hax0rs vs. Ivory Tower (vs demoscene ;-)
While the rest of my coworkers bounced between parties^H^H^H^H presentations in Vegas, I sat in a Vancouver hotel room reviewing papers with a program committee between talks. The divide between those who break and those who build was never starker – with the exception of Jason Franklin’s 802.11 device fingerprinting (the alternate-universe version of Johnny Cache’s work in the same area), I saw almost no overlap in presentations between the two camps. Cats on one side, and mice on the other (with the notable exception of Matt Blaze, who is one of the more aggro cats around).
That Ivan Arce had to explain in an invited talk how a generation of programmers weaned on TRS-80, C64, and Amiga game programming / cracking kickstarted a renaissance in Internet insecurity (Thomas Lopatic in 1995 with the first public stack overflow since the Morris worm, Solar Designer on win32, etc.) illustrates just how large the gap has grown between security researchers and practitioners. Not that it’s a bad thing, necessarily – just sort of a shame that a lot of academic work doesn’t have the benefit of access to real-world data and problem sets, institutional history, best / common practice, or the kind of thorough, offensive evaluation a skilled attacker brings to a system.
Anyhow, it turns out both conferences also conflicted with ASSEMBLY O6. I didn’t go, but in the spirit of sharing, here’s one anonymous security researcher/practitioner’s Amiga demos and games from the late 80’s to tide you over… 🙂