Press Coverage Of My Research

Some of my publications and research resonated quite a bit in the community and press. Below an incomplete list of press coverage I am aware of.


.

2004 to 2015

All 2015 2014 2013 2012 2011 2010 2009 2008 2004

Authors and journalists 2004 to 2015:

Anatol Hug (1), Andreas Hirstein (5), ANW (1), Brian Krebs (7), Brian Proffitt (1), Bruce Schneier (3), Business Technology (1), C. Walsh (1), CHS (1), Dan Goodin (2), Dan Raywood (2), Daniel Bachfeld (4), djwm (1), Franziska Schmid (1), Gregg Keiser (2), Gunter Ollmann (3), Jacqui Cheng (1), Jeremy Kirk (3), Joel Hruska (1), John Leyden (4), John P. Mello (1), John Suffolk (1), John Timmer (1), Jürg Müller (1), Jürgen Schmidt (1), Lucian Constantin (1), Lukas Mäder (1), Manfred Kloiber (1), Mark Long (1), Mathias Röckel (1), Maurizio Minetti (1), Michael Winter (1), Peter Rüegg (1), Robert Lemos (4), Robert Vamosi (2), Samuel Schläfli (1), Scott Orgera (1), Steve Ragan (3), Thomas Claburn (1), Thomas Dubendorfer (1), Timothy (1), Will Knight (1), Zonk (1)


Mit dem permanenten Risiko leben

Wegen der rasenden Geschwindigkeit der Digitalisierung sind sichere IT-Systeme eine Illusion. Wirtschaft und Politik sollten weniger den perfekten Schutz anstreben, als die Handhabung von Gefahren verbessern.
NZZ Online - Jürg Müller September 1, 2015 | Article | Article |


Einen Euro ausgeben, um Schaden von 100 Euro abzuwenden

Es gibt verschiedene Arten von Programmen, welche Softwareschwachstellen („Bug Bounty Program“) aufkaufen. Zwei bekannte Anbieter von Sicherheitssoftware und Diensten betreiben seit zehn Jahren Aufkaufprogramme.
ECO Verband Deutscher Internetwirtschaft - Mathias Röckel September 15, 2014 | Article | Article |


NSS Labs Backs Global Bounty Program to Cut Software Flaw Prevalence

A new study proposes that software firms buy the most critical code flaws as a cost-effective way to reduce rising economic losses from cyber-crime
eWeek - Robert Lemos December 19, 2013 | Article | Article |


The Case for a Compulsory Bug Bounty

Frei proposes creating a multi-tiered, “international vulnerability purchase program” (IVPP), in which the major software vendors would be induced to purchase all of the available and known vulnerabilities at prices well above what even the black market is willing to pay for them
Krebs on Security - Brian Krebs December 17, 2013 | Article | Article |


Security Vulnerabilities of Legacy Code

An interesting research paper documents a "honeymoon effect" when it comes to software and vulnerabilities: attackers are more likely to find vulnerabilities in older and more familiar code. It's a few years old, but I haven't seen it before now. The paper is by Sandy Clark, Stefan Frei, Matt Blaze, and Jonathan Smith: "Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities”.
Schneier on Security - Bruce Schneier December 17, 2013 | Article | Article |


How Many Zero-Days Hit You Today?

Frei also took stock of the software vulnerabilities collected by these two companies, and found that between 2010 and 2012, the ZDI and VCP programs together published 1,026 flaws, of which 425 (44 percent) targeted flaws in Microsoft, Apple, Oracle, Sun and Adobe products. The average time from purchase to publication was 187 days.
Krebs on Security - Brian Krebs December 5, 2013 | Article | Article |


Stacked Security Tools Detect Less Malware than Predicted

Combining two security products can improve detection rates of attacks, but generally less than predicted, research finds.
eWeek - Robert Lemos May 26, 2013 | Article | Article |


Layered defenses largely fail to block exploits, says NSS

Research lab finds a mix of products from different vendors is best for 'defense in depth'
CSO Online - John P. Mello May 24, 2013 | Article | Article |


