S. Tajalizadehkhoob
15 records found
1
Authored
Tell me you fixed it
Evaluating vulnerability notifications via quarantine networks
Mechanisms for large-scale vulnerability notifications have been confronted with disappointing remediation rates. It has proven difficult to reach the relevant party and, once reached, to incentivize them to act. We present the first empirical study of a potentially more effec ...
The Role of Hosting Providers in Web Security
Understanding and Improving Security Incentives and Performance via Analysis of Large-scale Incident Data
Internet security and technology policy research regularly uses technical indicators of abuse to identify culprits and to tailor mitigation strategies. As a major obstacle, current inferences from abuse data that aim to characterize providers with poor security practices often ...
Cybercrime after the sunrise
A statistical analysis of DNS abuse in new gTLDs
To enhance competition and choice in the domain name system, ICANN introduced the new gTLD program, which added hundreds of new gTLDs (e.g. .nyc, .io) to the root DNS zone. While the program arguably increased the range of domain names available to consumers, it might also hav ...
A variety of botnets are used in attacks on financial services. Banks and security firms invest a lot of effort in detecting and combating malware-assisted takeover of customer accounts. A critical resource of these botnets is their command-and-control (C&C) infrastructure ...
Over the years cybercriminals have misused the Domain Name System (DNS) - a critical component of the Internet - to gain profit. Despite this persisting trend, little empirical information about the security of Top-Level Domains (TLDs) and of the overall 'health' of the DNS ec ...
Herding Vulnerable Cats
A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting
No domain left behind
Is Let's Encrypt democratizing encryption?
Apples, oranges and hosting providers
Heterogeneity and security in the hosting market
Hosting services are associated with various security threats, yet the market has barely been studied empirically. Most security research has relied on routing data and equates providers with Autonomous Systems, ignoring the complexity and heterogeneity of the market. To overc ...