DOCUMENT FORGERY
SECURITY POLICIES FOR DOCUMENT SECURITY
Network Security has its own outline or schema for security policies that range in topics from Router Security to Acceptable Use to Firewall Con-figuration. This outline concentrates solely upon topics appropriate to the major issue of Document Security. To organize the topics conceptually, the outline moves from the outermost area of security concern, the world ex-ternal to the organization’s security boundary, to the innermost assets of the organization.
Policies External
Documents Permitted in External Environment Document and Media Disposal
Encryption Policies Mobile Devices
Travel Security for Sensitive Information Perimeter
Public Security Zone
Business Channels Monitoring and Security Internal
Internal Security Zone Document Classification
Physical Security for Documents Media Reuse
Inner Core
Sensitive Security Zone Confidential Zone High Security Zone
153
The general concerns in drafting security policies for Document Security are as follows:
1. Clarity. Policies must have a high level of readability. Employees must understand what is expected of them without jargon or highly tech-nical language.
2. Accessibility. Policies should be on an Intranet or a Wiki where em-ployees may access them quickly and search them using keywords.
3. Relevancy. If policies are not kept current, they become irrelevant and only hinder security understanding.
4. Standards must be defined. Adherence to a policy requires setting stan-dards by which employees can conform. Failing to adopt agreed upon standards to measure adherence creates confusion and a lack of cred-ibility for the security effort.
5. Responsibility. Persons or job roles responsible for implementing a policy must be identified. Saying it is everyone’s responsibility means no one will take responsibility. Define who is responsible for which components of the policy.
6. Tools and resources. Describe all tools and resources necessary for the correct implementation of the policy.
7. Criteria. Establish the criteria for discriminating between documents and information assets. By which criteria will the security team classify documents? What factors determine the assigning of documents to particular security zones?
8. Auditing and testing. Describe the methods the organization will use to verify compliance to the Document Security policies on a periodic basis.
BIBLIOGRAPHY
Articles
Akapose, Wole: “E-mail security: A Review of Available Technologies,” The ISSA Jour-nal, February 2006. (Contains a section on CAPTCHA.)
Anastasia, George: “Big Brother and the Bookie,” Mother Jones( Jan–Feb 2002).
Andress, Jason: “Secure Data Deletion and Recovery,” The ISSA Journal, January 2007.
Lambrecht, Bill: “Discarded U.S. Computers for Sale in Nigeria, along with their Se-crets,” St. Louis Post-Dispatch, December 17, 2006.
Manning, Stephen: “The Biggest Threat to Computer Security? Carelessness,” Austin American-Statesman, June 19, 2006.
Meinel, Carolyn: “How Hackers Break In . . . and How They Are Caught,” Scientific American, October 1998.
Mendell, Ronald L.: “And, the Floppies Spoke for the Victim,” SecurityPortal, September 1999. (The article is no longer on the Web. Article covered floppies and magnets.) Mendell, Ronald L.: “Intelligence Gathering for ITSEC Professionals,” The ISSA
Jour-nal, December 2005.
Mendell, Ronald L.: “Internet Rhetoric for Security,” The ISSA Journal, August 2006.
Pham, Alex: “Bullies Invade Even the Virtual World,” Austin American-Statesman, Sep-tember 23, 2002.
Reichenberg, Nimrod: “Seven Steps to Secure USB Drives,” The ISSA Journal, January 2007.
Tyson, Dave: “Geeks and Guards: Leveraging the Corporate Guard Force.” The ISSA Journal, August, 2006.
Washington Poststaff: Article on “Multi-State Anti-Terrorism Information Exchange.”
Austin American-Statesman, August 6, 2003.
Wiredstaff: “Foil a Snooping Boss,” August 2006.
Books
Aristotle: The Art of Rhetoric. (translated by H.C. Lawson-Tanced), New York: Penguin, 1991.
Brown, Christopher L.T.: Computer Evidence: Collection & Preservation. Hingham, MA:
Charles River Media, 2006.
155
Caloyannides, Michael A.: Desktop Witness. Indianapolis, IN: John Wiley & Sons, Inc., 2002.
Capaldi, Nicholas: The Art of Deception. Buffalo, NY: Prometheus Books, 1979.
Casey, Eoghan: Digital Evidence and Computer Crime, 2nd Edition. San Diego, CA: Aca-demic Press, 2004.
