• Assumptions
• The user follows documented best practice
• Uploaders of original content are targets
• The attacker is initially distant
• Social engineering is relatively expensive
• Bribing people to spy on their friends is relatively expensive
• Compromising computers via exploits is expensive
• Basics
• Major attacks
• Potential attackers
• Procedures===
• Code review/analysis
• Release procedure
• Penetration testing (network level)
• Penetration testing (infrastructure)