Author: navin

Buying and Selling Software Bugs

The New York Times has an interesting article on how a market exists for software bugs. If you find a new bug in any software (typically a security related issue) you can sell it on the market – either to “legal” buyers like security companies, who do it to plug the holes, or to hackers and other internet criminals who can use the knowledge for identity-theft schemes or spam attacks.

Excerpt:
The Japanese security firm Trend Micro said in December that it had found a Vista flaw for sale on a Romanian Web forum for $50,000. Security experts say that the price is plausible, and that they regularly see hackers on public bulletin boards or private online chat rooms trying to sell the holes they have discovered, and the coding to exploit them.

And also:

“To find a vulnerability, you have to do a lot of hard work,” said Evgeny Legerov, founder of a small security firm, Gleg Ltd., in Moscow. “If you follow what they call responsible disclosure, in most cases all you receive is an ordinary thank you or sometimes nothing at all.”

Gleg sells vulnerability research to a dozen corporate customers around the world, with fees starting at $10,000 for periodic updates. Mr. Legerov says he regularly turns down the criminals who send e-mail messages offering big money for bugs they can use to spread malicious programs like spyware.

Mis-wanting: People don’t really know what they’ll want in the future

See this interesting article on how we really know much less about our (future) desires than we think.

Excerpt:

My favourite is a simple experiment in which two groups of participants get free sandwiches if they participate in the experiment – a doozie for any undergraduate.

One group has to choose which sandwiches they want for an entire week in advance. The other group gets to choose which they want each day. A fascinating thing happens. People who choose their favourite sandwich each day at lunchtime also often choose the same sandwich. This group turns out to be reasonably happy with its choice.

Amazingly, though, people choosing in advance assume that what they’ll want for lunch next week is a variety. And so they choose a turkey sandwich Monday, tuna on Tuesday, egg on Wednesday and so on. It turn out that when next week rolls around they generally don’t like the variety they thought they would. In fact they are significantly less happy with their choices than the group who chose their sandwiches on the day.

Also:
For example, how good would you feel if you won the lottery? Most people predict their lives will be completely changed and they’ll be much happier. What does the research find? Yes, people are measurably happier after they’ve just won, but six months down the line they’re back to their individual ‘baseline’ level of happiness.

Ian McDonald’s book “River of Gods (August 15, 2047 – Happy Birthday India)”

Ian McDonald’s sci-fi book “River of Gods” which is set in India on its 100th birthday sounds very interesting.

From Boing Boing:

River is the story of India’s 100th birthday, when the great nation has fractured into warring subnations on caste, religious and cultural lines. Like McDonald’s other great novels, the story is beyond epic, with an enormous cast of richly realised characters and a vivid, luminous vision of techno-Hinduism that beggars the imagination.