{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T09:33:03Z","timestamp":1761989583269,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319308050"},{"type":"electronic","value":"9783319308067"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-30806-7_8","type":"book-chapter","created":{"date-parts":[[2016,3,28]],"date-time":"2016-03-28T07:24:01Z","timestamp":1459149841000},"page":"122-137","source":"Crossref","is-referenced-by-count":6,"title":["POODLEs, More POODLEs, FREAK Attacks Too: How Server Administrators Responded to Three Serious Web Vulnerabilities"],"prefix":"10.1007","author":[{"given":"Benjamin","family":"Fogel","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shane","family":"Farmer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hamza","family":"Alkofahi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anthony","family":"Skjellum","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Munawar","family":"Hafiz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"8_CR1","unstructured":"Adamczyk, P., Hafiz, M., Johnson, R.: Non-compliant and proud: a case study of HTTP compliance. Technical report, UIUC (2008)"},{"key":"8_CR2","unstructured":"Al-Bassam, M.: Top Alexa 10,000 Heartbleed scan (2014). \n                    https:\/\/github.com\/musalbas\/heartbleed-masstest"},{"key":"8_CR3","doi-asserted-by":"crossref","unstructured":"Barrett, R., Kandogan, E., Maglio, P.P., Haber, E.M., Takayama, L.A., Prabaker, M.: Field studies of computer system administrators: analysis of system management tools and practices. In: CSCW 2004. ACM (2004)","DOI":"10.1145\/1031607.1031672"},{"key":"8_CR4","unstructured":"Beurdouche, B., Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., Zinzindohoue, J.K.: SMACK: state machine attacks (2015). \n                    https:\/\/www.smacktls.com\/"},{"key":"8_CR5","unstructured":"Blevins, B.: POODLE SSL vulnerability doesn\u2019t equal Heartbleed, but still bad (2014)"},{"key":"8_CR6","doi-asserted-by":"crossref","unstructured":"Botta, D., Werlinger, R., Gagn\u00e9, A., Beznosov, K., Iverson, L., Fels, S., Fisher, B.: Towards understanding it security professionals and their tools. In: SOUPS 2007. ACM (2007)","DOI":"10.1145\/1280680.1280693"},{"key":"8_CR7","volume-title":"Firewalls and Internet Security: Repelling the Wily Hacker","author":"W Cheswick","year":"2003","unstructured":"Cheswick, W., Bellovin, S., Rubin, A.: Firewalls and Internet Security: Repelling the Wily Hacker, 2nd edn. Addison-Wesley Professional, Reading (2003)","edition":"2"},{"key":"8_CR8","unstructured":"Dierks, T., Allen, C.: The TLS protocol"},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"Durumeric, Z., Kasten, J., Adrian, D., Halderman, J.A., Bailey, M., Li, F., Weaver, N., Amann, J., Beekman, J., Payer, M., Paxson, V.: The matter of heartbleed. In: IMC 2014. ACM (2014)","DOI":"10.1145\/2663716.2663755"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Durumeric, Z., Kasten, J., Bailey, M., Halderman, J.A.: Analysis of the https certificate ecosystem. In: IMC 2013. ACM (2013)","DOI":"10.1145\/2504730.2504755"},{"key":"8_CR11","unstructured":"Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: SEC 2013. USENIX Association (2013)"},{"key":"8_CR12","unstructured":"Fu, K., Sit, E., Smith, K., Feamster, N.: Dos and don\u2019ts of client authentication on the web. In: SSYM 2001. USENIX Association (2001)"},{"issue":"12","key":"8_CR13","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1145\/1898147.1898149","volume":"8","author":"Eben M. Haber","year":"2010","unstructured":"Haber, E.M., Kandogan, E., Maglio, P.: Collaboration in system administration. Queue 8(12), 10:10\u201310:20 (2010)","journal-title":"Queue"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Holz, R., Braun, L., Kammenhuber, N., Carle, G.: The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements. In: IMC 2011. ACM (2011)","DOI":"10.1145\/2068816.2068856"},{"key":"8_CR15","unstructured":"IBM developerWorks. The Secure Sockets Layer and Transport Layer Security. \n                    http:\/\/www.ibm.com\/developerworks\/library\/ws-ssl-security\/"},{"key":"8_CR16","doi-asserted-by":"crossref","unstructured":"Kranch, M., Bonneau, J.: