Security Scenario Generator (SecGen): A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events

Computer security students benefit from hands-on experience applying security tools and techniques to attack and defend vulnerable systems. Virtual machines (VMs) provide an effective way of sharing targets for hacking. However, developing these hacking challenges is time consuming, and once created, essentially static. That is, once the challenge has been "solved" there is no remaining challenge for the student, and if the challenge is created for a competition or assessment, the challenge cannot be reused without risking plagiarism, and collusion. Security Scenario Generator (SecGen) can build complex VMs based on randomised scenarios, with a number of diverse use-cases, including: building networks of VMs with randomised services and in-thewild vulnerabilities and with themed content, which can form the basis of penetration testing activities; VMs for educational lab use; and VMs with randomised CTF challenges. SecGen has a modular architecture which can dynamically generate challenges by nesting modules, and a hints generation system, which is designed to provide scaffolding for novice security students to make progress on complex challenges. SecGen has been used for teaching at universities, and hosting a recent UK-wide CTF event

Disruption and Deception in Crowdsourcing: Towards a Crowdsourcing Risk Framework

While crowdsourcing has become increasingly popular among organizations, it also has become increasingly susceptible to unethical and malicious activities. This paper discusses recent examples of disruptive and deceptive efforts on crowdsourcing sites, which impacted the confidentiality, integrity, and availability of the crowdsourcing efforts’ service, stakeholders, and data. From these examples, we derive an organizing framework of risk types associated with disruption and deception in crowdsourcing based on commonalities among incidents. The framework includes prank activities, the intentional placement of false information, hacking attempts, DDoS attacks, botnet attacks, privacy violation attempts, and data breaches. Finally, we discuss example controls that can assist in identifying and mitigating disruption and deception risks in crowdsourcing

Hackathons for Libraries and Librarians

Hackathons can be ideal opportunities for libraries and librarians to promote new services and tools. In these social events, attendees form teams and work on a project together within a given time limit. This article explains hackathons, provides a brief history, and details how libraries and librarians can get involved. Similar event structures, like hack days and edit-a-thons, are also considered

The Profiling Potential of Computer Vision and the Challenge of Computational Empiricism

Computer vision and other biometrics data science applications have commenced a new project of profiling people. Rather than using 'transaction generated information', these systems measure the 'real world' and produce an assessment of the 'world state' - in this case an assessment of some individual trait. Instead of using proxies or scores to evaluate people, they increasingly deploy a logic of revealing the truth about reality and the people within it. While these profiling knowledge claims are sometimes tentative, they increasingly suggest that only through computation can these excesses of reality be captured and understood. This article explores the bases of those claims in the systems of measurement, representation, and classification deployed in computer vision. It asks if there is something new in this type of knowledge claim, sketches an account of a new form of computational empiricism being operationalised, and questions what kind of human subject is being constructed by these technological systems and practices. Finally, the article explores legal mechanisms for contesting the emergence of computational empiricism as the dominant knowledge platform for understanding the world and the people within it

Risk Issues in Esports Events: A Proposal for a Research Framework

Online gaming or esports has become extremely popular nowadays. As esports popularity increases, the trend of esports events has also been increasing around the world and all major esports stakeholders such as players, organizers, sponsors, teams and broadcasters are taking this opportunity to step up and shine. People participated and watched esports as a form of entertainment until it is now one of the most popular sports in the world. Players are now fighting to be professional players while event organizers take the opportunity to organize more esports events. However, with no specific policy or guideline regarding esports, many issues and risks could arise especially among the major esports stakeholders. Without proper planning on risk management, not only players but all major stakeholders in esports events could be at great risk. To address the gap, this research will explore major esports event stakeholders and identify risks associated with esports events from the stakeholders’ perspective. The proposed research will first need to explore the esports stakeholders in its preliminary stage and continue with addressing the risks and issues for all major stakeholders at the secondary stage. Methodically, this exploratory research will apply focus study interviews and case studies as its main method of investigation. The framework can later help all esports events stakeholders enhance their planning process through a proper risk management plan. It will also benefit the government in the development of policy regarding esports events

Vaccine innovation, translational research and the management of knowledge accumulation

What does it take to translate research into socially beneficial technologies like vaccines? Current policy that focuses on expanding research or strengthening incentives overlooks how the supply and demand of innovation is mediated by problem-solving processes that generate knowledge which is often fragmented and only locally valid. This paper details some of the conditions that allow fragmented, local knowledge to accumulate through a series of structured steps from the artificial simplicity of the laboratory to the complexity of real world application. Poliomyelitis is used as an illustrative case to highlight the importance of experimental animal models and the extent of co-ordination that can be required if they are missing. Implications for the governance and management of current attempts to produce vaccines for HIV, TB and Malaria are discussed. Article Outlin