Press Coverage Of My Research

All 2018 2017 2015 2014 2013 2012 2011 2010 2009 2008 2004

Authors and journalists 2004 to 2018:

Anatol Hug (1), Andreas Hirstein (5), ANW (1), Brian Krebs (7), Brian Proffitt (1), Bruce Schneier (3), Business Technology (1), C. Walsh (1), Christian Schürer (1), CHS (1), Dan Goodin (2), Dan Raywood (2), Daniel Bachfeld (4), djwm (1), Erich Aschwanden (1), Fabian Fellmann (1), Franziska Schmid (1), Gregg Keiser (2), Gunter Ollmann (3), J.M.P. (1), Jacqui Cheng (1), Jeremy Kirk (3), Joel Hruska (1), John Leyden (4), John P. Mello (1), John Suffolk (1), John Timmer (1), Jürg Müller (1), Jürgen Schmidt (1), Lucian Constantin (1), Lukas Mäder (1), Manfred Kloiber (1), Mark Long (1), Mathias Röckel (1), Maurizio Minetti (1), Michael Winter (1), Peter Rüegg (1), Rachael King (1), Robert Lemos (4), Robert Vamosi (2), Samuel Schläfli (1), Scott Orgera (1), Steve Ragan (3), Thomas Claburn (1), Thomas Dubendorfer (1), Timothy (1), Will Knight (1), Zonk (1)

Mehr Sicherheit beim E-Voting verlangt, Parlamentarier simulieren Abstimmungsbetrug.

Um herauszufinden, wie leicht Ab- stimmungen tatsächlich manipuliert wer- den können, entwickelte der Sicherheits- experte Stefan Frei im Auftrag der bei- den FDP-Politiker einen Angriffssimula- tor. Dieser wurde Medienvertretern am Montag vorgeführt. Er zeigt, wie viele Stimmen ein Angreifer hätte verfälschen müssen, um die Volksabstimmungen von 1998 bis 2017 zu kippen. Unter www.evo- tesim.ch kann jedermann die Probe aufs Exempel machen.
NZZ - Erich Aschwanden June 11, 2018 | Article | Article |

Spionage: Das Treffen Dutzender Regierungschefs und Wirtschaftsbosse am WEF bietet Gelegenheit zur Cyberspionage, warnt Sicherheitsexperte Stefan Frei. Die Soldaten wappnen sich mit einer Cyber-Impfung.

Stefan Frei überrascht der Angriff nicht. «Das WEF ist für Hacker interessant», sagt der Schweizer Fachmann für IT-Sicherheit. Das Forum geniesst hohe Aufmerksamkeit. Und in Davos selbst tummeln sich Dutzende Regierungschefs und Wirtschaftsbosse, in deren Gefolge Tausende Mitarbeiter in die Alpenstadt reisen. 2001 erbeuteten Schweizer Hacker die Datenbank der WEF-Gäste mit geheimen Kontaktdetails. Während sich das WEF vor solchen Attacken besser schützt, können in Davos selbst wertvolle Daten erbeutet werden. «Wer dort einen Wurm loslässt, kann ihn einfach in einem interessanten Teilnehmerfeld verbreiten», sagt Frei, der unter anderem an der ETH Zürich im Bereich Cyber Security unterrichtet.
Luzerner Zeitung - Fabian Fellmann January 21, 2018 | Article | Article |

FOKUS: Studio Gespräch mit Cyber-Security-Experte Stefan Frei

Was tun Software-Firmen gegen diese Angriffe? Müssen wir in Zukunft mit mehr solchen Attacken rechnen? «10vor10» fragt Stefan Frei, Dozent für Cyber Security an der ETH Zürich, live im Studio.
SRF TV - 10vor10 - Christian Schürer May 15, 2017 | Article |