Graves, Kimberly: CEH Official Certified Ethical Hacker Review Guide. Indianapolis, IN:
Sybex, 2007.
Harris, Shon: CISSP. Emeryville, CA: Berkeley, McGraw-Hill/Osborne, 2002.
Mendell, Ronald L.: How To Do Financial Asset Investigations, 3rd edition. Springfield, IL: Charles C. Thomas, 2006.
Mendell, Ronald L.: Investigating Computer Crime in the 21st Century, 2nd edition.
Springfield, IL: Charles C. Thomas, 2004.
Mitnick, Kevin D. and Simon, William L.: The Art of Deception. Indianapolis, IN: Wiley Publishing, 2002.
Mitnick, Kevin D. and Simon, William L.: The Art of Intrusion. Indianapolis, IN: Wiley Publishing, 2006.
Pirie, Madsen: How To Win Every Argument: The Use and Abuse of Logic. New York: Con-tinuum, 2006.
Schifreen, Robert: Defeating the Hacker. West Sussex, England: John Wiley & Sons, 2006.
Scott, Robert: The Investigator’s Little Black Book 3. Beverly Hills, CA: Crime Time Pub-lishing, 2002.
Solomon, Micheal G., Barrett, Diane, Broom, Neil: Computer Forensics Jump Start™.
Sybex, 2005.
The Knightmare: Secrets of a Super Hacker. Post Townsend, WA: Loompanics Unlim-ited, 1994.
Vacca, John R.: Computer Forensics: Computer Crime Scene Investigation. Hingham, MA:
Charles River Media, 2002.
Data Sheets
PortAuthority Technologies,”Information Risk Assessment: Information Leak Pre-vention for the Enterprise,” 2005.
Reconnex, “Feature Overview,” 2006.
Reconnex, “Information Protection. Always.,” 2006.
Reconnex, “iGuard 3600 Data Sheet,” 2006.
Electronic Documents
Ayers, Rick and Jansen, Wayne: “Guidelines on PDA Forensics.” NIST, August, 2004.
Guel, Michael D.: “A Short Primer for Developing Security Policies.” SANS Institute, 2001.
Keller, Alex: “Google Hacking: A Crash Course,” (PowerPoint file), Alex Keller is a Network/Systems Administrator for BSS Computing at San Francisco State
Uni-versity.
Shirani, Bram, CISSP: “Anti-forensics.” PowerPoint presentation, HTCIA Spring Training, 2002.
In Electronic Format on the Web
Appligent White Paper, “The Case for Content Security,” located at http://www.
appligent.com/docs/tech/ContentSecurity.pdf.
Barron, Anne, “Three Easy Steps for Gathering Intelligence at Trade Shows,” located at http://www.scipstore.org/scipstore.org_asp//news/cimp/v3i4article1.asp CAPTCHA Tutorial, located at http://www.captcha.biz/.
Digimarc®, “Combating Identity Document Counterfeiting,” located at http://www.
digimarc.com/govt/docs/dmrc_wp_combating.pdf.
Digimarc, “Enhancing Personal Identity Verification with Digital Watermarks,” located at http://csrc.nist.gov/piv-program/FIPS-201-Public-Comments/digimarc.pdf.
Goodell, Jeff, “How to Fake a Passport,” New York Times Magazine, February 10, 2002, located at http://www.globalpolicy.org/nations/citizen/2002/0210fake.htm.
Guel, Michele D., “The SANS Policy Primer,” (PDF format), located at http://www.
sans.org/resources/policies.
Kissel, Richard et al: “Guidelines for Media Sanitization,” (PDF file), National Institute of Standards and Technology (NIST) Special Publication 800-88, September 2006 lo-cated at http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf Long, Johnny, “Google Hacking Mini-Guide,” located at
http://www.informit.com/articles/article.asp?p=170880&rl=1.
Masse, Robert and Wang, Jian Hui, “Hacking with Google for Fun and Profit!,” lo-cated at http://www.gosecure.ca/SecInfo/library/WebApplication/GOOGLE-HACKING-GS1004.ppt
Metadatarisk, “The Dangers of Document Metadata: The Risks to Corporations,” lo-cated at http://www.metadatarisk.org/collateral/content_security_risks/US_Brief_
Dangers_of_Document_Metadata.pdf .
