![]()
tag:blogger.com,1999:blog-14114712.post3128630081257291463..comments2020-09-19T00:51:49.311-07:00Comments on ADD / XOR / ROL: "Why do you work in security instead of something more lasting ?"halvar.flakehttp://www.blogger.com/profile/12486016980670992738[email protected]Blogger4125tag:blogger.com,1999:blog-14114712.post-31696600916054750702016-10-03T09:44:24.173-07:002016-10-03T09:44:24.173-07:00I just took the wrong content from the copy&pa...I just took the wrong content from the copy&paste buffer ;-).<br /><br />For me the reasons are:<br /><br />A) Interesting (People & Work)<br />B) Always challenging (Problems)<br />C) Huge demand for (Work)<br />Martin Seegerhttps://www.blogger.com/profile/09440144119472251158[email protected]tag:blogger.com,1999:blog-14114712.post-52653417416230800362016-10-02T13:02:09.855-07:002016-10-02T13:02:09.855-07:00True on all accounts. I'd still maintain that ...True on all accounts. I'd still maintain that there's a huge difference between what you describe and a builder. Understanding something, analyzing it and taking it apart is one thing. It has a very well defined objective and a tight set of constraints. Building something new starting with a blank page has neither of those and thus a much larger space to explore. Note that this is not meant as a value statement but rather to point out that these are IMHO fundamentally different activities that require a different mindset.BuschnicKhttps://www.blogger.com/profile/05932499350055246132[email protected]tag:blogger.com,1999:blog-14114712.post-55188418408704137582016-10-01T13:13:13.376-07:002016-10-01T13:13:13.376-07:00the builders vs breaker always gets me.
its never...the builders vs breaker always gets me.<br /><br />its never about breaking unless its the movies. its a bad phrasing.<br /><br />people find flaws because of curiosity. they want to know how stuff works. how it behave. What the thinking was when it was made.<br /><br />Through that process, these curious people find flaws and expose them. They're really just very analytical people - not "breakers".kanghttps://www.blogger.com/profile/14783400325864489700[email protected]tag:blogger.com,1999:blog-14114712.post-50608295189652448812016-10-01T01:52:26.776-07:002016-10-01T01:52:26.776-07:00Wow, thanks for the flowers. Funny thing is I ende...Wow, thanks for the flowers. Funny thing is I ended up doing a lot of readability reviews and am now auditing a lot of code for subtle flaws, so in a way I'm doing a lot of that "worst imaginable job". I can admire the thrill of a good scavenger hunt at a distance. So I kinda get how developing a bug into a full blown exploit can be satisfying. On the other hand it seems kinda pointless to prove again and again that bugs are bad. If your new exploit doesn't uncover an entirely new class of bugs why not just fix it and move on? Boring, but less time wasted.<br /><br />As for tooling. Not to step on anybody's toes here, but I find the average quality of tooling in the security world atrocious (I guess taviso has something to say about this too). And the same goes for most of the code that gets released as open source and more "hacker" type tools as opposed to the commercial kits. Maybe that's similar to the physics world where a lot of the code is also terrible. If you are primarily motivated by reaching a very specific, well defined result (an exploit, a physics computation) you don't (and arguably shouldn't) care how many shortcuts you take on the way getting there. Once the result has been achieved nobody bothers paying down technical debt or trying to find the generic abstractions in the process and thus the wheel gets reinvented and half-built again for the next cycle. A bit sad to watch really. All these smart people wasting time by digging trenches with chop sticks, to use your analogy. Then again, it is hard to find the common threads with all these unique snowflake exploits.BuschnicKhttps://www.blogger.com/profile/05932499350055246132[email protected]
文章来源: http://addxorrol.blogspot.com/feeds/3128630081257291463/comments/default
如有侵权请联系:admin#unsafe.sh