Let's Encrypt: an automated certificate authority to encrypt the entire web
J Aas, R Barnes, B Case, Z Durumeric… - Proceedings of the …, 2019 - dl.acm.org
Let's Encrypt is a free, open, and automated HTTPS certificate authority (CA) created to
advance HTTPS adoption to the entire Web. Since its launch in late 2015, Let's Encrypt has …
advance HTTPS adoption to the entire Web. Since its launch in late 2015, Let's Encrypt has …
SoK: Quantifying cyber risk
This paper introduces a causal model inspired by structural equation modeling that explains
cyber risk outcomes in terms of latent factors measured using reflexive indicators. First, we …
cyber risk outcomes in terms of latent factors measured using reflexive indicators. First, we …
A {Large-Scale} Measurement of Website Login Policies
S Al Roomi, F Li - 32nd USENIX Security Symposium (USENIX Security …, 2023 - usenix.org
Authenticating on a website using a password involves a multi-stage login process, where
each stage entails critical policy and implementation decisions that impact login security and …
each stage entails critical policy and implementation decisions that impact login security and …
How website owners face privacy issues: Thematic analysis of responses from a covert notification study reveals diverse circumstances and challenges
Many websites contain services from third parties. Misconfigurations of these services can
lead to missing compliance with legal obligations and privacy risks for website users …
lead to missing compliance with legal obligations and privacy risks for website users …
Effective notification campaigns on the web: A matter of trust, framing, and support
Misconfigurations and outdated software are a major cause of compromised websites and
data leaks. Past research has proposed and evaluated sending automated security …
data leaks. Past research has proposed and evaluated sending automated security …
Comparing large-scale privacy and security notifications
C Utz, M Michels, M Degeling… - Proceedings on …, 2023 - publications.cispa.saarland
Over the last decade, web security research has used notification campaigns as a tool to
help web operators fix security problems or stop infrastructure abuse. First attempts at …
help web operators fix security problems or stop infrastructure abuse. First attempts at …
Deployment of source address validation by network operators: a randomized control trial
IP spoofing, sending IP packets with a false source IP address, continues to be a primary
attack vector for large-scale Denial of Service attacks. To combat spoofing, various …
attack vector for large-scale Denial of Service attacks. To combat spoofing, various …
Best Practices for Notification Studiesfor Security and Privacy Issues on the Internet
Researchers help operators of vulnerable and non-compliant internet services by
individually notifying them about security and privacy issues uncovered in their research. To …
individually notifying them about security and privacy issues uncovered in their research. To …
Snail mail beats email any day: on effective operator security notifications in the internet
In the era of large-scale internet scanning, misconfigured websites are a frequent cause of
data leaks and security incidents. Previous research has investigated sending automated …
data leaks and security incidents. Previous research has investigated sending automated …
Study on domain name system (dns) abuse: Technical report
A safe and secure Domain Name System (DNS) is of paramount importance for the digital
economy and society. Malicious activities on the DNS, generally referred to as" DNS abuse" …
economy and society. Malicious activities on the DNS, generally referred to as" DNS abuse" …