Mit dem permanenten Risiko leben

Wegen der rasenden Geschwindigkeit der Digitalisierung sind sichere IT-Systeme eine Illusion. Wirtschaft und Politik sollten weniger den perfekten Schutz anstreben, als die Handhabung von Gefahren verbessern.
NZZ Online - Jürg Müller September 1, 2015 | Article | Article |

Einen Euro ausgeben, um Schaden von 100 Euro abzuwenden

Es gibt verschiedene Arten von Programmen, welche Softwareschwachstellen („Bug Bounty Program“) aufkaufen. Zwei bekannte Anbieter von Sicherheitssoftware und Diensten betreiben seit zehn Jahren Aufkaufprogramme.
ECO Verband Deutscher Internetwirtschaft - Mathias Röckel September 15, 2014 | Article | Article |

Google’s Project Zero Targets Cybersecurity Research

So-called zero day vulnerabilities – software bugs that have not been previously discovered – can fetch anywhere from $40,000 up to $1 million, NSS Labs research director Stefan Frei told Dark Reading’s Kelly Jackson Higgins in December 2013.
The Wall Street Journal - Rachael King June 15, 2014 | Article | Article |

Computer Security, A digital fortress?

Measuring the severity of the problem is difficult because of the lucrative black market in zero-day exploits. A handful of boutique exploit providers—Endgame Systems, Exodus Intelligence, Netragard, ReVuln and VUPEN—control the market, and buyers, according to Stefan Frei of NSS Labs, pay on average $40,000 to $160,000 for an exploit (depending on the software affected and the reach of the zero-day offers).
The Economist - J.M.P. March 28, 2014 | Article | Article |

NSS Labs Backs Global Bounty Program to Cut Software Flaw Prevalence

A new study proposes that software firms buy the most critical code flaws as a cost-effective way to reduce rising economic losses from cyber-crime
eWeek - Robert Lemos December 19, 2013 | Article | Article |

The Case for a Compulsory Bug Bounty

Frei proposes creating a multi-tiered, “international vulnerability purchase program” (IVPP), in which the major software vendors would be induced to purchase all of the available and known vulnerabilities at prices well above what even the black market is willing to pay for them
Krebs on Security - Brian Krebs December 17, 2013 | Article | Article |

Security Vulnerabilities of Legacy Code

An interesting research paper documents a "honeymoon effect" when it comes to software and vulnerabilities: attackers are more likely to find vulnerabilities in older and more familiar code. It's a few years old, but I haven't seen it before now. The paper is by Sandy Clark, Stefan Frei, Matt Blaze, and Jonathan Smith: "Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities”.
Schneier on Security - Bruce Schneier December 17, 2013 | Article | Article |

How Many Zero-Days Hit You Today?

Frei also took stock of the software vulnerabilities collected by these two companies, and found that between 2010 and 2012, the ZDI and VCP programs together published 1,026 flaws, of which 425 (44 percent) targeted flaws in Microsoft, Apple, Oracle, Sun and Adobe products. The average time from purchase to publication was 187 days.
Krebs on Security - Brian Krebs December 5, 2013 | Article | Article |

Stacked Security Tools Detect Less Malware than Predicted

Combining two security products can improve detection rates of attacks, but generally less than predicted, research finds.
eWeek - Robert Lemos May 26, 2013 | Article | Article |

Layered defenses largely fail to block exploits, says NSS

Research lab finds a mix of products from different vendors is best for 'defense in depth'
CSO Online - John P. Mello May 24, 2013 | Article | Article |

The Surprising Holes The IT Security "Kill Chain" Is Neglecting

Security exploits don't have expiration dates - why you can't count on a multi-vendor, multi-layer "kill chain" to protect your company
ReadWrite - Brian Proffitt February 27, 2013 | Article |

Flaw Flood Busts Bug Bank

Krebs on Security - Brian Krebs February 4, 2013 | Article |

HUAWEI Cyber Security Perspectives

In a presentation to the RSA Conference, Dr Stefan Frei, the Research Analyst Director at Secunia, a Danish computer security service provider, articulated how the threat environment is changing from script-kiddies undertaking hacking for curiosity to experts developing a means for others to implement for personal gain.
Huawey - John Suffolk March 1, 2012 | Article |

Better security needs 'more informed patching'

Security firm Secunia finds that the most popular three-dozen programs account for 80 percent of vulnerabilities. Better patching could help security, but not everyone agrees.
CSO Online - Robert Lemos July 25, 2011 | Article |

Could automated patching software be the solution to IT flaws?

