106_w2aab3b7c18b1b6b1ab1ad106Aa","doi-asserted-by":"crossref","unstructured":"[106] K. Krol, M. Moroz, and M. A. Sasse, \u201cDon\u2019t work. can\u2019t work? why it\u2019s time to rethink security warnings,\u201d in 2012 CRiSIS, pp. 1\u20138, Oct 2012.10.1109\/CRISIS.2012.6378951","DOI":"10.1109\/CRISIS.2012.6378951"},{"key":"2022061423191175876_j_popets-2020-0067_ref_107_w2aab3b7c18b1b6b1ab1ad107Aa","doi-asserted-by":"crossref","unstructured":"[107] H. Cavusoglu, H. Cavusoglu, and J. Zhang, \u201cSecurity patch management: Share the burden or share the damage?,\u201d 2008.10.1287\/mnsc.1070.0794","DOI":"10.1287\/mnsc.1070.0794"},{"key":"2022061423191175876_j_popets-2020-0067_ref_108_w2aab3b7c18b1b6b1ab1ad108Aa","unstructured":"[108] Microsoft, \u201cMicrosoft security intelligence report,\u201d tech. rep., Dec. 2013."},{"key":"2022061423191175876_j_popets-2020-0067_ref_109_w2aab3b7c18b1b6b1ab1ad109Aa","doi-asserted-by":"crossref","unstructured":"[109] R. Shay, I. Ion, R. W. Reeder, and S. Consolvo, \u201c\u201cmy religious aunt asked why i was trying to sell her viagra\u201d: Experiences with account hijacking,\u201d in SIGCHI CHI \u201914, 2014.10.1145\/2556288.2557330","DOI":"10.1145\/2556288.2557330"},{"key":"2022061423191175876_j_popets-2020-0067_ref_110_w2aab3b7c18b1b6b1ab1ad110Aa","unstructured":"[110] Dissent, \u201cUpdate: Sterlingbackcheck breach impacted 100,000,\u201d Aug. 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_111_w2aab3b7c18b1b6b1ab1ad111Aa","unstructured":"[111] P. Institute, \u201cMeasuring and managing the cyber risks to business operations,\u201d tech. rep., Ponemon Institute, 2019."},{"key":"2022061423191175876_j_popets-2020-0067_ref_112_w2aab3b7c18b1b6b1ab1ad112Aa","unstructured":"[112] P. Institute, \u201cData risk in the third-party ecosystem,\u201d tech. rep., Ponemon Institute LLC, November 2018."},{"key":"2022061423191175876_j_popets-2020-0067_ref_113_w2aab3b7c18b1b6b1ab1ad113Aa","unstructured":"[113] J. Finkle, \u201cMillions of t-mobile customers exposed in experian breach,\u201d Oct. 2015."},{"key":"2022061423191175876_j_popets-2020-0067_ref_114_w2aab3b7c18b1b6b1ab1ad114Aa","doi-asserted-by":"crossref","unstructured":"[114] S. Alneyadi, E. Sithirasenan, and V. Muthukkumarasamy, \u201cA survey on data leakage prevention systems,\u201d NCA, 2016.10.1016\/j.jnca.2016.01.008","DOI":"10.1016\/j.jnca.2016.01.008"},{"key":"2022061423191175876_j_popets-2020-0067_ref_115_w2aab3b7c18b1b6b1ab1ad115Aa","unstructured":"[115] M. Alvarez, \u201cAre you digging deep? when antivirus is not enough,\u201d Oct. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_116_w2aab3b7c18b1b6b1ab1ad116Aa","doi-asserted-by":"crossref","unstructured":"[116] J. Reynolds, T. Smith, K. Reese, L. Dickinson, S. Ruoti, and K. Seamons, \u201cA tale of two studies: The best and worst of yubikey usability,\u201d 05 2018.10.1109\/SP.2018.00067","DOI":"10.1109\/SP.2018.00067"},{"key":"2022061423191175876_j_popets-2020-0067_ref_117_w2aab3b7c18b1b6b1ab1ad117Aa","doi-asserted-by":"crossref","unstructured":"[117] K. Krol, E. Philippou, E. D. Cristofaro, and M. A. Sasse, \u201c\u201cthey brought in the horrible key ring thing!\u201d analysing the usability of two-factor authentication in uk online banking,\u201d ArXiv, 2015.10.14722\/usec.2015.23001","DOI":"10.14722\/usec.2015.23001"},{"key":"2022061423191175876_j_popets-2020-0067_ref_118_w2aab3b7c18b1b6b1ab1ad118Aa","unstructured":"[118] D. D. Strouble, M. Alan, and S. Alsop, \u201cProductivity and usability effects of using a two-factor security system,\u201d 01 2009."},{"key":"2022061423191175876_j_popets-2020-0067_ref_119_w2aab3b7c18b1b6b1ab1ad119Aa","unstructured":"[119] K. Zetter, \u201cHow ram scrapers work: The sneaky tools behind the latest credit card hacks,\u201d Sep. 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_120_w2aab3b7c18b1b6b1ab1ad120Aa","unstructured":"[120] G. Bruneau, \u201cScanning for apache struts vulnerability cve-2017-5638,\u201d Mar. 2018."},{"key":"2022061423191175876_j_popets-2020-0067_ref_121_w2aab3b7c18b1b6b1ab1ad121Aa","doi-asserted-by":"crossref","unstructured":"[121] J. Beekman, J. Manferdelli, and D. Wagner, \u201cAttestation transparency: Building secure internet services for legacy clients,\u201d 05 2016.10.1145\/2897845.2897895","DOI":"10.1145\/2897845.2897895"},{"key":"2022061423191175876_j_popets-2020-0067_ref_122_w2aab3b7c18b1b6b1ab1ad122Aa","unstructured":"[122] B. Fisch, D. Vinayagamurthy, D. Boneh, and S. Gorbunov, \u201cIron: Functional encryption using intel sgx,\u201d in 2017 ACM SIGSAC, 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_123_w2aab3b7c18b1b6b1ab1ad123Aa","unstructured":"[123] A. Gribov, D. Vinayagamurthy, and S. Gorbunov, \u201cStealthdb: a scalable encrypted database with full sql query support,\u201d PoPETs, 11 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_124_w2aab3b7c18b1b6b1ab1ad124Aa","unstructured":"[124] C. che Tsai, D. E. Porter, and M. Vij, \u201cGraphene-sgx: A practical library OS for unmodified applications on SGX,\u201d in (USENIX ATC 17), July 2017."