ST

S. Tajalizadehkhoob

14 records found

In order to evaluate the prevalence of security and privacy practices on a representative sample of the Web, researchers rely on website popularity rankings such as the Alexa list. While the validity and representativeness of these rankings are rarely questioned, our findings sho ...

Tell me you fixed it

Evaluating vulnerability notifications via quarantine networks

Mechanisms for large-scale vulnerability notifications have been confronted with disappointing remediation rates. It has proven difficult to reach the relevant party and, once reached, to incentivize them to act. We present the first empirical study of a potentially more effectiv ...

Cybercrime after the sunrise

A statistical analysis of DNS abuse in new gTLDs

To enhance competition and choice in the domain name system, ICANN introduced the new gTLD program, which added hundreds of new gTLDs (e.g. .nyc, .io) to the root DNS zone. While the program arguably increased the range of domain names available to consumers, it might also have c ...

The Role of Hosting Providers in Web Security

Understanding and Improving Security Incentives and Performance via Analysis of Large-scale Incident Data

In theory, hosting providers can play an important role in fighting cybercrime and misuse. This is because many online threats, be they high-profile or mundane, use online storage infrastructure maintained by hosting providers at the core of their criminal operations.
Howeve ...
Researchers have observed the increasing commoditization of cybercrime, that is, the offering of capabilities, services, and resources as commodities by specialized suppliers in the underground economy. Commoditization enables outsourcing, thus lowering entry barriers for aspirin ...
Internet security and technology policy research regularly uses technical indicators of abuse to identify culprits and to tailor mitigation strategies. As a major obstacle, current inferences from abuse data that aim to characterize providers with poor security practices often us ...
Over the years cybercriminals have misused the Domain Name System (DNS) - a critical component of the Internet - to gain profit. Despite this persisting trend, little empirical information about the security of Top-Level Domains (TLDs) and of the overall 'health' of the DNS ecosy ...

Herding Vulnerable Cats

A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting

Hosting providers play a key role in fighting web compromise, but their ability to prevent abuse is constrained by the security practices of their own customers. Shared hosting, offers a unique perspective since customers operate under restricted privileges and providers retain m ...

No domain left behind

Is Let's Encrypt democratizing encryption?

The 2013 National Security Agency revelations of pervasive monitoring have led to an "encryption rush" across the computer and Internet industry. To push back against massive surveillance and protect users' privacy, vendors, hosting and cloud providers have widely deployed encryp ...
A variety of botnets are used in attacks on financial services. Banks and security firms invest a lot of effort in detecting and combating malware-assisted takeover of customer accounts. A critical resource of these botnets is their command-and-control (C&C) infrastructure. A ...

Apples, oranges and hosting providers

Heterogeneity and security in the hosting market

Hosting services are associated with various security threats, yet the market has barely been studied empirically. Most security research has relied on routing data and equates providers with Autonomous Systems, ignoring the complexity and heterogeneity of the market. To overcome ...