P1: JDW
WL040C-01 WL040/Bidgoli-Vol III-Ch-01 June 24, 2003 10:39 Char Count= 0
FURTHERREADING 13forget.Retrieved 2001 from BusinessWeek.com Web
site: http://www.businessweek.com/bwdaily/dnflash/
may2001/nf20010515060.htm
Sloane, N. J. A., & Wyner, A. D. (Eds.). (1993).Claude
Elwood Shannon:Collected papers. New York: IEEE
Press.
Tippett, P. (2001). Stronger passwords aren’t. In-
formation Security. Retrieved 2001 from TruSe-
cure Corporation Web site: http://www.info
securitymag.com / articles / june01 / columnsexecutive
view.shtml
US v. ElcomSoft & Sklyarov FAQ. Retrieved May 23, 2003,
from http://www.eff.org/IP/DMCA/USvElcomsoft/
usvelcomsoftfaq.html
Zatko, P. “Mudge” (1999b).Vulnerabilities in the S/KEY
one time password system.Retrieved 1999 from L0pht
Heavy Industries, Inc., Web site: http://www.unix.geek.
org.uk/∼arny/junk/skeyflaws.htmlFURTHER READING
Barbalace, R. J. (1999),How to choose a good password
(and why you should). Retrieved 1999 from MIT
Student Information Processing Board Web site:
http://www.mit.edu/afs/sipb/project/doc/passwords/
passwords.html
Bobby, P. (2000).Password cracking using focused dictio-
naries.Retrieved 2000 from the SANS Institute Web
site: http://rr.sans.org/authentic/cracking.php
Botzum, K. (2001).Single sign on—A contrarian view.
Retrieved 2001 from IBM Software Services for
WebSphere Web site: http://www7b.software.ibm.com/
wsdd/library/techarticles/0108botzum/botzum.html
Cain & Abel [computer software]. Retrieved from http://
http://www.oxid.it
Cracklib and associated PAM modules [computer
software]. Retrieved from http://www.kernel.org/
pub/linux/libs/pam/Linux-PAM-html/pam.html
Curry, D. A. (1990).Improving the security of your Unix
system.Retrieved 1990 from Information and Telecom-
munications Sciences and Technology Division,
National Institutes of Health Web site: http://www.
alw.nih.gov/Security/Docs/unix-security.html
Cyberspace History List-Server (CYHIST). Retrieved from
http://maelstrom.stjohns.edu/archives/cyhist.html
Donovan, C. (2000).Strong passwords.Retrieved 2000
from the SANS Institute Web site: http://rr.sans.org/
policy/password.php
Elcomsoft [computer software]. Retrieved from http://
http://www.elcomsoft.com/prs.html
Frisch, A. (1999).Essential system administration(2nd
ed.). Sebestopol, CA: O’Reilly & Associates.
Intertek [computer software]. Retrieved from http://www.
intertek.org.uk/downloads
Jablon, D. P. (1997). Extended password key exchange
protocols immune to dictionary attack. InProceed-
ings of the 6th Workshop on Enabling TechnologiesIn-
frastructure for Collaborative Enterprises, Institute of
Electrical and Electronics Engineers, Inc. Retrieved
1997 from http://www.computer.org/proceedings/wet-
ice/7967/79670248abs.htm
John the Ripper [computer software]. Retrieved from
http://www.openwall.com/johnLC4 (L0phtcrack 4)[computer software]. Retrieved from
http://www.atstake.com
Litchfield, D. (2002). Hackproofing Oracle application
server (A guide to securing Oracle 9).Retrieved 2002
from NGSSoftware Web site: http://www.nextgenss.
com/papers/hpoas.pdf
Luby, M. and Rackoff, C. (1989). A study of password se-
curity.Journal of Cryptology, 1(3), 151–158.
McCullagh, D. (2001).Russian Adobe hacker busted.Re-
trieved 2001 from Wired.com Web site: http://www.
wired.com/news/politics/0,1283,45298,00.html
McGraw, G., and Viega, J. (2000).Protecting passwords:
Part 1. Retrieved 2000 from IBM Web site:
http://www-106.ibm.com/developerworks/security/
library/pass1/index.html?dwzone=security Microsoft
Personal Security Advisor [computer software],
retrieved from http://www.microsoft.com/security/mpsa
Morris, R. T., and Thompson, K. (1979). Password se-
curity: A case history.Communications of the ACM,
22 (11), 594–597.
Netscape (2002). Choosing a good password. Re-
trieved 2002 from Netscape Web site: http://www.
netscape.com/security/basics/passwords.html
Nomad, S. (1997).The unofficial NT hack FAQ.Retrie-
ved 1997 from http://www.nmrc.org/faqs/nt/index.html
Nordahl-Hagen, P. NET Password Recovery [computer
software]. Retrieved from http://home.eunet.no/∼
pnordahl/ntpasswd/
Npasswd [Computer software for SunOS 4/5, Digi-
tal Unix, HP/UX, and AIX]. Retrieved from http://
http://www.utexas.edu/cc/unix/software/npasswd
Pandora [computer software]. Retrieved from http://www.
nmrc.org/pandora
Passfilt [computer software]. Retrieved from http://
support.microsoft.com/support/kb/articles/Q161/9/90.
asp
Passlogix [computer software]. Retrieved from http://
http://www.passlogix.com
Raymond, E. S. (1999). A brief history of hackerdom. Re-
trieved 1999 from Eric. S. Raymond Web site: http://
tuxedo.org/∼esr/writings/hacker-history/
RealUser [computer software]. Retrieved from http://
http://www.realuser.com
Russell, R. (Ed.) (2002).Hack proofing your network.Syn-
gress Publishing.
Sabin, T. PWDUMP2 [computer software]. Retrieved from
http://www.webspan.net/∼tas/pwdump2
Sanjour, J., Arensburger, A., and Brink, A. (2000).Choos-
ing a good password.Retrieved 2000 from Computer
Science Department, University of Maryland Web site:
http://www.cs.umd.edu/faq/Passwords.shtml
SANS Institute (2002).The twenty most critical Inter-
net security vulnerabilities.Retrieved 2002 from The
Sans Institute Web site: http://www.sans.org/top20.htm
Schneier, B. (2000).Secrets & lies: Digital security in a net-
worked world.New York: Wiley.
Smith, R. E. (2001). Authentication: From passwords to
public keys. Boston: Addison Wesley Longman.
The FBI/SANS Twenty Most Critical Internet Secu-
rity Vulnerabilities.Retrieved from http://www.sans.
org/top20.htm
Zatko, P. “Mudge” (1999a).L0phtCrack 2.5 Readme.doc
L0pht Heavy Industries, Inc. [now @stake, Inc.]