The Surprising Holes The IT Security "Kill Chain" Is Neglecting

Security exploits don't have expiration dates - why you can't count on a multi-vendor, multi-layer "kill chain" to protect your company
ReadWrite - Brian Proffitt February 27, 2013 | Article |


Flaw Flood Busts Bug Bank


Krebs on Security - Brian Krebs February 4, 2013 | Article |


HUAWEI Cyber Security Perspectives

In a presentation to the RSA Conference, Dr Stefan Frei, the Research Analyst Director at Secunia, a Danish computer security service provider, articulated how the threat environment is changing from script-kiddies undertaking hacking for curiosity to experts developing a means for others to implement for personal gain.
Huawey - John Suffolk March 1, 2012 | Article |


Better security needs 'more informed patching'

Security firm Secunia finds that the most popular three-dozen programs account for 80 percent of vulnerabilities. Better patching could help security, but not everyone agrees.
CSO Online - Robert Lemos July 25, 2011 | Article |


Could automated patching software be the solution to IT flaws?


SC Magazine - Dan Raywood January 20, 2011 | Article |


Stuxnet - Hier war ein Expertenteam am Werk

Wovor Sicherheitsexperten seit Jahren warnen, das ist nun eingetreten: Erstmals ist ein Computerschädling aufgetaucht, der digitale Steuerungen von Industrieanlagen angreift.
NZZ am Sonntag - Andreas Hirstein September 26, 2010 | Article |


Third-party software bugs skyrocket in 2010


Computerworld - Gregg Keiser July 12, 2010 | Article |


Schwachstellen ohne Ende


NZZ am Sonntag - Andreas Hirstein July 12, 2010 | Article |


Patching the Security Update Process


MIT Technology Review - Brian Krebs March 10, 2010 | Article |


To be completely patched requires an average of between 51 and 86 actions per year


SC Magazine UK - Dan Raywood March 8, 2010 | Article | Article |


Windows-Tool soll Update-Plagerei überflüssig machen


Heise Security - Daniel Bachfeld March 8, 2010 | Article | Article |


Yep, There’s a Patch for That


Krebs on Security - Brian Krebs March 5, 2010 | Article | Article |


Think software patching is a hassle? You're not alone


The Register - Dan Goodin March 5, 2010 | Article | Article |


Typical Windows user patches every 5 days


InfoWorld - Gregg Keiser March 4, 2010 | Article | Article |


Typical Windows User Patches Every 5 Days


SlashDot - March 4, 2010 | Article |


Secunia Readies Free Automatic Patching Solution


Softpedia - Lucian Constantin March 3, 2010 | Article |


Diebe im Internet: Kreditkarten-Daten geklaut

«Kassensturz» zeigt, wie leicht es ist, gestohlene Kreditkarten-Daten im Internet zu kaufen und mit ihnen teure Waren zu bestellen. Sicherheitsexperte Stefan Frei von der ETH Zürich erklärt, dass Hacker heute nicht mehr über viel Computerwissen verfügen müssen, um solche Schadprogramme zu erstellen, und zeigt in einer live Demo wie das geht.
SRF TV - Anatol Hug November 17, 2009 | Article |


IT-Experte: Hacker kann man nicht finden


20 Minuten - Lukas Mäder October 28, 2009 | Article | Article |


Automatisch Sicher

Sicherheits-Updates gibt es für jeden Internet-Browser. Wirklich wirksam ist der Schutz aber nur dann,wenn er ohne aktive Mitwirkung des Nutzers auskommt.
NZZ am Sonntag - Andreas Hirstein May 10, 2009 | Article | Article |


