Dailydave mailing list archives
Re: w00t 08
From: nnp <version5 () gmail com>
Date: Sun, 3 Aug 2008 11:57:00 +0100
On Sun, Aug 3, 2008 at 3:30 AM, root <root_ () fibertel com ar> wrote:
Dave Aitel wrote:These are not the papers you're looking for. http://www.usenix.org/event/woot08/tech/full_papers/ Seriously, there's nothing there to scare an network offense professional. I don't think it's w00t's fault, either. I think the research communities are diverging into public and private, as this research gets more expensive to do. USENIX may not be the place for academic treatment of offensive security research. A friend of mine wonders if there's any future for academic treatment of the subject at all. He wonder's wistfully of course, since he likes academia. Anyways, either be scary or be silly. There's no middle ground here. It's a fundamental truth in this field: You're either in, or you're out. -daveCommercial security conferences don't have great academic value because they are not peer reviewed (well, not reviewed by academic people) and there are other much important academic journals like ieee, etc. that in theory don't accept money in exchange for the publication of an article.
I'd like to get everyone else's opinion/experiences with articles from so called 'peer reviewed' journals like IEEE and the rest. I've spent the past 8 weeks or so working on a project as a research monkey at my uni and spent the first few weeks pouring over journals etc. When it actually came time for implementation though I discovered a huge array of problems that had not been mentioned in the articles (and were presumably ignored as acceptable sources of error). When I contacted the authors requesting to see their software so I could determine if they had solutions to the problems I was either ignored or blown off with excuses like "we currently don't have the resources to make that available". In my opinion this brings all of their results into question when outsiders don't know exactly what sources of error they deemed acceptable. If some academics aren't bothering to release their software and their results are questionable then what purpose do they serve other than to fill pages in journals? So my question basically boils down to, how much reviewing actually goes on? i.e Do they run the software? Do they examine code or formulae? Or is it just a case of 'well it looks right'?
Believe me, i had a hard time convincing my thesis advisor of the importance of being a speaker on Blackhat... Anyway, cryptography and cryptanalysis (offensive or not) is certainly dominated by academia, and I don't see that changing on the future. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-- http://www.smashthestack.org http://www.unprotectedhex.com _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- w00t 08 Dave Aitel (Aug 01)
- Re: w00t 08 Charles Miller (Aug 02)
- Re: w00t 08 Mike Patterson (Aug 02)
- Re: w00t 08 Jon Oberheide (Aug 02)
- Re: w00t 08 root (Aug 02)
- Re: w00t 08 nnp (Aug 03)
- Re: w00t 08 Katie M (Aug 03)
- Re: w00t 08 dan (Aug 04)
- Re: w00t 08 Dean Pierce (Aug 03)
- Re: w00t 08 dan (Aug 03)
- Re: w00t 08 nnp (Aug 03)
- Re: w00t 08 Adam Shostack (Aug 03)
- Re: w00t 08 Charles Miller (Aug 04)
- some ISECOM releases Pete Herzog (Aug 07)
- Re: w00t 08 Charles Miller (Aug 02)