Here you'll find the footnotes from the Trend Report 2009. This way can easily locate the webpages that we refer to in the Trend Report.

1. The surveys by CA, Infosecurity Europe and Finjan agree on this point. Information about these surveys can be found on www.CA.com/us/products/collateral.aspx?cid=203706, www.infosec.co.uk/page.cfm/T=m/Action=Press/PressID=1389 and www.finjan.com/Pressrelease.aspx?id=2140&PressLan=2139&lan=3
2. This report can be downloaded from www.whitehouse.gov/asset.aspx?AssetId=1732
3. The speech in which Obama announced the appointment of a cyber security coordinator has been put online in its entirety: www.whitehouse.gov/the_press_office/Remarks-by-the-President-on-Securing-Our-Nations-Cyber-Infrastructure/
4. For this see "Voortgangsrapportage electronic Patiëntendossier" [Progress report on patient dossiers] at http://www.minvws.nl/kamerstukken/meva/2009/voortgangsrapportage-elektronisch-patientendossier.asp
5. You can read more about this research at medischcontact.artsennet.nl/tijdschrift/archief/Tijdschriftartikel/Te-vroeg-voor-landelijk-EPD.htm
6. www.npcf.nl/uploads/files/eindrapport_epd_tns_nipo_npcf.pdf
7. www.e-overheid.nl/sites/nup
8. www.checkit.nl/nationalesearchenginemonitor.html
9. "Hyves statistieken and leugens;-)" [Hyves statistics and lies] by Yme Bosma at www.yme.nl/ymerce/2009/01/08/hyves-statistieken-en-leugens/
10. blog.nielsen.com/nielsenwire/online_mobile/twitters-tweet-smell-of-success/ and http://blog.compete.com/2009/03/13/twitter-search/
11. The Finnish government CERT – CERT-FI – is dealing with the coordination relating to this vulnerability. It is expected that more details will become known in the course of 2009. For more information see www.CERT.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html.
12. An interview with Robert Lee, CEO of Outpost24, regarding this vulnerability can be heard at debeveiligings-update.nl/2008/09/30/de-beveiligingsupdate-3-socketstress
13. There is in any event a lot going on in this area. There are several cooperation partnerships investigating the possibilities for improving the DNS system and how to tackle this in a practical way.
14. www.cs.columbia.edu/~smb/papers/acsac-ipext.pdf and www.nap.edu/openbook.php?record_id=6161
15. All this of course depends on using encryption for network traffic.
16. RIPE has made a case study of this, which can be viewed at www.ripe.net/news/study-youtube-hijacking.html
17. Anirudh Ramachandran and Nick Feamster convincingly demonstrated this in their paper "Understanding the Network Level Behavior of Spammers" in 2006, which can be read at www.cc.gatech.edu/~avr/publications/p396-ramachandran-sigcomm06.pdf
18. Available (on registration) via www.arbornetworks.com/report
19. eng.5ninesdata.com/~tkapela/iphd-2.ppt
20. More information about "The Kaminsky Code" can be read in the fact sheet published by GOVCERT.NL. This fact sheet also includes tips on solving this vulnerability and can be read at www.govcert.nl/download.html?f=118
21. GOVCERT.NL investigated the name servers of 13 ministries, 12 provinces and 441 local councils.
22. www.pm.nl/index.php?page=verbeterde-rijkspas-klaar-voor-gebruik
23. A description of the research can be found at www.win.tue.nl/hashclash/rogue-ca/. GOVCERT.NL has published a fact sheet on this issue at www.govcert.nl/download.html?f=124