Firefox, Chrome users more up to date than Safari and Opera


Ars Technica - Jacqui Cheng May 6, 2009 | Article | Article |


Safari, Opera Users Lag Behind in Security Updates


WashingtonPost - Brian Krebs May 6, 2009 | Article | Article |


Safari, Opera browsers patch-shy, says study


The Register - Dan Goodin May 6, 2009 | Article | Article |


Apple, Opera slammed over browser patch regimes


PC World - Jeremy Kirk May 6, 2009 | Article | Article |


Study says silent updates enhance security


H-Security - djwm May 4, 2009 | Article | Article |


Report: Using silent updates boosts browser security


The Tech Herald - Steve Ragan May 4, 2009 | Article | Article |


Studie: Stille Updates erhöhen Sicherheit


Heise Security - Daniel Bachfeld May 4, 2009 | Article | Article |


Convenience is number one factor in keeping browsers secure


Ars Technica - John Timmer January 27, 2009 | Article | Article |


Easy updates best for browser patching


The Register - John Leyden January 27, 2009 | Article | Article |


Software makers should take responsibility

A recent study of Internet browsers worldwide discovered that over half – 52% – of Internet Explorer users weren't using the current version of the software.
The Guardian - Bruce Schneier July 17, 2008 | Article | Article |


Are you using the latest web browser?


Google Security - Thomas Dubendorfer July 16, 2008 | Article | Article |


Nur von Hackern empfohlen

Fast jeder zweite Internetsurfer benutzt eine veraltete Browser-Version. Dasmacht anfällig für Angriffe aus dem Umfeld der organisierten Kriminalität.
NZZ am Sonntag - Andreas Hirstein July 13, 2008 | Article | Article |


Online risk due to browser flaws

The Swiss Institute of Technology, Google and IBM conducted the study and found 600 million users had not updated their browsers. "Failure to apply patches promptly or missing them entirely is a recipe for disaster," the report said.
BBC News - July 8, 2008 | Article | Article |


Vulnerabilities in Web Browsers Worry Researchers

A study by the Swiss Federal Institute of Technology, Google and IBM found more than 600 million outdated Internet browsers were at risk this year, with plug-ins adding to the problem. The study praised the auto-update mechanism in Firefox for both the browser and its plug-ins, and said Firefox updates are more frequent than for Internet Explorer.
CIO Today - Mark Long July 8, 2008 | Article | Article |


Firefox Users Stay Ahead On the Update Curve

Firefox users were far and away the most likely to use the latest version, with an overwhelming 83.3 percent running an updated browser on any given day
Slashdot - Timothy July 8, 2008 | Article |


Browser mit Demenz

Regelmässig wird über Sicherheitslücken in Internetbrowsern berichtet. Dennoch dauert es immer noch zu lange, bis die Mängel beseitigt werden. Viele Hacker nutzen indes die Zeit, um die publizierten Schwächen zu nutzen.
Deutschlandfunk - Manfred Kloiber July 5, 2008 | Article | Article |


Browser Insecurity

This excellent paper measures insecurity in the global population of browsers, using Google's web server logs. Why is this important? Because browsers are an increasingly popular attack vector.
Schneier on Security - Bruce Schneier July 3, 2008 | Article | Article |


Built-in browser expiry proposed to fight botnet menace

The security researchers reckon browser makers could improve internet security by taking a leaf from the book of food manufactures and applying a "best before" date to browser and plug-in software. The theory is that a built-in expiry date would ensure that more users update in a timely fashion.
The Register - John Leyden July 3, 2008 | Article | Article |


637 million Excuses


IBM ISS X-Force - Gunter Ollmann July 3, 2008 | Article | Article |


Web Browser Insecurity and Online Banking


PaymentNews - July 3, 2008 | Article | Article |


Report: 637 million Web surfers using old browsers open to hackers

Updated your Web browser lately? Ever? If not, you and 637 million other Net surfers with outdated, insecure browsers are inviting criminal hackers into your computer, researchers warn.
USA Today - Michael Winter July 2, 2008 | Article | Article |


Have You Updated Your Browser Lately?


About.com - Scott Orgera July 2, 2008 | Article | Article |


Web surfers, it's time to patch

Using data collected by Google from January 2007 to June 2008, the researchers compared the major and minor version numbers of the browsers used by visitors with the most up-to-date version of their software at that time.
SecurityFocus - Robert Lemos July 2, 2008 | Article | Article |