Upgrading HTTPS in mid-air: an empirical study of strict transport security and key pinning. In: NDSS 2015. IEEE (2015)","DOI":"10.14722\/ndss.2015.23162"},{"key":"8_CR17","unstructured":"Langley, A.: POODLE attacks on sslv3, October 2014"},{"key":"8_CR18","unstructured":"Langley, A.: The POODLE bites again, December 2014"},{"key":"8_CR19","doi-asserted-by":"crossref","unstructured":"Lee, H., Malkin, T., Nahum, E.: Cryptographic strength of SSL\/TLS servers: current and recent practices. In: IMC 2007. ACM (2007)","DOI":"10.1145\/1298306.1298318"},{"key":"8_CR20","unstructured":"Lyon, G.: Download the free nmap security scanner for linux\/mac\/unix or windows (2015). \n                    https:\/\/nmap.org\/download.html"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Mahendiran, J., Hawkey, K.A., Zincir-Heywood, N.: Exploring the need for visualizations in system administration tools. In: CHI EA 2014. ACM (2014)","DOI":"10.1145\/2559206.2581338"},{"key":"8_CR22","unstructured":"Moeller, B.: TLS Signaling Cipher Suite Value (SCSV) for preventing protocol downgrade attacks"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Moore, D., Shannon, C., Claffy, K.: Code-Red: a case study on the spread and victims of an internet worm. In: IMW 2002. ACM (2002)","DOI":"10.1145\/637201.637244"},{"key":"8_CR24","unstructured":"Murray, E.: SSL server security survey (2000)"},{"key":"8_CR25","unstructured":"Opera Software ASA. operasoftware\/tlsprober (2014). \n                    https:\/\/github.com\/operasoftware\/tlsprober"},{"key":"8_CR26","unstructured":"Provos, N., Honeyman, P.: ScanSSH - scanning the internet for SSH servers. In: LISA 2001. USENIX Association (2001)"},{"key":"8_CR27","unstructured":"Rescorla, E.: Security holes... who cares? In: SSYM 2003. USENIX Association (2003)"},{"key":"8_CR28","volume-title":"The Coding Manual for Qualitative Researchers","author":"J Saldana","year":"2009","unstructured":"Saldana, J.: The Coding Manual for Qualitative Researchers. Sage Publications Limited, Singapore (2009)"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Sun, S.-T., Beznosov, K.: The devil is in the (implementation) details: an empirical analysis of oauth sso systems. In: CCS 2012. ACM (2012)","DOI":"10.1145\/2382196.2382238"},{"key":"8_CR30","unstructured":"The OpenSSL Project. OpenSSL 1.0.1j (2014). \n                    https:\/\/www.openssl.org\/source\/"},{"key":"8_CR31","doi-asserted-by":"crossref","unstructured":"TIM Trustworthy Internet Movement. SSL Pulse: Survey of the SSL implementation of the most popular web sites (2012)","DOI":"10.1016\/S1353-4858(12)70030-2"},{"key":"8_CR32","unstructured":"Vehent, J.: jvehent\/cipherscan (2014). \n                    https:\/\/github.com\/jvehent\/cipherscan"},{"key":"8_CR33","unstructured":"Velasquez, N.F., Weisband, S., Durcikova, A.: Designing tools for system administrators: an empirical test of the integrated user satisfaction model. In: LISA 2008. USENIX Association (2008)"},{"issue":"7","key":"8_CR34","doi-asserted-by":"publisher","first-page":"584","DOI":"10.1016\/j.ijhcs.2009.03.002","volume":"67","author":"R Werlinger","year":"2009","unstructured":"Werlinger, R., Hawkey, K., Botta, D., Beznosov, K.: Security practitioners in context: their activities and interactions with other stakeholders within organizations. Int. J. Hum. Comput. Stud. 67(7), 584\u2013606 (2009)","journal-title":"Int. J. Hum. Comput. Stud."},{"key":"8_CR35","doi-asserted-by":"crossref","unstructured":"Yilek, S., Rescorla, E., Shacham, H., Enright, B., Savage, S.: When private keys are public: results from the 2008 debian OpenSSL vulnerability. In: IMC 2009. ACM (2009)","DOI":"10.1145\/1644893.1644896"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Software and Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-30806-7_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T18:21:31Z","timestamp":1559413291000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-30806-7_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319308050","9783319308067"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-30806-7_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]}}}