; --------------------------------------------------------------------- ; To submit, log into grace.umd.edu and use the following command: ; /submit 2017 fall ENEE 657 0101 17 update_revocation.bib ; --------------------------------------------------------------------- ; Required Readings @ARTICLE{ Yilek2009, title = {{When private keys are public}}, author = {Yilek, Scott and Rescorla, Eric and Shacham, Hovav and Enright, Brandon and Savage, Stefan}, journal = {Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference - IMC '09}, isbn = {9781605587714}, doi = {10.1145/1644893.1644896}, abstract = {We report on the aftermath of the discovery of a severe vul-nerability in the Debian Linux version of OpenSSL. Systems affected by the bug generated predictable random numbers, most importantly public/private keypairs. To study user response to this vulnerability, we collected a novel dataset of daily remote scans of over 50,000 SSL/TLS-enabled Web servers, of which 751 displayed vulnerable certificates. We report three primary results. First, as expected from pre-vious work, we find an extremely slow rate of fixing, with 30{\%} of the hosts vulnerable when we began our survey on day 4 after disclosure still vulnerable almost six months later. However, unlike conventional vulnerabilities, which typically show a short, fast fixing phase, we observe a much flatter curve with fixing extending six months after the an-nouncement. Second, we identify some predictive factors for the rate of upgrading. Third, we find that certificate author-ities continued to issue certificates to servers with weak keys long after the vulnerability was disclosed.}, year = {2009}, pages = {15}, url = {http://portal.acm.org/citation.cfm?doid=1644893.1644896}, keywords = {debian openssl vulnerability,n private keys are,public,results from the 2008}, studentfirstname ={}, studentlastname ={}, summary = {}, contribution1 ={}, contribution2 ={}, contribution3 ={}, contribution4 ={}, contribution5 ={}, weakness1 = {}, weakness2 = {}, weakness3 = {}, weakness4 = {}, weakness5 = {}, interesting = {high/med/low}, opinions = {}, } @ARTICLE{ Vaniea2016, title = {{Tales of Software Updates : The process of updating software}}, author = {Vaniea, Kami and Rashidi, Yasmeen}, journal = {Chi}, isbn = {9781450333627}, doi = {10.1145/2858036.2858303}, abstract = {Updates alter the way software functions by fixing bugs, changing features, and modifying the user interface. Sometimes changes are welcome, even anticipated, and sometimes they are unwanted leading to users avoiding potentially unwanted updates. If users delay or do not install updates it can have serious security implications for their computer. Updates are one of the primary mechanisms for correcting discovered vulnerabilities, when a user does not update they remain vulnerable to an increasing number of attacks. In this work we detail the process users go through when updating their software, including both the positive and negative issues they experience. We asked 307 survey respondents to provide two contrasting software update stories. Using content analysis we analysed the stories and found that users go through six stages while updating: awareness, deciding to update, preparation, installation, troubleshooting, and post state. We further detail the issues respondents experienced during each stage and the impact on their willingness to update.}, year = {2016}, pages = {3215--3226}, url = {http://doi.acm.org/10.1145/2858036.2858303}, keywords = {Human Factors,Security,Software Updates}, studentfirstname ={}, studentlastname ={}, summary = {}, contribution1 ={}, contribution2 ={}, contribution3 ={}, contribution4 ={}, contribution5 ={}, weakness1 = {}, weakness2 = {}, weakness3 = {}, weakness4 = {}, weakness5 = {}, interesting = {high/med/low}, opinions = {}, } ; BibTex cross-references (don't add anything here)