Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.

But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users.

Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless.

There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. "Security & Usability" is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computer

interaction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.

"Security & Usability" groups 34 essays into six parts:

Realigning Usability and Security---with careful attention to user-centered design principles, security and usability can be synergistic.

Authentication Mechanisms-- techniques for identifying and authenticating computer users.

Secure Systems--how system software can deliver or destroy a secure user experience.

Privacy and Anonymity Systems--methods for allowing people to control the release of personal information.

Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors (e.g.,

IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability.

The Classics--groundbreaking papers that sparked the field of security and usability.

This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.

This new edition of Practical Unix & Internet Security provides detailed coverage of today's increasingly important security and networking issues. Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.

Building Cocoa Applications takes a step-by-step approach to teaching developers how to build real graphics applications using Cocoa. By showing the basics of an application in one chapter and then layering additional functionality onto that application in subsequent chapters, the book keeps readers interested and motivated. Readers will see immediate results, and then go on to build onto what they've already achieved. By the end of the book, readers who have built the applications as they have read will have a solid understanding of what it really means to develop complete and incrementally more complex Cocoa applications.

This much expanded new edition explores web security risks and how to minimize them. Aimed at web users, administrators, and content providers, Web Security, Privacy & Commerce covers cryptography, SSL, the Public Key Infrastructure, digital signatures, digital certificates, privacy threats (cookies, log files, web logs, web bugs), hostile mobile code, and web publishing (intellectual property, P3P, digital payments, client-side digital signatures, code signing, PICS).