SC Magazine - Dan Raywood January 20, 2011 | Article |

Stuxnet - Hier war ein Expertenteam am Werk

Wovor Sicherheitsexperten seit Jahren warnen, das ist nun eingetreten: Erstmals ist ein Computerschädling aufgetaucht, der digitale Steuerungen von Industrieanlagen angreift.
NZZ am Sonntag - Andreas Hirstein September 26, 2010 | Article |

Third-party software bugs skyrocket in 2010

Computerworld - Gregg Keiser July 12, 2010 | Article |

Schwachstellen ohne Ende

NZZ am Sonntag - Andreas Hirstein July 12, 2010 | Article |

Patching the Security Update Process

MIT Technology Review - Brian Krebs March 10, 2010 | Article |

To be completely patched requires an average of between 51 and 86 actions per year

SC Magazine UK - Dan Raywood March 8, 2010 | Article | Article |

Windows-Tool soll Update-Plagerei überflüssig machen

Heise Security - Daniel Bachfeld March 8, 2010 | Article | Article |

Yep, There’s a Patch for That

Krebs on Security - Brian Krebs March 5, 2010 | Article | Article |

Think software patching is a hassle? You're not alone

The Register - Dan Goodin March 5, 2010 | Article | Article |

Typical Windows user patches every 5 days

InfoWorld - Gregg Keiser March 4, 2010 | Article | Article |

Typical Windows User Patches Every 5 Days

SlashDot - March 4, 2010 | Article |

Secunia Readies Free Automatic Patching Solution

Softpedia - Lucian Constantin March 3, 2010 | Article |

Diebe im Internet: Kreditkarten-Daten geklaut

«Kassensturz» zeigt, wie leicht es ist, gestohlene Kreditkarten-Daten im Internet zu kaufen und mit ihnen teure Waren zu bestellen. Sicherheitsexperte Stefan Frei von der ETH Zürich erklärt, dass Hacker heute nicht mehr über viel Computerwissen verfügen müssen, um solche Schadprogramme zu erstellen, und zeigt in einer live Demo wie das geht.
SRF TV - Anatol Hug November 17, 2009 | Article |

IT-Experte: Hacker kann man nicht finden

20 Minuten - Lukas Mäder October 28, 2009 | Article | Article |

Automatisch Sicher

Sicherheits-Updates gibt es für jeden Internet-Browser. Wirklich wirksam ist der Schutz aber nur dann,wenn er ohne aktive Mitwirkung des Nutzers auskommt.
NZZ am Sonntag - Andreas Hirstein May 10, 2009 | Article | Article |

Firefox, Chrome users more up to date than Safari and Opera

Ars Technica - Jacqui Cheng May 6, 2009 | Article | Article |

Safari, Opera Users Lag Behind in Security Updates

WashingtonPost - Brian Krebs May 6, 2009 | Article | Article |

Safari, Opera browsers patch-shy, says study

The Register - Dan Goodin May 6, 2009 | Article | Article |

Apple, Opera slammed over browser patch regimes

PC World - Jeremy Kirk May 6, 2009 | Article | Article |

Study says silent updates enhance security

H-Security - djwm May 4, 2009 | Article | Article |

Report: Using silent updates boosts browser security

The Tech Herald - Steve Ragan May 4, 2009 | Article | Article |

Studie: Stille Updates erhöhen Sicherheit

Heise Security - Daniel Bachfeld May 4, 2009 | Article | Article |

Convenience is number one factor in keeping browsers secure

Ars Technica - John Timmer January 27, 2009 | Article | Article |

Easy updates best for browser patching

The Register - John Leyden January 27, 2009 | Article | Article |

Software makers should take responsibility

A recent study of Internet browsers worldwide discovered that over half – 52% – of Internet Explorer users weren't using the current version of the software.
The Guardian - Bruce Schneier July 17, 2008 | Article | Article |

Are you using the latest web browser?