Microsoft Knowledge Base, “The Remove Hidden Data Tool for Office 2003 and Office XP,” located at http://support.microsoft.com/kb/834427.
Microsoft Knowledge Base, “How to Minimize Metadata in MS Word 2000 Docu-ments,” located at http://support.microsoft.com/kb/237361.
Microsoft Knowledge Base, “How to Minimize Metadata in Excel Documents,” lo-cated at http://support.microsoft.com/kb/223789.
Microsoft Knowledge Base, “How to Minimize Metadata in PowerPoint Documents,”
located at http://support.microsoft.com/kb/314797.
Microsoft Knowledge Base, “How to Minimize Metadata in PowerPoint 2002 Docu-ments,” located at http://support.microsoft.com/kb/314800.
Mitek Systems, “Combating Check Forgery,” located at http://miteksystems.com/
pdf/FPS%20White_paper.pdf.
National Security Agency., “Redacting with Confidence: How to Safely Publish San-itized Reports Converted from Word to PDF,” located at http://www.fas.
org/sgp/othergov/dod/nsa-redact.pdf.
Olzak, Tom, “Fundamentals of Storage Media Sanitation Part One,” June 2006, lo-cated at http://blogs.ittoolbox.com/security/adventures/archives/fundamentals-of-storage-media-sanitation-part-1-9407.
Olzak, Tom, “Fundamentals of Storage Media Sanitation Part Two,” June 2006, lo-cated at http://blogs.ittoolbox.com/security/adventures/archives/fundamentals-of-storage-media-sanitation-part-2-9559.
Olzak, Tom, “Fundamentals of Storage Media Sanitation Part Three,” June 2006, lo-cated at http://blogs.ittoolbox.com/security/adventures/archives/fundamentals-of-storage-media-sanitation-part-3-9680.
Payne, Donna, “Control Metadata in Your Legal Documents,” located at http://
office.microsoft.com/en-us/assistance/HA011400341033.aspx.
Payne, Donna and Lewis, Bruce, “EDD Showcase: Metadata: Are You Protected?,”
Law Technology News, August 2004, located at http://www.lawtechnews.com/r5/
showkiosk.asp?listing_id=430591.
Popescu, Alin C. and Farid, Harry, “Exposing Digital Forgeries by Detecting Duplicated Image Regions,” located at http://www.ists.dartmouth.edu/library/tr-2004-515.pdf.
Popular Science, “Debunking 9/11 Myths: Introduction with Forward by John Mc-Cain,” http://www.popularmechanics.com/technology/military_law/3491861.html.
Smith, Russell G., “Criminal Exploitation of New Technologies,” Trends & Issues, Aus-tralian Institute of Criminology, July 1998, No. 93, located at http://www.aic.
gov.au/publications/tandi/ti93.pdf.
Smith, Russell G., “Identity-related Economic Crime: Risks and Countermeasures,”
Trends & Issues, Australian Institute of Criminology, September 1999, No. 129, located at http://www.aic.gov.au/publications/tandi/ti129.pdf.
Sollicito, Michelle Johnston, “Securing Your Laptop,” located at http://www.informit.
com/articles/article.asp?p=174137&rl=1
Taylor, Laura, “PDA Security 101,” located at http://www.intranetjournal.com/articles/
200304/ij_04_07_03a.html
Ward, Mark., “The Hidden Dangers of Documents,” 18 August 2003, (BBC Web page), located at http://news.bbc.co.uk/2/hi/technology/3154479.stm.
Wikipedia, Article on CAPTCHA, located at http://en.wikipedia.org/wiki/CAPTCHA.
Unpublished Manuscript
Grayhat Research Corporation, Advanced Information Security Course, October 2006.
Useful Web Sites
Adobe (the security of PDF files) located at http://www.adobe.com/security.
“A Handbook of Rhetoric Devices” located at http://www.virtualsalt.com/ rhetoric.htm.
“Antisemitism on the Internet” located at http://www.jugendschutz.net/pdf/osce_
berlin.pdf.
ARIN (for checking IP addresses in North America) located at http://www.arin.
net/whois.
Better Business Bureau located at http://www.bbb.org.
Guidestar (for charitable organizations) located at http://www.guidestar.org.
Hoaxbusters at http://hoaxbusters.ciac.org/.
Metadatarisk.org (on the dangers of Metadata) located at http://www.metadatarisk.org.
