Four short links: 2 November 2009

Inside Botnets, Creating Choropleths, Privacy Simplified, Massively Machiavellian Online Social Gaming

  1. Your Botnet is My Botnet (PDF) — 2008 USENIX Security paper analysing >70G of data gathered when security researchers hijacked the Torpig botnet. A major limitation of analyzing a botnet from the inside is the limited view. Most current botnets use stripped-down IRC or HTTP servers as their command and control channels, and it is not possible to make reliable statements about other bots. In particular, it is difficult to determine the size of the botnet or the amount and nature of the sensitive data that is stolen. One way to overcome this limitation is to “hijack” the entire botnet, typically by seizing control of the C&C channel. […] As a result, whenever a bot resolves a domain (or URL) to connect to its C&C server, the connection is redirected or sinkholed. This provides the defender with a complete view of all IPs that attempt to connect to the C&C server as well as interesting information that the bots might send..
  2. cartographer.js — build thematic maps using Google Maps. To be precise, you can build a choropleth, which is my word of the day. (via Simon Willison)
  3. Making Privacy Policies Not Suck (Aza Raskin) — interested in developing a standard set of privacy policy components the way that Creative Commons has created a standard set of copyright license components.
  4. Scamville: The Social Gaming Ecosystem of Hell (TechCrunch) — many of those games on Facebook that your friends play are evil. To get in-game money or objects, they’ll let you take a survey but at the end you’re signed up for crap you never wanted. Related: this article on monetizing social networks which talks about social gaming’s business model.
tags: , , , , , , ,