Google Security - Thomas Dubendorfer July 16, 2008 | Article | Article |

Nur von Hackern empfohlen

Fast jeder zweite Internetsurfer benutzt eine veraltete Browser-Version. Dasmacht anfällig für Angriffe aus dem Umfeld der organisierten Kriminalität.
NZZ am Sonntag - Andreas Hirstein July 13, 2008 | Article | Article |

Online risk due to browser flaws

The Swiss Institute of Technology, Google and IBM conducted the study and found 600 million users had not updated their browsers. "Failure to apply patches promptly or missing them entirely is a recipe for disaster," the report said.
BBC News - July 8, 2008 | Article | Article |

Vulnerabilities in Web Browsers Worry Researchers

A study by the Swiss Federal Institute of Technology, Google and IBM found more than 600 million outdated Internet browsers were at risk this year, with plug-ins adding to the problem. The study praised the auto-update mechanism in Firefox for both the browser and its plug-ins, and said Firefox updates are more frequent than for Internet Explorer.
CIO Today - Mark Long July 8, 2008 | Article | Article |

Firefox Users Stay Ahead On the Update Curve

Firefox users were far and away the most likely to use the latest version, with an overwhelming 83.3 percent running an updated browser on any given day
Slashdot - Timothy July 8, 2008 | Article |

Browser mit Demenz

Regelmässig wird über Sicherheitslücken in Internetbrowsern berichtet. Dennoch dauert es immer noch zu lange, bis die Mängel beseitigt werden. Viele Hacker nutzen indes die Zeit, um die publizierten Schwächen zu nutzen.
Deutschlandfunk - Manfred Kloiber July 5, 2008 | Article | Article |

Browser Insecurity

This excellent paper measures insecurity in the global population of browsers, using Google's web server logs. Why is this important? Because browsers are an increasingly popular attack vector.
Schneier on Security - Bruce Schneier July 3, 2008 | Article | Article |

Built-in browser expiry proposed to fight botnet menace

The security researchers reckon browser makers could improve internet security by taking a leaf from the book of food manufactures and applying a "best before" date to browser and plug-in software. The theory is that a built-in expiry date would ensure that more users update in a timely fashion.
The Register - John Leyden July 3, 2008 | Article | Article |

637 million Excuses

IBM ISS X-Force - Gunter Ollmann July 3, 2008 | Article | Article |

Web Browser Insecurity and Online Banking

PaymentNews - July 3, 2008 | Article | Article |

Report: 637 million Web surfers using old browsers open to hackers

Updated your Web browser lately? Ever? If not, you and 637 million other Net surfers with outdated, insecure browsers are inviting criminal hackers into your computer, researchers warn.
USA Today - Michael Winter July 2, 2008 | Article | Article |

Have You Updated Your Browser Lately?

About.com - Scott Orgera July 2, 2008 | Article | Article |

Web surfers, it's time to patch

Using data collected by Google from January 2007 to June 2008, the researchers compared the major and minor version numbers of the browsers used by visitors with the most up-to-date version of their software at that time.
SecurityFocus - Robert Lemos July 2, 2008 | Article | Article |

