.
Alexander Saichev (1), Bernhard Plattner (4), Bernhard Tellenbach (1), Brian Birkvald (1), Brian Trammel (1), Didier Sornette (1), Dominik Schatzmann (1), Francisco Artes (2), Gunter Ollmann (2), Ivo Silvestri (1), Jonathan Smith (1), Martin May (3), Matt Blaze (1), Sandy Clark (1), Stefan Frei (28), Thomas Duebendorfer (4), Thomas Kristensen (1), Thomas Maillart (1), Ulrich Fiedler (1), Urban Mäder (1)
Stefan Frei
This talk first addresses the peculiarities of the cyber security field and what the software industry had to painfully learn in the past decades in order to adapt to these new threats. To understand the cyber landscape and how it affects aviation we classify threat actors and explain global developments ..
.
Stefan Frei
With the rise of the internet and the increasing dependence of our society and economy on communication technologies, cyber security has become critical issue for all types of businesses. In just two decades, various industries were confronted with fundamentally new types of threats, threat actors and ..
.
Stefan Frei
In diesem Bericht beleuchten wir aus Sicht von Swisscom und der Schweiz die aktuelle Lage im Hinblick auf die Cyber-Bedrohungen und geben als führendes Schweizer ICT- Unternehmen eine Einschätzung der Entwicklungen für die kommenden 12 bis 24 Monate ab.
.
Stefan Frei
This report sheds light on the current status of cyber threats from the perspective of Swisscom and of Switzerland as a whole. As a leading Swiss ICT provider, we bring to you an evaluation of the developments forecast for the coming 12 to 24 months.
.
Stefan Frei
Dans le présent rapport, nous mettons en lumière la situation actuelle en matière de cybermenaces du point de vue de Swisscom et de la Suisse et, en tant qu’entreprise leader du marché des TIC en Suisse, donnons une estimation des développements attendus pour les 12 à 24 mois à venir.
.
Stefan Frei
In questa relazione presenteremo la situazione attuale delle cyber-minacce dal punto di vista di Swisscom e della Svizzera e, come principale azienda ICT svizzera, forniremo una stima sulla loro evoluzione nei prossimi 1-2 anni.
.
Stefan Frei
This paper explains how cyber criminals operate botnets and compromise victims at large scale, and informs organizations how to best utilize cyber threat intelligence to protect their business and deal with infected customers. In todays threat environment, security is as much about prevention as it is ..
.
Stefan Frei
Every data breach, regardless of its source, allows cyber criminals to refine current data, correlate it with new data, and create profiles that can identify millions of users – with severe consequences for their victims. Data that has been lost cannot be taken back - information such as social security ..
.
Stefan Frei, Francisco Artes
The global economy increasingly has come to rely on information systems, and yet society remains in the early phases of adapting to the related opportunities and threats. Security depends largely on ethical researchers reporting vulnerabilities under the practices of coordinated disclosure. Meanwhile, ..
.
Stefan Frei
Recently, there has been increased interest in the way in which security vulnerability information is managed and traded. Vulnerabilities that are known only to privileged closed groups, such as cyber criminals, brokers, and governments, pose a real and present risk to all who use the affected software. ..
.
Stefan Frei
A comparison of the block performances of multiple protection technologies reveals a significant correlation of failures to detect exploits. The number of exploits that were able to bypass layers of security is significantly higher than is the prediction for risk models ignoring correlation. This not ..
.
Stefan Frei
After the close of 2012 NSS Labs performed a comprehensive analysis of vulnerability data to identify industry wide threats and trends covering the last 10 years. Despite massive security investments of the software industry, vulnerability disclosures have risen considerably in 2012. Several additional ..
.
Stefan Frei, Francisco Artes
This talk examines the attackers' kill chain and the measured effectiveness of typical defense technologies such as Next Generation Firewalls, Intrusion Prevention Systems IPS, Antivirus/Malware Detection, and browsers internal protection. Empirical data on the effectiveness of security products derived ..