Report: Outdated browsers put 637m users at risk


Zdnet UK - Robert Vamosi July 2, 2008 | Article | Article |


40% of surfers don't bother with browser security updates


Ars Technica - Joel Hruska July 1, 2008 | Article | Article |


Researchers: 637 million browser users at risk


CNET News - Robert Vamosi July 1, 2008 | Article | Article |


More than 600M users are surfing at risk study says


The Tech Herald - Steve Ragan July 1, 2008 | Article | Article |


Forty Percent of Web Users Surf With Unsafe Browsers

A comprehensive new study of online surfing habits released today found that only 60 percent of the planet's Internet users surf the Web with the latest, most-secure versions of their preferred Web browsers
The Washington Post - Brian Krebs July 1, 2008 | Article | Article |


Study: Firefox patched quickest, IE a laggard


SecurityFocus - C. Walsh July 1, 2008 | Article | Article |


Study: Unpatched Web Browsers Prevalent on the Internet


PC World - Jeremy Kirk July 1, 2008 | Article | Article |


637 million Users Vulnerable to Attack


IBM ISS X-Force - Gunter Ollmann July 1, 2008 | Article | Article |


Webbrowser mit Verfallsdatum

Weltweit benutzen mehr als 600 Millionen Internetuser zum Surfen nicht die sicherste Version ihres Webbrowsers. Im Bestreben um mehr Sicherheit im Internet empfiehlt nun eine Studie der ETH Zürich, ein «Verfallsdatum» für Webbrowser einzuführen und dieses deutlich sichtbar auf der Benutzeroberfläche zu placieren.
NZZ Online - CHS July 1, 2008 | Article | Article |


Forscher fordern Verfallsdatum für Webbrowser


Heise Security - ANW July 1, 2008 | Article | Article |


ETH fordert "Verfallsdatum" für Webbrowser


Inside IT - Maurizio Minetti July 1, 2008 | Article | Article |


Neue ETH-Studie zur Browsersicherheit


Informationsdienst Wissenschaft - Franziska Schmid July 1, 2008 | Article | Article |


Mehr Lücken als ein Windows-PC


NZZ am Sonntag - Andreas Hirstein April 6, 2008 | Article | Article |


Mythos entzaubert


ETH Life - Peter Rüegg April 3, 2008 | Article | Article |


Blackhat: Is Apple lacking in the security department


The Tech Herald - Steve Ragan April 1, 2008 | Article | Article |


Apple lags MS in security response


The Register - John Leyden March 31, 2008 | Article | Article |


Apples Security Patch Process Gets Worse While Microsofts Gets Better


Information Week - Thomas Claburn March 31, 2008 | Article | Article |


Black Hat: Neue Metrik für Sicherheit von Betriebssystemen vorgestellt


Heise Security - Daniel Bachfeld March 28, 2008 | Article | Article |


Black Hat: new operating systems security metric


Heise Security - Daniel Bachfeld March 28, 2008 | Article | Article |


Apple Crumble @ Blackhat


IBM ISS X-Force - Gunter Ollmann March 28, 2008 | Article | Article |


Terrifying Computer Owners Part X


Wall Street Journal WSJ - Business Technology March 28, 2008 | Article |


Microsoft vs. Apple: Who patches 0-days faster?


IT World - Jeremy Kirk March 27, 2008 | Article | Article |


Microsoft or Apple - Who Is the Faster Patcher?


SlashDot - Zonk March 27, 2008 | Article | Article |


Tatort Internet


ETH Life - Samuel Schläfli March 11, 2008 | Article | Article |


Angriff der Mail-Bürokratie

Viele große E-Mail-Server lassen sich für eine neuartige Art von Denial-of-Service-Angriffen missbrauchen, bei denen das Opfer mit Nachrichten über fehlgeschlagene Zustellungsversuche überflutet wird
Heise Security - Jürgen Schmidt April 14, 2004 | Article | Article |


Email attack could kill servers


New Scientist - Will Knight April 6, 2004 | Article | Article |


The Joe Job DoS attack, Mail bomb attack brown alert

A problem with the way that non-delivery notifications are sent by many mail servers could be exploited to launch "mail bomb" denial of service attacks.
The Register - John Leyden April 6, 2004 | Article | Article |



About

HOME | TOOLS | BUG BOUNTY | TOP 10 | PUBLICATIONS IP Address: 54.158.253.134
Date Time: 2017-08-22 12:52:37
Recent Papers
Recent Press Coverage
© 2000-2017 Stefan Frei
techzoom.net