Frank Li scite author profile

The Heartbleed vulnerability took the Internet by surprise in April 2014. The vulnerability, one of the most consequential since the advent of the commercial Internet, allowed attackers to remotely read protected memory from an estimated 24-55% of popular HTTPS sites. In this work, we perform a comprehensive, measurementbased analysis of the vulnerability's impact, including (1) tracking the vulnerable population, (2) monitoring patching behavior over time, (3) assessing the impact on the HTTPS certificate ecosystem, and (4) exposing real attacks that attempted to exploit the bug. Furthermore, we conduct a large-scale vulnerability notification experiment involving 150,000 hosts and observe a nearly 50% increase in patching by notified hosts. Drawing upon these analyses, we discuss what went well and what went poorly, in an effort to understand how the technical community can respond more effectively to such events in the future.

show abstract

A Large-Scale Empirical Study of Security Patches

Paxson

2017

154

106

View full text Add to dashboard Cite

Target generation for internet-wide IPv6 scanning

Murdock

Bramsen

et al. 2017

View full text Add to dashboard Cite

Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications

Stock

Pellegrino

et al. 2018

View full text Add to dashboard Cite

After treating the notification of vulnerable parties as mere side-notes in research, the security community has recently put more focus on how to conduct vulnerability disclosure at scale. The first works in this area have shown that while notifications are helpful to a significant fraction of operators, the vast majority of systems remain unpatched. In this paper, we build on these previous works, aiming to understand why the effects are not more significant. To that end, we report on a notification experiment targeting more than 24,000 domains, which allowed us to analyze what technical and human aspects are roadblocks to a successful campaign. As part of this experiment, we explored potential alternative notification channels beyond email, including social media and phone. In addition, we conducted an anonymous survey with the notified operators, investigating their perspectives on our notifications. We show the pitfalls of email-based communications, such as the impact of anti-spam filters, the lack of trust by recipients, and the hesitation in fixing vulnerabilities despite awareness. However, our exploration of alternative communication channels did not suggest a more promising medium. Seeing these results, we pinpoint future directions in improving security notifications.

show abstract

High-precision sizing of nanoparticles by laser transmission spectroscopy

Li¹,

Schafer²,

Hwang³

et al. 2010

Appl. Opt.

View full text Add to dashboard Cite

We describe the implementation of precision laser transmission spectroscopy for sizing and counting nanoparticles in suspension. Our apparatus incorporates a tunable laser and balanced optical system that measures light transmission over a wide (210-2300 nm) wavelength range with high precision and sensitivity. Spectral inversion is employed to determine both the particle size distribution and absolute particle density. In this paper we discuss results for particles with sizes (diameters) in the range from 5 to 3000 nm. For polystyrene particles 404 to 1025 nm in size, uncertainties of ±0.5% in size and ±4% in density were obtained. For polystyrene particles from 46 to 3000 nm in size, the dynamic range of the system spans densities from ~10(3)/ml to ~10(10)/ml (5 × 10(-8) to 0.5 vol. %), implying a sensitivity 5 orders of magnitude higher than dynamic light scattering.

show abstract

Quantitative and Rapid DNA Detection by Laser Transmission Spectroscopy

Mahon

Barnes

et al. 2011

PLoS ONE

View full text Add to dashboard Cite

Laser transmission spectroscopy (LTS) is a quantitative and rapid in vitro technique for measuring the size, shape, and number of nanoparticles in suspension. Here we report on the application of LTS as a novel detection method for species-specific DNA where the presence of one invasive species was differentiated from a closely related invasive sister species. The method employs carboxylated polystyrene nanoparticles functionalized with short DNA fragments that are complimentary to a specific target DNA sequence. In solution, the DNA strands containing targets bind to the tags resulting in a sizable increase in the nanoparticle diameter, which is rapidly and quantitatively measured using LTS. DNA strands that do not contain the target sequence do not bind and produce no size change of the carboxylated beads. The results show that LTS has the potential to become a quantitative and rapid DNA detection method suitable for many real-world applications.

show abstract

Augur: Internet-Wide Detection of Connectivity Disruptions

Pearce

Ensafi

et al. 2017

View full text Add to dashboard Cite

Web-based Attacks to Discover and Control Local IoT Devices

Acar

Huang

et al. 2018

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Frank Li

The Matter of Heartbleed

A Large-Scale Empirical Study of Security Patches

Target generation for internet-wide IPv6 scanning

Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications

High-precision sizing of nanoparticles by laser transmission spectroscopy

Quantitative and Rapid DNA Detection by Laser Transmission Spectroscopy

Augur: Internet-Wide Detection of Connectivity Disruptions

Web-based Attacks to Discover and Control Local IoT Devices

Contact Info

Product

Resources

About