Four short links: 5 September 2017
Deep Crowdturfing, Design Omissions, Zork in Hardware, and Checking In Secrets
- Automated Crowdturfing Attacks and Defenses in Online Review Systems — In this paper, we identify a new class of attacks that leverage deep learning language models (recurrent neural networks, or RNNs) to automate the generation of fake online reviews for products and services. Not only are these attacks cheap and therefore more scalable, but they can control rate of content output to eliminate the signature burstiness that makes crowdsourced campaigns easy to detect. […] Finally, we develop novel automated defenses against these attacks, by leveraging the lossy transformation introduced by the RNN training and generation cycle. We consider countermeasures against our mechanisms, show that they produce unattractive cost-benefit tradeoffs for attackers, and that they can be further curtailed by simple constraints imposed by online service providers. (via Bruce Schneier)
- Fifty Things You Probably Forgot to Design — it’s details all the way down, people. (via Glen Barnes)
- Zork CPU — A Verilog implementation of the Infocom Z-Machine V3. Finally, Zork in Hardware!
- An Introduction to Managing Secrets Safely with Version Control Systems (Digital Ocean) — In this guide, we will first talk about how to check for sensitive data already committed to your repository and introduce some mitigation strategies if any material is found. Afterwards, we will cover some tools and techniques for preventing the addition of secrets to repositories, ways to encrypt sensitive data before committing, and alternatives for secure secret storage. Not everything belongs in your version control system.