24. eprint.iacr.org/2004/264.pdf
25. GOVCERT.NL surveyed the primary web servers of the 13 ministries, 12 provinces and 441 local councils.
26. A general introduction to wireless security can be found in the GOVCERT.NL fact sheet on this issue at www.govcert.nl/download.html?f=101
27. The survey can be read at dl.aircrack-ng.org/breakingwepandwpa.pdf. A simplified explanation can be read at radajo.blogspot.com/2008/11/wpatkip-chopchop-attack.html and arstechnica.com/security/news/2008/11/wpa-cracked.ars
28. www.google.com/account/TOS?hl=en
29. www.avertlabs.com/research/blog/IND.php/2009/01/06/rogue-linkedin-profiles-lead-to-malware/
30. www.f-secure.com/weblog/archives/00001633.html
31. blog.twitter.com/2009/01/monday-morning-madness.html and www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9124900
32. blog.twitter.com/2009/01/gone-phishing.html
33. blog.twitter.com/2009/04/unauthorized-access-update-on-security.html
34. www.molblog.nl/bericht/Onderzoek-gebruik-internet-op-mobiele-telefoon-stijgt/
35. europa.eu/rapid/pressReleasesAction.do?reference=IP/09/473&language=EN
36. www.viruslist.com/en/weblog?weblogid=208187621
37. whatjapanthinks.com/2009/05/14/mobile-spam-very-discomforting-for-three-in-five-japanese/ and whatjapanthinks.com/2008/05/12/cell-phone-spam-daily-plague-for-almost-one-in-three-japanese/
38. The term "worm" is traditionally used for malware spreading from one computer to another without the intervention of the user. These days this term is rather misleading, because a great deal of malware consists of several components and can be very easily modified. Terms such as virus, worm and trojan have lost their distinctive features as a result.
39. www.confickerworkinggroup.org
40. www2.ftc.gov/opa/2008/12/winsoftware.shtm
41. www.nytimes.com/2008/10/30/technology/internet/30virus.html?_r=1
42. www.apacs.org.uk/09_03_19.htm
43. www.nvb.nl/index.php?p=290495
44. www.scribd.com/doc/6967393/Project-Grey-Goose-Phase-I-Report and ddanchev.blogspot.com/2008/08/whos-behind-georgia-cyber-attacks.html
45. latimesblogs.latimes.com/babylonbeyond/2008/10/iran-hamas-offi.html
46. www.scansafe.com/__data/assets/pdf_file/11635/agtr_2008.pdf
47. webwereld.nl/nieuws/56621/ov-site-lekt-privacygevoelige-data.html
48. www.security.nl/artikel/28096/Politie_dicht_lekken_flitsfoto
49. nymag.com/news/features/27341/
50. www.ouders.nl/ en www.mijnkindonline.nl/
51. www.digivaardigdigibewust.nl/ en www.watchyourspace.nl/
52. www.cs.utexas.edu/~shmat/shmat_oak09.pdf
53. europa.eu/rapid/pressReleasesAction.do?reference=IP/09/702&format=HTML&aged=0&language=EN&guiLanguage=en
54. www.techzoom.net/publications/silent-updates/
55. www.om.nl/actueel/toespraken/@149577/procureur-generaal_3/
56. blog.iusmentis.com/2008/12/19/de-journalistieke-hack-van-revu/
57. headlines.nos.nl/forum.php/list_messages/11987
58. www.parool.nl/parool/nl/13/AJAX/article/detail/246576/2009/06/05/Ajaxhacker-krijgt-taakstraf.dhtml
59. In the case of a "traditional" botnet the bot is controlled by means of a central computer, also termed the Command and Control server.
60. www.om.nl/@148582/19-jarige_hacker/
61. www.usdoj.gov/opa/pr/2008/August/08-crm-739.html
62. www.om.nl/@148583/klpd_informeert/
63. asert.arbornetworks.com/2008/08/atrivointercage-called-out-as-us-rbn/
64. www.washingtonpost.com/wp-dyn/content/article/2008/11/12/AR2008111200658_pf.html
65. arstechnica.com/security/news/2008/11/mccolo-reconnect-highlights-network-security-gap.ars
66. www.om.nl/@134976/werkstraf_voor/
67. www.om.nl/@149040/internationale/
68. www.usdoj.gov/usao/ct/Press2009/20090330-2.html
69. www.spamklacht.nl/asp/nieuws/id/57
70. www.opta.nl/nl/actueel/alle-publicaties/publicatie/?id=2864
71. www.opta.nl/nl/actueel/alle-publicaties/publicatie/?id=2584
72. www.opta.nl/nl/actueel/alle-publicaties/publicatie/?id=2743
73. www.opta.nl/nl/actueel/alle-publicaties/publicatie/?id=2776
74. blog.facebook.com/blog.php?post=40218392130
75. Survey by the Washington Post: voices.washingtonpost.com/securityfix/2008/09/estdomains.html and voiceswashingtonpost.com/securityfix/2008/09/estdomains_a_sordid_history_an.html
76. www.knujon.com/registrars/