Economic Factors of Vulnerability Trade and Exploitation

Cybercrime markets support the development and diffusion of new attack technologies, vulnerability exploits, and malware. Whereas the revenue streams of cyber attackers have been studied multiple times in the literature, no quantitative account currently exists on the economics of attack acquisition and deployment. Yet, this understanding is critical to characterize the production of (traded) exploits, the economy that drives it, and its effects on the overall attack scenario. In this paper we provide an empirical investigation of the economics of vulnerability exploitation, and the effects of market factors on likelihood of exploit. Our data is collected first-handedly from a prominent Russian cybercrime market where the trading of the most active attack tools reported by the security industry happens. Our findings reveal that exploits in the underground are priced similarly or above vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle of exploits is slower than currently often assumed. On the other hand, cybercriminals are becoming faster at introducing selected vulnerabilities, and the market is in clear expansion both in terms of players, traded exploits, and exploit pricing. We then evaluate the effects of these market variables on likelihood of attack realization, and find strong evidence of the correlation between market activity and exploit deployment. We discuss implications on vulnerability metrics, economics, and exploit measurement.Comment: 17 pages, 11 figures, 14 table

"Concept and Relevance of Income"

Recently, many people criticize the traditionally accepted principles of realization, matching, and allocation. In addition, the reporting performance project in the International Accounting Standards Board (IASB) is willing to substitute the extant concept of net income for the unexperienced concept of comprehensive income with prohibition of recycling of other comprehensive income. On the other hand, the usefulness or relevance of net income has been repeatedly ascertained in empirical studies. It seems that accountants do not necessarily understand the common knowledge in academic circles correctly. This awareness is one of the motives of this paper to review the empirical evidence on relevance of net income. This paper investigates again to confirm the concept of net income by comparing it with similar concepts, which is closely related to net income. This investigation consists of two parts. The first part in Section 2 compares cash flows with net income by focusing on accounting allocation. This comparison emphasizes the rationale for income measurement with allocation of cash flows. The second part in Section 3 compares comprehensive income with net income. By focusing on the difference between the two (i.e. other comprehensive income ), this paper examines, though indirectly, the essential meaning of net income excluding other comprehensive income. The review in this paper deduces the following conclusion. First, although accruals are criticized for being affected by managerial discretion, they are in fact valuable sources of information for investors . This is a commonly accepted academic theory that has been confirmed repeatedly through comparison of the value relevance between earnings and cash flows. Second, we cannot find the evidence that other comprehensive income is value-relevant, though it is expected to respond to the information needs of accountants and analysts. In sum, net income characterized by realization, matching, and allocation is most useful in comparison with cash flows and comprehensive income.

Are 21st-century citizens grieving for their loss of privacy?

Although much research exists that examines cognitive events leading up to information disclosure, such as risk-benefit analysis and state-based and trait-based attributes, minimal research exists that examines user responses after a direct or indirect breach of privacy. The present study examines 1,004 consumer responses to two different high-profile privacy breaches using sentiment analysis. Our findings indicate that individuals who experience an actual or surrogate privacy breach exhibit similar emotional responses, and that the pattern of responses resembles well-known reactions to other losses. Specifically, we present evidence that users contemplating evidence of a privacy invasion experience and communicate very similar responses as individuals who have lost loved ones, gone through a divorce or who face impending death because of a terminal illness. These responses parallel behavior associated with the Kübler-Ross’s five stages of grief

The Impact of the Criminalization of HIV Non-Disclosure on the Health and Human Rights of “Black” Communities

The criminalization of HIV non-disclosure has become a hot topic for discussion and debate amongst human rights advocates, HIV/AIDS service providers, and people infected and affected by HIV/AIDS. This paper explores the inherent problems with HIV non-disclosure laws. These laws are ambiguous and pose a serious threat to public health policy and programming by obstructing the fundamental human rights of people infected and affected by HIV/AIDS. Using a human rights framework, this paper explores the impact of non-disclosure laws on the health and rights of African, Caribbean, and Black-Canadian communities and proposes ways to address the shortcomings of HIV non-disclosure laws and inadequate social policies

"Whose data is it anyway?" The implications of putting small area-level health and social data online

International audienceThe planetary exospheres are poorly known in their outer parts, since the neutral densities are low compared with the instruments detection capabilities. The exospheric models are thus often the main source of information at such high altitudes. We present a new way to take into account analytically the additional effect of the radiation pressure on planetary exospheres. In a series of papers, we present with an Hamiltonian approach the effect of the radiation pressure on dynamical trajectories, density profiles and escaping thermal flux. Our work is a generalization of the study by Bishop and Chamberlain (1989). In this second part of our work, we present here the density profiles of atomic Hydrogen in planetary exospheres subject to the radiation pressure. We first provide the altitude profiles of ballistic particles (the dominant exospheric population in most cases), which exhibit strong asymmetries that explain the known geotail phenomenon at Earth. The radiation pressure strongly enhances the densities compared with the pure gravity case (i.e. the Chamberlain profiles), in particular at noon and midnight. We finally show the existence of an exopause that appears naturally as the external limit for bounded particles, above which all particles are escaping

360 Quantified Self

Wearable devices with a wide range of sensors have contributed to the rise of the Quantified Self movement, where individuals log everything ranging from the number of steps they have taken, to their heart rate, to their sleeping patterns. Sensors do not, however, typically sense the social and ambient environment of the users, such as general life style attributes or information about their social network. This means that the users themselves, and the medical practitioners, privy to the wearable sensor data, only have a narrow view of the individual, limited mainly to certain aspects of their physical condition. In this paper we describe a number of use cases for how social media can be used to complement the check-up data and those from sensors to gain a more holistic view on individuals' health, a perspective we call the 360 Quantified Self. Health-related information can be obtained from sources as diverse as food photo sharing, location check-ins, or profile pictures. Additionally, information from a person's ego network can shed light on the social dimension of wellbeing which is widely acknowledged to be of utmost importance, even though they are currently rarely used for medical diagnosis. We articulate a long-term vision describing the desirable list of technical advances and variety of data to achieve an integrated system encompassing Electronic Health Records (EHR), data from wearable devices, alongside information derived from social media data.Comment: QCRI Technical Repor

IT Risk Factor Disclosure and Stock Price Crashes

As firms are increasingly more dependent on Information Technology (IT) for their business strategies and value creation activities, risks associated with IT become one of the top concerns for corporate boards and managers. This study examines the impact of IT-related risk factor disclosure in Item 1A of the 10-K annual report on stock price crashes. We use Latent Dirichlet Allocation topic modeling to identify risk categories in risk disclosures between 2006 and 2017. IT risk emerged as one of the key risk categories. We find that IT risk disclosure is positively correlated with a firm’s future stock price crash risk. We further separate IT risk factor disclosures into two categories: IT value risk that relates to a firm’s use of and reliance on information technology for its operations to reach its goals and objectives, and cybersecurity risk that could lead to a loss or leak of data. We find that while the correlation between cyber security risk disclosure and a firm’s future crash risk is significant, IT value risk disclosures do not have a significant correlation

PRIMA — Privacy research through the perspective of a multidisciplinary mash up

Based on a summary description of privacy protection research within three fields of inquiry, viz. social sciences, legal science, and computer and systems sciences, we discuss multidisciplinary approaches with regard to the difficulties and the risks that they entail as well as their possible advantages. The latter include the identification of relevant perspectives of privacy, increased expressiveness in the formulation of research goals, opportunities for improved research methods, and a boost in the utility of invested research efforts