},{"key":"2022061423191175876_j_popets-2020-0067_ref_125_w2aab3b7c18b1b6b1ab1ad125Aa","doi-asserted-by":"crossref","unstructured":"[125] S. Eskandarian, J. Cogan, S. Birnbaum, and Brandon, \u201cFidelius: Protecting user secrets from compromised browsers,\u201d 09 2018.10.1109\/SP.2019.00036","DOI":"10.1109\/SP.2019.00036"},{"key":"2022061423191175876_j_popets-2020-0067_ref_126_w2aab3b7c18b1b6b1ab1ad126Aa","doi-asserted-by":"crossref","unstructured":"[126] J. C. Lee and D. S. McCrickard, \u201cTowards extreme(ly) usable software: Exploring tensions between usability and agile software development,\u201d in AGILE 2007, 2007.10.1109\/AGILE.2007.63","DOI":"10.1109\/AGILE.2007.63"},{"key":"2022061423191175876_j_popets-2020-0067_ref_127_w2aab3b7c18b1b6b1ab1ad127Aa","unstructured":"[127] R. Wash, E. Rader, K. Vaniea, and M. Rizor, \u201cOut of the loop: How automated software updates cause unintended security consequences,\u201d in SOUPS 2014), July 2014."},{"key":"2022061423191175876_j_popets-2020-0067_ref_128_w2aab3b7c18b1b6b1ab1ad128Aa","doi-asserted-by":"crossref","unstructured":"[128] K. Vaniea and Y. Rashidi, \u201cTales of software updates: The process of updating software,\u201d 05 2016.10.1145\/2858036.2858303","DOI":"10.1145\/2858036.2858303"},{"key":"2022061423191175876_j_popets-2020-0067_ref_129_w2aab3b7c18b1b6b1ab1ad129Aa","unstructured":"[129] M. MAILONLINE, \u201c\u2018i was sent a video of my wife having sex\u2019,\u201d Aug. 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_130_w2aab3b7c18b1b6b1ab1ad130Aa","unstructured":"[130] \u201cPass the ticket.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_131_w2aab3b7c18b1b6b1ab1ad131Aa","unstructured":"[131] \u201cSnopes is the internet\u2019s definitive fact-checking resource.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_132_w2aab3b7c18b1b6b1ab1ad132Aa","unstructured":"[132] \u201cLatest email and social media hoaxes - current internet scams - hoax-slayer.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_133_w2aab3b7c18b1b6b1ab1ad133Aa","unstructured":"[133] \u201cPoliti fact, the poynter institute.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_134_w2aab3b7c18b1b6b1ab1ad134Aa","unstructured":"[134] \u201cFactcheck.org a project of the annenberg public policy center.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_135_w2aab3b7c18b1b6b1ab1ad135Aa","unstructured":"[135] \u201cMedia bias\/fact check the most comprehensive media bias resource.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_136_w2aab3b7c18b1b6b1ab1ad136Aa","unstructured":"[136] \u201cMuck rack for journalists.\u201d"},{"key":"2022061423191175876_j_popets-2020-0067_ref_137_w2aab3b7c18b1b6b1ab1ad137Aa","unstructured":"[137] H. Williams, \u201cEx-talk talk ceo shares lessons from massive 2015 data breach,\u201d June 2018."},{"key":"2022061423191175876_j_popets-2020-0067_ref_138_w2aab3b7c18b1b6b1ab1ad138Aa","unstructured":"[138] S. Khandelwal, \u201cTwo talktalk hackers jailed for 2015 data breach that cost it \u00a377 million,\u201d Nov. 2018."},{"key":"2022061423191175876_j_popets-2020-0067_ref_139_w2aab3b7c18b1b6b1ab1ad139Aa","unstructured":"[139] M. J. Schwartz, \u201cTalktalk slammed with record fine over breach,\u201d Oct. 2016."},{"key":"2022061423191175876_j_popets-2020-0067_ref_140_w2aab3b7c18b1b6b1ab1ad140Aa","unstructured":"[140] Z. Rodionova, \u201cTalktalk given record fine over data breach that led to data theft of nearly 157,000 customers,\u201d Oct. 2016."}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/content.sciendo.com\/view\/journals\/popets\/2020\/4\/article-p153.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2020-0067","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:31:09Z","timestamp":1658334669000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2020\/popets-2020-0067.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,8,17]]},"references-count":140,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2020,8,17]]},"published-print":{"date-parts":[[2020,10,1]]}},"alternative-id":["10.2478\/popets-2020-0067"],"URL":"https:\/\/doi.org\/10.2478\/popets-2020-0067","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,8,17]]}}}