< Publications

• Papers
• Articles
• Talks
• Press+Media

Press and Media Coverage

Some of my publications resonated enormously in the community and press. I gave interviews for print and online media alike and spoke on radio (BBC World news - Digital Planet, Deutschlandfunk, etc.).

My most favorite papers (Insecurity Iceberg and 0-Day Patch Metric) were readily translated into more than a dozen languages and commented on several blogs. I am aware of reports in German, Norwegian, Danish, Swedish, Spanish, Italian, Chinese, Japanese, Portugese, Hungarian, Polish, Dutch, Hebrew, Finnish, Russian, and French.

2010 - March

• MIT Technology Review
  Patching the Security Update Process
  2010-March-10 Brian Krebs [ pdf ]

• SC Magazine UK
  To be completely patched requires an average of between 51 and 86 actions per year
  2010-March-08 Dan Raywood [ pdf ]

• Heise Security
  Windows-Tool soll Update-Plagerei überflüssig machen
  2010-March-08 Daniel Bachfeld [ pdf ]

• Krebs on Security
  Yep, There’s a Patch for That
  2010-March-05 Brian Krebs [ pdf ]

• The Register
  Think software patching is a hassle? You're not alone
  2010-March-05 Dan Goodin [ pdf ]

• InfoWorld
  Typical Windows user patches every 5 days
  2010-March-04 Gregg Keizer [ pdf ]

• SlashDot
  Typical Windows User Patches Every 5 Days
  2010-March-04 [ pdf ]

• Softpedia
  Secunia Readies Free Automatic Patching Solution
  2010-March-03 Lucian Constantin [ pdf ]

2009 - November

• SF1 Kassensturz
  TV Experten Interview und Demo von Malware do-it-yourself Kits
  17-Nov-2009 by Anatol Hug [ video ]

2009 - October

• 20 minuten
  IT-Experte: Hacker kann man nicht finden
  28-Oct-2009 by Lukas Mäder [ pdf ]

2009 - May

• NZZ am Sonntag
  Automatisch Sicher
  10-May-2009 by Andreas Hirstein [ pdf ]

• ars technica
  Firefox, Chrome users more up to date than Safari and Opera
  06-May-2009 by Jacqui Cheng [ pdf ]

• WashingtonPost
  Safari, Opera Users Lag Behind in Security Updates
  06-May-2009 by Brian Krebs [ pdf ]

• The Register
  Safari, Opera browsers patch-shy, says study
  06-May-2009 by Dan Goodin [ pdf ]

• IDG News Service
  Apple, Opera slammed over browser patch regimes
  06-May-2009 by Jeremy Kirk [ pdf ]

• Banchez-Vous
  Efficacité des mises à jour: Safari et Opera derrière Firefox et Chrome
  06-May-2009 by Christian Leduc [ pdf ]

• H-Security
  Study says silent updates enhance security
  04-May-2009 by djwm [ pdf ]

• The Tech Herald
  Report: Using silent updates boosts browser security
  04-May-2009 by Steve Ragan [ pdf ]

• Heise News
  Studie: Stille Updates erhöhen Sicherheit
  04-May-2009 by Daniel Bachfeld [ pdf ]

2009 - January

• ars technica Convenience is number one factor in keeping browsers secure
  27-Jan-2009 by John Timmer [ pdf ]

• TheRegister
  Easy updates best for browser patching
  27-Jan-2009 by John Leyden [ pdf ]

• TechnicalInfo Blog
  Firefox update dynamics
  23-Jan-2009 by Gunter Ollmann [ pdf ]

2008 - July

• The Guardian
  Software makers should take responsibility
  17-Jul-2008 by Bruce Schneier [ pdf ]

• Google Security Blog
  Are you using the latest web browser?
  16-Jul-2008 by Thomas Duebendorfer [ pdf ]

• NZZ am Sonntag
  Nur von Hackern empfohlen
  13-Jul-2008 by Andreas Hirstein [ pdf ]

• BBC News
  Online risk due to browser flaws
  08-Jul-2008 by BBC [ pdf ]

• CIO Today
  Vulnerabilities in Web Browsers Worry Researchers
  07-Jul-2008 by Mark Long [ pdf ]

• Slashdot
  Firefox Users Stay Ahead On the Update Curve
  07-Jul-2008 by timothy [ pdf ]

• Deutschlandfunk
  Browser mit Demenz
  05-Jul-2008 by Manfred Kloiber [ pdf ]

• Schneier on Security
  Browser Insecurity
  03-Jul-2008 by Bruce Schneier [ pdf ]

• TheRegister
  Built-in browser expiry proposed to fight botnet menace
  03-Jul-2008 by John Leyden [ pdf ]

• IBM Internet Security Systems
  637 million Excuses
  03-Jul-2008 by Gunter Ollmann [ pdf ]

