Comparing Fuzzers on a Level Playing Field with FuzzBench

Fuzzing is a testing approach commonly used in industry to discover bugs in a given software under test (SUT). It consists of running a SUT iteratively with randomly generated (or mutated) inputs, in order to find as many as possible inputs that make the SUT crash. Many fuzzers have been proposed to date, however no consensus has been reached on how to properly evaluate and compare fuzzers. In this work we evaluate and compare nine prominent fuzzers by carrying out a thorough empirical study based on an open-source framework developed by Google, namely FuzzBench, and a manually curated benchmark suite of 12 real-world software systems. The results show that honggfuzz and AFL++ are, in that order, the best choices in terms of general purpose fuzzing effectiveness. The results also show that none of the fuzzers outperforms the others in terms of efficiency across all considered metrics, that no particular bug affinity is found for any fuzzer, and that the correlation found between coverage and number of bugs depends more on the SUT rather than on the fuzzer used

Mycosis fungoides with CD20 expression: report of two cases and review of the literature

Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/107359/1/cup12299.pd

Onion Spoofing: a Novel Technique for Observing Exit Node Traffic for Correlation Attacks

Tor is a tool that is used by 2,000,000 users every day for anonymous internet activity like anonymous web browsing. But, Tor’s suitability for web browsing is not only a cause for its popularity it is also a cause of its biggest weakness. Because Tor is fast enough for web browsing, it is vulnerable to traffic correlation. Traffic correlation is an attack on anonymity where an attacker observing both ends of a victim’s Tor connection can determine that both of these ends are “correlated”, thus revealing who the victim is communicating with. This revelation makes the victim’s communication no longer anonymous. Past research has shown that Tor nodes, Autonomous Systems (AS), and Internet Exchange Points (IXPs) can perform correlation attacks. In this paper we introduce “Onion Spoofing” an attack that uses DNS spoofing to intercept and observe traffic sent out of Tor by exit nodes. We then describe our implementation of Onion Spoofing and how we used it to perform correlation attacks to deanonymize Tor users in experimental settings. After this description, we share measurements we took of the Tor Network. These show that 91% of Tor exits are vulnerable to Onion Spoofing. We also found that 31% of Tor connections at any given time vulnerable to Onion Spoofing by Google. After demonstrating that Onion Spoofing is a threat to anonymity, we suggest mitigations and make recommendations for future work to improve Onion Spoofing

A Modern Approach for Measuring Environmental, Social, and Governance Preferences

With the rapid growth of Environmental, Social, and Governance (ESG) investing, several concerns have been raised regarding the ability of ESG rating companies and investment managers to accurately and transparently reflect the ESG preferences of individual and institutional clients. To address this issue, we developed the ESG Machine, a website used to measure ESG preferences by applying methods from revealed preference theory. In a short time, this website gathered 17,248 decision observations from 800 individuals in 55 countries. A subset of this data is used to better understand the importance of measuring ESG preferences and how preferences vary by demographic. We first measure the rationality of individuals and the relationship to demographics and response time. Second, we examine donation amounts and the impact of prices as well as the equality and efficiency tendencies of individuals. Third, for each individual we estimate the parameters of a two-good Constant Elasticity of Substitution (CES) utility function and analyze the substitution parameters and the preferences towards the social and environmental causes. Fourth, for more than two goods we apply nested CES functions to estimate the aggregate preferences of all individuals and demographic clusters. We find that it is important to measure ESG preferences to improve the accuracy and transparency of ESG investing.M.Eng

The Supination-Pronation Test for Distal Biceps Tendon Rupture.

Prompt diagnosis of a distal biceps tendon complete rupture increases the ability to perform a primary repair and to restore motion and strength. When examining an acute injury, it is important to isolate the biceps brachii tendon from the lacertus fibrosus and the brachialis because the examiner may mistakenly miss a distal tendon rupture by not isolating supination and pronation. The supination-pronation test can be performed easily in the acute setting and confirms attachment of the biceps tendon distally to the bicipital tuberosity of the radius. If the distal biceps tendon is intact, there is substantial change in the shape of the biceps as the arm is supinated (the biceps moves proximally), then pronated (the biceps moves distally). Clinically, the supination-pronation test has been found to be a reliable, pain-free test that should be incorporated in the physical examination to evaluate patients for distal biceps injury

The pricing strategies of online grocery retailers

This paper documents the differences in pricing strategies between online and offline (brick-and-mortar) channels. We collect price data for identical products from leading online grocery retailers in the United States and complement it with offline data for the same products from scanner data. Our findings reveal a consistent pattern: online retailers exhibit higher price dispersion than their offline counterparts. More specifically, online grocers employ price algorithms that amplify price discrimination in three key dimensions: (1) over time (through frequent price changes), (2) across locations (by charging varying prices based on delivery zipcodes), and (3) across sellers (by setting dispersed prices for identical products across rival retailers)

Renal Tubular Dysgenesis: A Description of Early Renal Maldevelopment in Siblings.

A family is described in which three siblings, born after pregnancies complicated by oligohydramnios, developed renal abnormalities. In the first infant, of 38 weeks gestation, histologic changes were nearly identical to those found in renal tubular dysgenesis (RTD), a recently identified disorder characterized by the absence of recognizable renal proximal tubules. Additional findings include bilateral renal vein thrombosis and marked calvarial bone hypoplasia. The other two gestations were 20 and 22 weeks long. Renal histology in these cases showed nonspecific abnormalities with focal tubular dilatation, decreased tubule formation, and increased interstitial connective tissue. Clearly recognizable proximal tubules were present, though decreased in number. The latter two gestations described herein are the earliest examined in a family with RTD and the renal abnormalities may represent early changes seen in this disorder