Stealth Products located at http://www.computersecurity.com/stealth/computer_
tracker.htm and http://www.computersecurity.com/stealth/data_protector.htm.
“www.terror.net: How Modern terrorism Uses the Internet” located at http://www.
usip.org/pubs/specialreports/sr116.pdf.
A
Accumulation centers for documents, xi Aggregation of information, 24–25, 27, 31, 36,
42
Anti-forensics (see alsoComputer forensics), 103–122
countermeasures, using, 121–122 Attacks (see alsoTechniques)
brute-force, 93, 97
business channels, via (seeBusiness channels)
data aggregation, via (see Aggregation of information)
digital forgery, via (seeDocuments, forging)
encryption, on, 103–104
Google hacking, via (seeGoogle hack-ing)
IDS detecting, 46
information thieves, by, 48–50, 122, 129–130, 135, 139
infosphere, via (seeInfosphere) insiders, by, 50
keyboard, via, 71–72 outsiders, by, 49
social engineering, via (seeSocial engi-neering)
theft, by (seeTheft) B
BIOS (Basic Input/Output System), 91 Blogs, 25, 37, 39, 42, 124, 131, 134 Boolean searches, 38
Business channels (see alsoInformation leak-age), ix–x, 30, 41–54, 153 Business intelligence, 23, 25–26, 41, 66, 95
C
CAPTCHA, 51, 53, 155, 157–158
CD-ROMs (see alsoComputer media, optical), 74, 76, 77, 107, 112, 114
Chalkboards, xi, 76–78, 80
Cleansing, purging, and destruction of com-puter media (see alsoComputer
media, erasure of; Computer media, reuse of), 65–74
Collaborative spaces (on the Web), 129, 134 Comments in documents, 5–6, 8–9, 11–12,
16–19, 126
Computer forensics (see alsoAnti-forensics), viii, 65–66, 87–101, 103, 105–106, 110, 115, 117–118, 121–122, 144, 156
low-lying fruit, 87, 95 techniques, 94–98 tools, 99
Computer media
electronic, v, viii, xi, 144 erasure of, x, 61, 65–74
magnetic, v, ix, 65–74, 78, 86, 106–107, 139–140, 144, 151
Cookies (Internet browser), 88, 95, 98, 110, 112
Countermeasures
business channels, for, 44–48, 53–54 forgery, to, 142–146
intelligence gathering for, 39 least privilege in (seeLeast privilege) metadata, for, 10–15
mobile device theft, for, 64
security zones as (seeSecurity zones) trapped lists as (seeTrapping lists) Web-facing documents, for, 28–30,
38–39
Credentials (see alsoDocuments, forging), viii, x, 140–141
Cross-site scripting, 131
Customer lists, vii, 24–27, 30, 55, 83, 95, 109 D
Data
backup, 62
deleted and hidden files, 89–94 financial (seeFinancial data) forgotten, 5–6, 18, 87–88
161
INDEX
proprietary (seeProprietary data) residual (seeSlack space; Computer
media, persistence in)
Databases, vii, 24, 26–27, 29–30, 45–46, 59, 68, 83
Defense-in-depth, 49–50, 63–64, 68, 85 Degaussing, 67–72, 74, 106–107 Digital devices, viii, x, 39, 57, 61, 63, 81,
98–99, 105 Digital images, 44, 54, 144 Digital photography, 52–54, 94–95 Disinformation
Web pages and sites, on, viii, x, 124, 131–134, 136
DMZ (Demilitarized Zone, a segregated seg-ment on a network), 29
Documents
characteristics, 79 classifying, 81–86
comments (seeComments in docu-ments)
confidential, vii–viii, xi, 4, 28–31, 36, 39, 48, 53, 66, 81–82, 84, 88 electronic, v, xi, 3–4, 17–18, 20–21,
28–29, 45, 87, 94, 100–101, 123, 146–147, 151
electronic layers in, v
fingerprinting of, 45–46, 48, 50, 54 forging, xi, 137–151, 158
hallmarks of forgery, 137–138
identity (seeIdentity document counter-feiting)
metadata in, v, viii–ix, xi, 3–21, 72, 100–101, 104, 122, 136, 146, 151, 157–159
implications of, 4–10 palimpsest, as, v, 3, 110
