Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: nnp (version5gmail.com)
Date: Sun Aug 03 2008 - 05:57:00 CDT
On Sun, Aug 3, 2008 at 3:30 AM, root <root_fibertel.com.ar> wrote:
> Dave Aitel wrote:
>> These are not the papers you're looking for.
>> Seriously, there's nothing there to scare an network offense
>> professional. I don't think it's w00t's fault, either. I think the
>> research communities are diverging into public and private, as this
>> research gets more expensive to do.
>> USENIX may not be the place for academic treatment of offensive security
>> research. A friend of mine wonders if there's any future for academic
>> treatment of the subject at all. He wonder's wistfully of course, since
>> he likes academia.
>> Anyways, either be scary or be silly. There's no middle ground here.
>> It's a fundamental truth in this field: You're either in, or you're out.
> Commercial security conferences don't have great academic value because
> they are not peer reviewed (well, not reviewed by academic people) and
> there are other much important academic journals like ieee, etc. that in
> theory don't accept money in exchange for the publication of an article.
I'd like to get everyone else's opinion/experiences with articles from
so called 'peer reviewed' journals like IEEE and the rest. I've spent
the past 8 weeks or so working on a project as a research monkey at my
uni and spent the first few weeks pouring over journals etc. When it
actually came time for implementation though I discovered a huge array
of problems that had not been mentioned in the articles (and were
presumably ignored as acceptable sources of error). When I contacted
the authors requesting to see their software so I could determine if
they had solutions to the problems I was either ignored or blown off
with excuses like "we currently don't have the resources to make that
available". In my opinion this brings all of their results into
question when outsiders don't know exactly what sources of error they
deemed acceptable. If some academics aren't bothering to release their
software and their results are questionable then what purpose do they
serve other than to fill pages in journals?
So my question basically boils down to, how much reviewing actually
goes on? i.e Do they run the software? Do they examine code or
formulae? Or is it just a case of 'well it looks right'?
> Believe me, i had a hard time convincing my thesis advisor of the
> importance of being a speaker on Blackhat...
> Anyway, cryptography and cryptanalysis (offensive or not) is certainly
> dominated by academia, and I don't see that changing on the future.
> Dailydave mailing list
> Dailydave mailing list
Dailydave mailing list