[1] Amazon Mechanical Turk. https://www.mturk.com/mturk/,
June 2010.
[2] S.M. Bellovin, “A Technique for Counting Natted Hosts,” Proc. ACM SIGCOMM Workshop Internet Measurement, pp. 267-272, 2002.
[3] E. Bursztein, S. Bethard, J.C. Mitchell, D. Jurafsky, and C. Fabry, “How Good Are Humans at Solving CAPTCHAs? A
Large Scale Evaluation,” Proc. IEEE Symp. Security and Privacy, May 2010.
[4] M. Casado and M.J. Freedman, “Peering through the Shroud: The Effect of Edge Opacity on Ip-Based Client Identification,” Proc. Fourth USENIX Symp. Networked Systems Design and Implementation (NDSS ’07), 2007.
[5] S. Chiasson, P.C. van Oorschot, and R. Biddle, “A Usability Study and Critique of Two Password Managers,” Proc. USENIX Security Symp., pp. 1-16, 2006.
[6] D. Florencio, C. Herley, and B. Coskun, “Do Strong Web Passwords Accomplish Anything?,” Proc. USENIX Workshop Hot Topics in Security (HotSec ’07), pp. 1-6, 2007.
[7] K. Fu, E. Sit, K. Smith, and N. Feamster, “Dos and Don’ts of Client Authentication on the Web,” Proc. USENIX Security Symp., pp. 251-268, 2001.
[8] P. Hansteen, “Rickrolled? Get Ready for the Hail Mary Cloud!,” http://bsdly.blogspot.com/2009/11/rickrolled-get-ready-forhail- mary.html, Feb. 2010.
[9] Y. He and Z. Han, “User Authentication with Provable Security against Online Dictionary Attacks,” J. Networks,  vol. 4, no. 3, pp. 200-207, May 2009.
[10] T. Kohno, A. Broido, and K.C. Claffy, “Remote Physical Device Fingerprinting,” Proc. IEEE Symp. Security and Privacy, pp. 211-225, 2005.
[11] M. Motoyama, K. Levchenko, C. Kanich, D. Mccoy, G.M. Voelker, and S. Savage, “Re: CAPTCHAs Understanding CAPTCHASolving Services in an Economic Context,” Proc. USENIX Security Symp., Aug. 2010.
[12] C. Namprempre and M.N. Dailey, “Mitigating Dictionary Attacks with Text-Graphics Character Captchas,” IEICE Trans. Fundamentals of Electronics, Comm. and Computer Sciences, vol. E90-A, no. 1, pp. 179-186, 2007.
[13] A. Narayanan and V. Shmatikov, “Fast Dictionary Attacks on Human-Memorable Passwords Using Time-Space Tradeoff,” Proc. ACM Computer and Comm. Security (CCS ’05), pp. 364-372, Nov. 2005.
[14] Nat’l Inst. of Standards and Technology (NIST), Hashbelt. http://www.itl.nist.gov/div897/sqg/dads/HTML/hashbelt.html, Sept. 2010.
[15] “The Biggest Cloud on the Planet Is Owned by ... the
Crooks,” NetworkWorld.com., http://www.networkworld.com/community/node/58829, Mar. 2010. 
[16] J. Nielsen, “Stop Password Masking,” http://www.useit.com/alertbox/passwords.html, June 2009.
[17] B. Pinkas and T. Sander, “Securing Passwords against Dictionary Attacks,” Proc. ACM Conf. Computer and Comm. Security (CCS ’02), pp. 161-170, Nov. 2002.
[18] D. Ramsbrock, R. Berthier, and M. Cukier, “Profiling Attacker Behavior following SSH Compromises,” Proc. 37th Ann. IEEE/IFIP Int’l Conf. Dependable Systems and Networks (DSN ’07), pp. 119-124, June 2007.
[19] SANS.org, “Important Information: Distributed SSH Brute Force Attacks,” SANS Internet Storm Center Handler’s Diary, http://isc.sans.edu/diary.html?storyid=9034, June 2010.
[20] “The Top  Cyber Security Risks,” SANS.org, http://www.sans.org/top-cyber-security-risks/, Sept. 2009.
[21] C. Stoll, The Cuckoo’s Egg: Tracking a Spy through the Maze of Computer Espionage. Doubleday, 1989.
[22] “Botnet Pierces Microsoft Live through Audio Captchas,”
TheRegister.co.uk, http://www.theregister.co.uk/2010/03/22/microsoft_live_captcha_by pass/, Mar. 2010.
[23] P.C. van Oorschot and S. Stubblebine, “On Countering Online Dictionary Attacks with Login Histories and Humans-in-the-Loop,” ACM Trans. Information and System Security, vol. 9, no. 3, pp. 235-258, 2006.
[24] L. von Ahn, M. Blum, N. Hopper, and J. Langford, “CAPTCHA:Using Hard AI Problems for Security,” Proc. Eurocrypt, pp. 294- 311, May 2003.
[25] M. Weir, S. Aggarwal, M. Collins, and H. Stern, “Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords,” Proc. 17th ACM Conf. Computer and Comm. Security, pp. 162-175, 2010.
[26] Y. Xie, F. Yu, K. Achan, E. Gillum, M. Goldszmidt, and T. Wobber, “How Dynamic Are IP Addresses?,” SIGCOMM Computer Comm. Rev., vol. 37, no. 4, pp. 301-312, 2007.
[27] J. Yan and A.S.E. Ahmad, “A Low-Cost Attack on a Microsoft CAPTCHA,” Proc. ACM Computer and Comm. Security (CCS ’08), pp. 543-554, Oct. 2008.
[28] J. Yan and A.S.E. Ahmad, “Usability of CAPTCHAs or Usability Issues in CAPTCHA Design,” Proc. Symp. Usable Privacy and Security (SOUPS ’08), pp. 44-52, July 2008.