paper, xi, 28–29, 44, 50, 75–78, 94, 143, 147
PDF (seePDF documents) physical, viii, x–xi, 28, 39, 44, 58,
75–86, 119, 123, 139, 142, 146, 148–150
properties (seeProperties in documents) reviewing and verifying, 146–151 sensitive, ix, 24–25, 28, 31, 39, 42–45,
48–54, 57–58, 65–66, 76, 78–79, 81–82, 85–86, 88, 97, 100–101, 104–105
types of, 29–30, 75–78
Web-facing, v, vii–ix, 23–39 Dumpsters and trash bins, xi, 85
DVDs (see alsoComputer media, optical), 20, 35, 45, 70, 74, 76–77, 99, 105–106 E
Electronic media (seeComputer media) E-mail, ix, 12, 17–18, 29, 39, 41–43, 45, 47,
52–55, 88–89, 94–95, 98–99, 101, 113, 121–122, 124, 126–130, 133, 135–136, 139, 141, 155
Emotional appeal (see alsoInternet rhetoric) Web pages using, 124, 136
Encryption, viii–x, 29, 54–55, 59–62, 64, 73, 93, 103, 106, 115–116, 118, 121–122, 153
tar archives in, 122 External publications, 54
F
Faxes and fax machines, 39, 43–45, 54, 69, 76, 79–80, 85–86, 139, 141–142 File systems (computer), 59, 113–114 Financial data, vii, 24–25, 27, 31, 130 Firewalls, 29–30
Forensics (seeComputer forensics) Forgery (seeDocuments, forging)
Fraud, viii, 123–124, 135, 137, 139–142, 146 FTP (File Transfer Protocol), ix, 17, 26, 39,
41–43, 54, 88, 119 G
George Orwell’s 1984, 47, 117
Google hacking, 7, 25–27, 30–36, 49, 157 GLB (Graham-Leach-Bliley Act), 29 Grayhat Research Corporation, 46
H
Hashes, 95–96, 100
HEX editor, 20–21, 92, 106, 110 Hiding data, 5, 118–119
common methods for, 5
HIPAA (Health Insurance Portability and Ac-countability Act), 29, 46
Holmes, Sherlock, 87
Host protected area of a hard drive (HPA), 91
I
Identifiers (seePersonal identifiers) Identity document counterfeiting, 138–142 IM (Instant messaging), ix, 39, 41–43, 45, 52,
54
Images (seeDigital images; JPEG images;
Steganography)
Information footprint (seeInfosphere) Information leakage, v, viii–ix, 3, 5, 9, 16–17,
24, 28, 30, 39, 41–54 types of, viii
Information security (ITSEC) information, 24 Information taboos (for posting on the Web),
31, 48, 109, 131
marketable personal data (see Market-able personal data)
personal identifiers (seePersonal identi-fiers)
Scarfo case example, 114–119 vital information, x, 89 Instant messaging (seeIM)
Intelligence (seeOpen source intelligence) Internet options (in Internet Explorer),
110–112
Internet rhetoric (seePersuasion; Predators online)
J
JPEG images, 91 K
Key information assets (data treasures), viii, 24, 107
Keyloggers, 116
Keystroke capturing (seeKeyloggers) L
Latency of information (seeMemory; Persis-tence; Locations for information la-tency)
Least privilege, 28, 53, 113 LSB (Least Significant Bit), 91
Locations for information latency, 43–45 Loss of confidentiality (seeDocuments,
confi-dential) M
Magnetic media (seeComputer media, mag-netic)
Marketable personal data, 23–25, 129 Marketing plans (see alsoProprietary data),
24–27, 48, 82–83, 95, 100 Media library, 76, 78, 85–86 Media sanitization policies, 72–73 Memory, 44–45, 52, 66–67, 69–72, 74, 77,
92–94, 99, 105, 120
Metadata (seeDocuments, metadata in) Microsoft Office, 3, 5–6, 10–11, 16–17 Microsoft Word, 3, 6–7, 9, 13–16, 18, 157 Mirrored images, xi
N
Network intrusion detection, 29–30, 46, 49 NIST Publication 66–69, 73, 80–88, 157
O
Obfuscation (see alsoCAPTCHA; Steganogra-phy), 130
Open source intelligence (OSI), 26
Optical media (seeComputer media, optical) Overwrites, 71–72
