Four short links: 11 December 2017

Programming Falsehoods, Money Laundering, Vulnerability Markets, and Algorithmic Transparency

By Nat Torkington
December 11, 2017
  1. Falsehoods Programmers Believe About Programming — I feel like “understanding programming” is like learning about science in school: it’s a progressive series of “well, actually it’s more complicated than that” until you’re left questioning your own existence. (Descartes would tell us computo ergo sum.)
  2. KleptocratYou are a corrupt politician, and you just got paid. Can you hide your dirty money from The Investigator and cover your tracks well enough to enjoy it? The game is made by a global investigative firm that specializes in tracing assets. A+ for using games to Share What You Know. (via BoingBoing)
  3. Learn faster. Dig deeper. See farther.

    Join the O'Reilly online learning platform. Get a free trial today and find answers on the fly, or master something new and useful.

    Learn more
  4. Economic Factors of Vulnerability Trade and ExploitationIn this paper, we provide an empirical investigation of the economics of vulnerability exploitation, and the effects of market factors on likelihood of exploit. Our data is collected first-handedly from a prominent Russian cybercrime market where the trading of the most active attack tools reported by the security industry happens. Our findings reveal that exploits in the underground are priced similarly or above vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle of exploits is slower than currently often assumed. On the other hand, cybercriminals are becoming faster at introducing selected vulnerabilities, and the market is in clear expansion both in terms of players, traded exploits, and exploit pricing. We then evaluate the effects of these market variables on likelihood of attack realization, and find strong evidence of the correlation between market activity and exploit deployment. (via Paper a Day)
  5. Principles for Algorithmic Transparency (ACM) — Awareness; Access and redress; Accountability; Explanation; Data provenance; Auditability; and Validation and Testing. (via Pia Waugh)
Post topics: Four Short Links