.
Stefan Frei
This paper discusses the limitations of security by denying users administrative access to their systems, and highlights how cybercriminals can achieve their goals without administrative access.
.
Stefan Frei, Brian Birkvald
This white paper outlines the limitations of traditional defence mechanisms; specifically how cybercriminals have refined the malware manufacturing and development process to systematically bypass them – thereby initiating an arms race with defenders. Security patches are found to be a primary and effective ..
.
Sandy Clark, Stefan Frei, Matt Blaze, Jonathan Smith
Our analysis of software vulnerability data, including up to a decade of data for several versions of the most popular operating systems, server applications and user applications (both open and closed source), shows that properties extrinsic to the software play a much greater role in the rate of vulnerability ..
.
Thomas Maillart, Didier Sornette, Stefan Frei, Thomas Duebendorfer, Alexander Saichev
The dynamics of technological, economic and social phenomena is controlled by how humans organize their daily tasks in response to both endogenous and exogenous stimulations. The general validity of the power law and the nature of other regimes remain unsettled. Using anonymized data collected by Google ..
.
Stefan Frei, Thomas Kristensen
In this paper, we examine the software portfolio of the average user based on empirical data from over two million users frequently scanning their systems with Secunias Personal Software Inspector (PSI). We demonstrate, that the complexity and frequency of the actions required to keep a typical end-user ..
.
Stefan Frei, Dominik Schatzmann, Bernhard Plattner, Brian Trammel
In this paper we provide a metric for the success of the "responsible disclosure" process. We measure the prevalence of the commercial markets for vulnerability information and highlight the role of security information providers (SIP), which function as the "free press" of the ecosystem.
.
Thomas Duebendorfer, Stefan Frei
In this paper we analyze the effectiveness of different Web browsers update mechanisms; from Google Chrome's silent update mechanism to Opera's update requiring a full re-installation
.
Stefan Frei
In this thesis I examine the security ecosystem, consolidating many aspects of security that have hitherto been discussed only separately. I analyze the paths vulnerability data take through the ecosystem, and the impact of each of these on security risk based on a quantitative analysis of 30,000 vulnerabilities ..
.
Stefan Frei, Thomas Duebendorfer, Bernhard Plattner
Although there is an increasing trend for attacks against popular Web browsers, only little is known about the actual patch level of daily used Web browsers on a global scale. We conjecture that users in large part do not actually patch their Web browsers based on recommendations, perceived threats, ..
.
Stefan Frei, Thomas Duebendorfer, Gunter Ollmann, Martin May
If you were to "hack the planet" how many hosts do you think you could compromise through a single vulnerable application technology? A million? A hundred-million? A billion? What kind of application is so ubiquitous that it would enable someone to launch a planet-wide attack? - why, the Web browser ..
.
Stefan Frei, Martin May
In an independent research project at ETH Zurich, we monitored for more than 18 months the world’s top security advisory providers. Due to a short 30-minute monitoring interval, we discovered significant differences in quality, quantity, and timeliness.
.
Stefan Frei, Bernhard Tellenbach, Bernhard Plattner
We introduce the 0-day patch rate as a new metric to measure and compare the performance of the vulnerability handling and patch development processes of major software vendors. We use this metric to analyze the performance of Microsoft and Apple over the past six years.
.
Stefan Frei, Martin May, Ulrich Fiedler, Bernhard Plattner
We quantify the gap between exploit and patch availability for known vulnerabilities since 2000 and provide an analytical representation of our data which lays the foundation for further analysis and risk management.
.
Stefan Frei, Urban Mäder
The speed of technology innovation of civil jet engines is investigated. A technology measure based on airplane efficiency is derived and applied to jet airlines of different sizes and time periods, ranging back to the 1960's.
.
Stefan Frei, Gunter Ollmann, Ivo Silvestri
Analysis and empirical study on how mail non-delivery notifications processes can be exploited to launch denial of service attacks.
.
.