New Paper: More than 600 million users surf at high risk

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: New Paper: More than 600 million users surf at high risk
From: "Stefan Frei" <stefan.frei@xxxxxxxxxxxx>
Date: Tue, 1 Jul 2008 17:39:51 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:mime-version:content-type:content-transfer-encoding :content-disposition:x-google-sender-auth; bh=3tQxDCiYjtHvisyBTOL5ZQwurKBg3uSCXxH9Pa8K0vU=; b=F+HZn+zpsA+KcgDQsSsRBq5SpbaX8RulKLMOvZG+IpF3O6B5l0sBhEJSdRONqEcRmm wmt034qE43rywAkNxFOqRroMB7s7FVJPrInwR4c9s9v0MVLTxqTCzra00TXxkrLsL/Rv k8WEJsZ7hxjsy2uHDBUzuX4pcKdaeh4EWvIW8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition:x-google-sender-auth; b=U5FiC6FzRhqKaWsDh6nqAvBxXUb0Mgirfyk9MQzrZd5ZmxM8S5FZOE1rl7NTzt/qgY us2e2gzfeuBWgxdO3olxdpdyzvJJnuOeLqb2RlSWnNrwscVdg94i9odGkjDSUVP8ZMTK oyyjTIvJYXYzvWMET0TrPqrZcA4j4ZqKk1iJQ=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Sender: stefan.frei@xxxxxxxxx

Hi List,

For the last 18 month we analyzed the daily USER-AGENT data collected by
Google's Web search and application servers around the world to study how users
patch and update their Web browsers.

We came out that approximately 637 million (or 45.2 percent) users currently
surf the Web on a daily basis with an out-of-date browser – i.e. not running a
current, fully patched Web browser version.

And this is only the tip of what we call the "Insecurity Iceberg", not counting
all the vulnerable browser plug-ins.

One of the new concepts we came up for combating the inadequacies of
Web browser
patching was that of applying the food industries "Best Before" date to the Web
browser and its plug-ins.

Paper:
Understanding the Web browser threat:
Examination of vulnerable online Web browser populations and the
"insecurity iceberg"

Authors
- Stefan Frei, Communication Systems Group, ETH Zurich, Switzerland
- Thomas Duebendorfer, Google Switzerland GmbH
- Gunter Ollmann, IBM Internet Security Systems, USA
- Martin May, Communication Systems Group, ETH Zurich, Switzerland

Paper Download:
http://www.techzoom.net/insecurity-iceberg



Regards
Stefan Frei

Follow-Ups:
- RE: New Paper: More than 600 million users surf at high risk
  - From: Larry Seltzer
- RE: New Paper: More than 600 million users surf at high risk
  - From: Larry Seltzer

Prev by Date: [ GLSA 200807-02 ] Motion: Execution of arbitrary code
Next by Date: Vuln name: Ruby rb_ary_fill() DOS
Previous by thread: [ GLSA 200807-02 ] Motion: Execution of arbitrary code
Next by thread: RE: New Paper: More than 600 million users surf at high risk
Index(es):
- Date
- Thread