• Publications
  • Influence
Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation
TLDR
In order to evaluate the prevalence of security and privacy practices on a representative sample of the Web, researchers rely on website popularity rankings such as the Alexa list. Expand
  • 109
  • 18
  • PDF
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting
TLDR
We present an empirical analysis of the distribution of web security features and software patching practices in shared hosting providers, the influence of providers on these security practices, and their impact on web compromise rates. Expand
  • 23
  • 5
  • PDF
Cybercrime After the Sunrise: A Statistical Analysis of DNS Abuse in New gTLDs
TLDR
We present the first comparative study of abuse in the domains registered under the new gTLD program and legacy gTDLs (18 in total, such as .com, .org). Expand
  • 20
  • 4
  • PDF
Let Me Out! Evaluating the Effectiveness of Quarantining Compromised Users in Walled Gardens
TLDR
We present the first empirical study on user behavior and remediation effectiveness of quarantining infected machines in broadband networks. Expand
  • 8
  • 3
  • PDF
Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets
TLDR
We use longitudinal data from online anonymous marketplaces over six years, from the original Silk Road to AlphaBay, and track the evolution of commoditization on these markets. Expand
  • 28
  • 2
  • PDF
No domain left behind: is Let's Encrypt democratizing encryption?
TLDR
We analyze certificate issuance in the first year of LE and show from various perspectives that LE adoption has an upward trend and it is in fact being successful in covering the lower-cost end of the hosting market. Expand
  • 27
  • 1
  • PDF
Apples, oranges and hosting providers: Heterogeneity and security in the hosting market
TLDR
We combined passive DNS data to determine the address space of hosting infrastructure with WHOIS data to identify the associated providers and their IP address space. Expand
  • 21
  • 1
  • PDF
Rotten Apples or Bad Harvest? What We Are Measuring When We Are Measuring Abuse
TLDR
We propose a statistical model of the abuse data generation process, using phishing sites in hosting networks as a case study. Expand
  • 12
  • 1
  • PDF
...
1
2
...