P
Palimpsest (seeDocuments, palimpsest, as) Passwords, 34, 43, 48–50, 60, 79–80, 93–94,
96–97, 104–105, 109, 113–114, 117, 120–121, 133, 144
PDA (Personal Digital Assistant), viii–x, 29, 39, 55, 57–59, 61–62, 68, 80, 98–99, 109, 122, 157–158
PDF documents, 11–12, 14–15, 32, 35–36, 158–159
Peer-to-peer (P2P) networks, 42, 54
Persistence (see alsoComputer media, reuse of;
Magnetic media; Electronic media;
Optical media), 65–74
Persona online (seePredators online) Personal identifiers, 24, 31, 48, 135 Persuasion, 124–131, 135
PGP (Pretty Good Privacy encryption), 59, 115 Privacy, 10–12, 25, 48, 52, 114–115, 117–118,
128
Properties in documents, ix, 4–8, 12, 15, 19, 21, 90
Proprietary data, vii, 18, 23–25, 27, 78, 81 Q
Querying the Web (seeGoogle hacking) R
Regular expressions (REGEX), 46, 48, 54 Reuse of computer media (seeComputer
media, reuse of) Risk management, 52–53 Routers, 69
S
Sanitizing
computer media, of (seeComputer media, erasure of)
Sarbanes-Oxley (SOX), 46, 78 Scarfo case (seeInfosphere, Scarfo case) Search engines (seeGoogle hacking) Security labels, 39
Security personnel
surveillance by, 80–81
Security policies, 47, 61, 73, 81, 83–84, 106, 153–154, 157
Security procedures, 50, 83–85
Security zones, 28–30, 38, 44–46, 49, 52–53, 65, 101, 153–154
Sensitive information (see alsoDocuments, sen-sitive), v, viii, xi, 3–4, 18–19, 23–24, 26, 28, 30, 38, 41–50, 52, 54–56, 59, 62, 64–68, 81–83, 92, 94–95, 103, 105–106, 108, 113, 115, 119, 120–123, 131, 135–136 Shredders, 57, 68, 75
Site inspections, 78–81
Slack space (see alsoComputer forensics), v, x, 65, 91–93, 95, 98, 104, 122
Sleuthing
metadata, for, 17–21
Social engineering, vii, 49, 51, 53, 133, 135, 143
Soft copy media, 67
Steganography (see alsoImages; Obfuscation), 51, 53, 91, 98, 122
Sticky notes, 60, 79–80, 86
Storage media (seeComputer media) Swap files (see alsoComputer forensics), xi,
93–94, 113, 122 T
Tar archives (seeEncryption, tar archives in) Techniques
aggregation (seeAggregation of infor-mation)
degaussing (seeDegaussing) digital forgery, of, 139–140 forensic, v, 3, 94–100
Google hacking (seeGoogle hacking) hiding information, 118–119 hiding text, 3, 7, 20
obfuscation, 51–52, 54
recovery of magnetic media, 71 sleuthing, 20–21
spotting a forgery, 137–138
uncovering Web-facing documents, 23, 25–26, 31
Theft
digital devices, of, x, 55–64
tracking service as a countermeasure to, 62
vulnerable places for, 63 Threat matrix, 109
Trace evidence (seeSlack space; Swap files) Tracking service
mobile digital devices, for, 62 Trade secrets (seeProprietary data)
Trapping lists, 53, 55 Types
computer media (seeComputer media, types of)
data, 20, 48
dictionaries (for password attacks), 97 documents (seeDocuments, type of) files, 35
filtering, of, 20 metadata, 6 sanitizing, of, 74 U
USB drive (Universal Serial Bus), xi, 45, 50, 66–67, 69–71, 73–74, 77, 88, 93–94, 113, 115, 120–121, 155
V
Verbal communications, 51, 54 Virtual memory, 94
VOIP (Voice Over IP), 51, 54
VPNs (Virtual Private Networks), 49, 58–59, 61–62, 64
Vulnerability
accessing, 63, 76, 119–120 W
Web-facing documents (seeDocuments, Web-facing)
Web pages, viii, 5–6, 18–19, 32–35, 54, 111, 123–136
evaluating, 123–136 trustworthiness of, 124–128 Whiteboards, x–xi, 75–78, 80–81, 85 WiFi access points, 119
Wikis, 124, 131, 134, 154 Williams, Paul, 46
Wireless computing, 58–59, 61, 119 X
X.509 certificates, 59