Today’s topics include Facebook’s goal to reduce the number of clickbait headlines in users’ news feeds, DARPA’s Cyber Grand Challenge, which declared the Mayhem system the best in autonomous computer security, Apple’s launch of its first formal bug bounty program, and Google and NYU researchers’ discovery that some software bundling services are intentionally installing unwanted apps on users’ devices.
The revenue model for much of the internet has turned the obligation of news reporting into a competition for readers’ attention—and clicks. The competition has made headlines ever more incendiary, shocking and cliff hanging. In internet parlance: clickbaiting.
And now Facebook is doing something about it. “Our goal with News Feed is to show people the stories most relevant to them,” Facebook Research Scientist Alex Peysakhovich and User Experience Researcher Kristin Hendrix wrote in an Aug. 4 blog post.
To help keep clickbait headlines out of news feeds, Peysakhovich and Hendrix said Facebook is updating its algorithm.
Facebook started by categorizing tens of thousands of headlines as clickbait by considering two points: whether the headline withheld information that changed what a reader understood the story to be about; and whether the headline exaggerated to create “misleading expectations.”
Further, it built a system that identifies frequently used phrases in clickbait headlines, as well as sites that such headlines frequently come from.
After three years of planning and lead-up contests, the finals of the Defense Advanced Research Projects Agency’s Cyber Grand Challenge to show the best in autonomous computer security concluded with a win by the Mayhem system from the ForAllSecure team, which won the $2 million grand prize.
The Xandra system finished in second place, winning $1 million, while the Mechaphish system placed third, claiming $750,000. The three systems finished at the top of a field of seven systems that battled for 8 hours in front of an audience at the DefCon security conference in Las Vegas on Aug. 4.
The contest had 96 rounds, with each round throwing a different challenge at the autonomous systems, and over that time, the systems generated a total of 421 replacement binaries.
Ivan Krstic, head of Apple Security Engineering and Architecture, was a surprise late addition to the Black Hat USA security conference in Las Vegas on Aug. 4 in a session in which he detailed upcoming security features in iOS 10.
At the end of the talk, Krstic made an unexpected announcement—an Apple bug bounty program. “I’m very happy to say that Apple today is announcing an Apple security bug bounty program,” Krstic said as the capacity crowd erupted into spontaneous applause.
Over the years, Apple has benefited from the feedback of security researchers, Krstic said, but it is increasingly difficult to find the most severe vulnerabilities. To that end, the Apple security bug program will reward researchers who share critical vulnerabilities with Apple. Right now, the top reward is $200,000.
Several businesses that make their money bundling third-party software with other applications are using deceptive practices to distribute unwanted apps on user systems, researchers from Google and New York University warned in a report released last week.
The report is based on a yearlong study of the internet’s so-called pay-per-install ecosystem, in which a software developer bundles its apps with another, more popular app in return for a fee.
The researchers identified a total of 15 large pay-per-install networks offering such bundling services scattered across the United States, Russia and Israel.
Nearly 60 percent of the bundled software distributed by pay-per-install networks each week during the period of the study contained apps that at least one antivirus engine flagged as unwanted.