• USA Today
  Report: 637 million Web surfers using old browsers open to hackers
  02-Jul-2008 by Michael Winter [ pdf ]

• About.com - Scott's Web Browsers Blog
  Have You Updated Your Browser Lately?
  02-Jul-2008 by Scott Orgera [ pdf ]

• PaymentNews
  Web Browser Insecurity and Online Banking
  03-Jul-2008 [ pdf ]

• SecurityFocus
  Web surfers, it's time to patch
  02-Jul-2008 by Robert Lemos [ pdf 1 2 ]

• ars technica
  40% of surfers don't bother with browser security updates
  01-Jul-2008 by Joel Hruska [ pdf ]

• ZDnet UK
  Report: Outdated browsers put 637m users at risk
  02-Jul-2008 by Robert Vamosi [ pdf ]

• cnet news
  Researchers: 637 million browser users at risk
  01-Jul-2008 by Robert Vamosi [ pdf ]

• The Tech Herald
  More than 600M users are surfing at risk study says
  01-Jul-2008 by Steve Ragan [ pdf ]

• WashingtonPost
  Forty Percent of Web Users Surf With Unsafe Browsers
  01-Jul-2008 by Brian Krebs [ pdf ]

• SecurityFocus
  Study: Firefox patched quickest, IE a laggard
  01-Jul-2008 by cwalsh [ pdf ]

• PC World
  Study: Unpatched Web Browsers Prevalent on the Internet
  01-Jul-2008 by Jeremy Kirk, IDG News Service [ pdf ]

• IBM Internet Security Systems
  637 million Users Vulnerable to Attack
  01-Jul-2008 by Gunter Ollmann [ pdf ]

• NZZ Online
  Webbrowser mit Verfallsdatum
  01-Jul-2008 by chs [ pdf ]

• Heise Security
  Forscher fordern Verfallsdatum für Webbrowser
  01-Jul-2008 by anw [ pdf ]

• Inside IT
  ETH fordert "Verfallsdatum" für Webbrowser
  01-Jul-2008 by Maurizio Minetti [ pdf ]

• Informationsdienst Wissenschaft
  Neue ETH-Studie zur Browsersicherheit
  01-Jul-2008 by Franziska Schmid [ pdf ]

• Press Release
  More than 600 million users surf at high risk
  01-Jul-2008 by ETH Zurich [ pdf ]

2008 - April

• NZZ am Sonntag
  Mehr Lücken als ein Windows-PC
  06-Apr-2008 by Andreas Hirstein [ pdf ]

• ETH Life
  Mythos entzaubert
  03-Apr-2008 by Peter Rüegg [ pdf ]

• The Tech Herald
  Blackhat: Is Apple lacking in the security department
  01-Apr-2008 by Steve Ragan [ pdf ]

2008 - March

• The Register
  Apple lags MS in security response
  31-Mar-2008 by John Leyden [ pdf ]

• InformationWeek
  Apples Security Patch Process Gets Worse While Microsofts Gets Better
  31-Mar-2008 by Thomas Claburn [ pdf ]

• Heise Security (deutsch)
  Black Hat: Neue Metrik für Sicherheit von Betriebssystemen vorgestellt
  28-Mar-2008 by Daniel Bachfeld [ pdf ]
  Heise Security (english)
  Black Hat: new operating systems security metric
  28-Mar-2008 by Daniel Bachfeld [ pdf ]

• IBM Internet Security Systems
  Apple Crumble @ Blackhat
  28-Mar-2008 by Gunter Ollmann [ pdf ]

• Wall Street Journal WSJ
  Terrifying Computer Owners Part X
  28-Mar-2008 Business Technology

• ITWorld: IDG News Service
  Microsoft vs. Apple: Who patches 0-days faster?
  27-Mar-2008 by Jeremy Kirk [ pdf ]

• SlashDot
  Microsoft or Apple - Who Is the Faster Patcher?
  27-Mar-2008 by Zonk [ pdf ]

• ETH Life
  Tatort Internet
  11-Mar-2008 by Samuel Schläfli [ pdf ]

2004 - April

• Heise Security
  Angriff der Mail-Bürokratie
  14-Apr-2004 by Jürgen Schmidt [ pdf ]

• Secunia Advisory SA11302
  Qmail Non-Delivery Notification DDoS Security Issue
  08-Apr-2004

• Public Safety and Emergency Preparedness Canada (PSEPC)
  Alert AL04-005: Mail Non-Delivery Attack
  07-Apr-2004

• NewScientist
  Email attack could kill servers
  06-Apr-2004 by Will Knight [ pdf ]

• TheRegister
  The Joe Job DoS attack, Mail bomb attack brown alert
  06-Apr-2004 by John Leyden [ pdf ]