< Publications

• Papers
• Articles
• Talks
• Press+Media

Talks & Presentations

2011

---

• Fixing the Fundamental Failures of End-Point Security
  The complexity of end-point security and how to protect a moving target
  ISF 22nd Annual World Congress Berlin, Berlin.
  [ Slides (pdf) | Paper (pdf) | ISF 22nd Annual World Congress Berlin]

• The Fundamental Failures of End-Point Security
  The changing threat environment and the complexity of software portfolios
  RSA Conference 2011, San Francisco
  [ Slides (pdf) | | RSA Conference USA]

2010

---

• Cybercriminals do not need to target Microsoft
  An alarming trend for end-user security
  e-crime Mid Year Meeting 2010, London.
  [ Slides (pdf) | Article (pdf) | eCrime Congress]

• The Dynamics of (In)Security
  What's the story of 30,000 vulnerabilities discovered in the past decade?
  Invited talk at the 3rd Athens international forum on IT security AIFS2010, Athens, Greece.
  [ Paper | Slides (pdf) | Athens Forum on IT Security]

• Cybercrime Operations and Web 2.0 Threats
  Vortrag und Live Malware Demonstration am Kaderforum des Polizeidepartements der Stadt Zuerich, DAGL 2010
  [ Slides (pdf) | Polizeidepartement der Stadt Zürich]

2009

---

• Web Browser Security Update Effectiveness
  Talk at the 4th international workshop on critical infrastructures security CRITIS 2009, Bonn, Germany.
  [ Paper | HTML | Slides (pdf) | Blog | Bibtex | media coverage]

• "Phishing: Trickbetrügerei im Internet" (German)
  Diese Analyse zeigt die angewendeten Tricks und was genau geschieht, wenn man den Anweisungen der Phishing E-Mails folge leistet.
  Vortrag an der Criminale 2009 in Singen/DE - Schaffhausen/CH
  [ Slides (pdf) | Criminale 2009 ]

2008

---

• SwissSign Event zum Thema Sicherheit in der Digitalen Welt, 2008 (German)
  Invited Talk for SwissSign in Zurich  - Switzerland
  [ Slides (pdf) | Swisssign Event]

• Security Econometrics & Insecurity Iceberg of Vulnerable Browsers, 2008
  Talk at ISIS Workshop on Interdisciplinary Studies in Information Security - Monte Verita  - Switzerland
  [ Slides (pdf) | ISIS Workshop ]

• Understanding the Web browser threat
  Talk at DefCon 16 - Exploiting A Hundred-Million Hosts Before Brunch
  [ Paper | HTML | Slides (pdf) | Bibtex | media coverage ]

• Putting private and government CERT’s to the test, 2008
  Talk at FIRST 2008 annual conference in Vancouver, Canada
  [ Paper | Slides (pdf) | Bibtex ]

• 0-Day Patch - Exposing Vendors (In)security Performance
  Talk at BlackHat 2008 Europe, Amsterdam, 27-Mar-2008
  [ Paper | HTML | Slides (pdf) | Bibtex | media coverage ]

• 0-Day Patch Security Metric
  Talk at the ZISC Information Security Colloquium, ETH Zurich, 2008
  [ Slides (pdf) | ZISC ]

• Phishing: Trickbetrügerei im Internet - Einführung, Fallbeispiel und Diskussion (German)
  Vortrag und Podiumsdisskusion in Rahmen der Veranstaltungsreihe «Verletzlichkeit der Informationsgesellschaft» der Stiftung Risiko-Dialog, EMPA, und ISSS an der ETH Zurich, 06-Mar-2008
  [ Slides (pdf) | ISSS | EMPA | Stiftung Risiko-Dialog ]
  Author: Gunter Ollmann, Stefan Frei

2007

---

• Dynamics of (In)security
  Talk at the ZISC Information Security Colloquium, ETH Zurich, 09-Jan-2007
  [ Slides (pdf) | ZISC ]

2006

---

• Speed of (In)security
  Talk at 2006 USA, Las Vegas, 03-Aug-2006
  [ Slides (pdf) | BlackHat ]

2005

---

• Live Demo: Slammer Worm outbreak
  Live Slammer worm outbreak demonstration for the Networking Security course at ETH Zurich, 2005
  [ Slides (pdf) | ETH Zurich - Education at CSG ]