Report: Outdated browsers put 637m users at risk

Zdnet UK - Robert Vamosi July 2, 2008 | Article | Article |

40% of surfers don't bother with browser security updates

Ars Technica - Joel Hruska July 1, 2008 | Article | Article |

Researchers: 637 million browser users at risk

CNET News - Robert Vamosi July 1, 2008 | Article | Article |

More than 600M users are surfing at risk study says

The Tech Herald - Steve Ragan July 1, 2008 | Article | Article |

Forty Percent of Web Users Surf With Unsafe Browsers

A comprehensive new study of online surfing habits released today found that only 60 percent of the planet's Internet users surf the Web with the latest, most-secure versions of their preferred Web browsers
The Washington Post - Brian Krebs July 1, 2008 | Article | Article |

Study: Firefox patched quickest, IE a laggard

SecurityFocus - C. Walsh July 1, 2008 | Article | Article |

Study: Unpatched Web Browsers Prevalent on the Internet

PC World - Jeremy Kirk July 1, 2008 | Article | Article |

637 million Users Vulnerable to Attack

IBM ISS X-Force - Gunter Ollmann July 1, 2008 | Article | Article |

Webbrowser mit Verfallsdatum

Weltweit benutzen mehr als 600 Millionen Internetuser zum Surfen nicht die sicherste Version ihres Webbrowsers. Im Bestreben um mehr Sicherheit im Internet empfiehlt nun eine Studie der ETH Zürich, ein «Verfallsdatum» für Webbrowser einzuführen und dieses deutlich sichtbar auf der Benutzeroberfläche zu placieren.
NZZ Online - CHS July 1, 2008 | Article | Article |

Forscher fordern Verfallsdatum für Webbrowser

Heise Security - ANW July 1, 2008 | Article | Article |

ETH fordert "Verfallsdatum" für Webbrowser

Inside IT - Maurizio Minetti July 1, 2008 | Article | Article |

Neue ETH-Studie zur Browsersicherheit

Informationsdienst Wissenschaft - Franziska Schmid July 1, 2008 | Article | Article |

Mehr Lücken als ein Windows-PC

NZZ am Sonntag - Andreas Hirstein April 6, 2008 | Article | Article |

Mythos entzaubert

ETH Life - Peter Rüegg April 3, 2008 | Article | Article |

Blackhat: Is Apple lacking in the security department

The Tech Herald - Steve Ragan April 1, 2008 | Article | Article |

Apple lags MS in security response

The Register - John Leyden March 31, 2008 | Article | Article |

Apples Security Patch Process Gets Worse While Microsofts Gets Better

Information Week - Thomas Claburn March 31, 2008 | Article | Article |

Black Hat: Neue Metrik für Sicherheit von Betriebssystemen vorgestellt

Heise Security - Daniel Bachfeld March 28, 2008 | Article | Article |

Black Hat: new operating systems security metric

Heise Security - Daniel Bachfeld March 28, 2008 | Article | Article |

Apple Crumble @ Blackhat

IBM ISS X-Force - Gunter Ollmann March 28, 2008 | Article | Article |

Terrifying Computer Owners Part X

Wall Street Journal WSJ - Business Technology March 28, 2008 | Article |

Microsoft vs. Apple: Who patches 0-days faster?

IT World - Jeremy Kirk March 27, 2008 | Article | Article |

Microsoft or Apple - Who Is the Faster Patcher?

SlashDot - Zonk March 27, 2008 | Article | Article |

Tatort Internet

ETH Life - Samuel Schläfli March 11, 2008 | Article | Article |

Angriff der Mail-Bürokratie

Viele große E-Mail-Server lassen sich für eine neuartige Art von Denial-of-Service-Angriffen missbrauchen, bei denen das Opfer mit Nachrichten über fehlgeschlagene Zustellungsversuche überflutet wird
Heise Security - Jürgen Schmidt April 14, 2004 | Article | Article |

Email attack could kill servers

New Scientist - Will Knight April 6, 2004 | Article | Article |

The Joe Job DoS attack, Mail bomb attack brown alert

A problem with the way that non-delivery notifications are sent by many mail servers could be exploited to launch "mail bomb" denial of service attacks.
The Register - John Leyden April 6, 2004 | Article | Article |