Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bridging the Gap Between Hackers and Academics

Posted by kdawson on from the black-hats-in-gowns dept.

Tal Garfinkel writes "There has long been a disconnect between academic computer security and underground forums like Black Hat and Phrack. A new USENIX-sponsored workshop called WOOT (Workshop On Offensive Technologies) is looking to bridge that gap by providing a high-quality, peer-reviewed forum for attack papers, with top reviewers from the academic, open source, commercial IT, and information warfare communities. Got a great attack paper? See if it makes the cut at WOOT."

50 comments

  1. WOOT? by EvanED · · Score: 5, Interesting

    I'm sure the WOOT conference would have been happy to publish "How to 0wn the Internet in Your Spare Time," which, incidentally, has to be the best academic paper title ever.

    1. Re:WOOT? by eviloverlordx · · Score: 2, Funny

      Shouldn't that be 'How to Pwn the Internet in Your Spare Time'?

      --
      'Loose' is when your pants are three sizes too big. 'Lose' is when you misuse 'loose'.
    2. Re:WOOT? by EvanED · · Score: 4, Funny

      This was 2002, before the P took the place of zero.

      But I agree, if it were to be published today, that would be the "proper" title.

    3. Re:WOOT? by nametaken · · Score: 1

      I just want to know what an "information warfare community" is.

      Also, I'd like to know where I sign up for membership, because it _sounds_ bad-ass.

  2. I'm sure academics by Anonymous Coward · · Score: 1, Funny

    can learn a lot from script kitties.

  3. Creating... by Billosaur · · Score: 4, Funny

    ...the Hackademic. Ba-dum-bum. I'm here all week.

    --
    GetOuttaMySpace - The Anti-Social Network
    1. Re:Creating... by ScrewMaster · · Score: 1

      Ackadacker.

      --
      The higher the technology, the sharper that two-edged sword.
    2. Re:Creating... by Tackhead · · Score: 1
      > Ackadacker.

      "It's a HONEYPOT!"

  4. A gap? by saintlupus · · Score: 5, Informative

    There has long been a disconnect between academic computer security and underground forums like Black Hat and Phrack.

    Just because "academics" don't introduce themselves as such to the script kiddies, doesn't mean that we're not around.

    --saint

    1. Re:A gap? by Anonymous Coward · · Score: 0

      Yet you still publish academic articles on subjects that were the topic of a talk at Defcon 3 years ago with no reference. The reverse situation occurs as well. There is a disconnect, and it isn't eliminated because there are a few people who travel in both circles.

  5. A lot about hacking, not so much about bandwidth by 192939495969798999 · · Score: 4, Funny

    Apparently the disconnect may have to do with how bandwidth works, because that site is slashdotted all to hell now! Either that, or during that long delay, they were hacking into my PC. Anyone else get the jitters when they go to a website about hacking and it just sits there and grinds in the browser?

    --
    stuff |
  6. Information warfare communities... by $RANDOMLUSER · · Score: 3, Funny

    I bet they'd be interested in my design for a chair cannon.

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  7. One more exclamation down by Anonymous Coward · · Score: 1, Funny

    Damn it! Now whenever I get a good drop and yell "Woot!", people will think I'm a hacker.

  8. Re:A lot about hacking, not so much about bandwidt by spamking · · Score: 1

    Wouldn't open for me either . . . I actually kept waiting for the site to come up blocked by freakin' websense. Who knew posting this on /. would just about kill their site.

  9. academics ? oh come on now. by unity100 · · Score: 1

    do you think those black hatties, phrakkers etc need academics or "peer review" ? peers need to get themselves reviewed by the other.

    --
    Read radical news here
  10. Kiddies by MatrixCubed · · Score: 1

    Read up.

    1. Re:Kiddies by Ojuice · · Score: 1

      you missed the joke, me thinks.

  11. Whats the point? by splug · · Score: 4, Insightful

    If it is so cutting edge why the hell is the conference "by invitation only, with preference given to the authors of accepted position papers/presentations". If it suppose to be academic the people with papers probably know this stuff already. Shouldn't it be for everyone? This way no one learns.

    1. Re:Whats the point? by Anonymous Coward · · Score: 0

      Even in acadeamia, information isn't going to be free. So much for the concept of 'higher education'.

      I'd rant on, but I have a curve to jump ahead of.

    2. Re:Whats the point? by blhack · · Score: 4, Insightful

      Contrary to what my receptionist believes "Computers" is not one skill. While one person might be especially good at manipulating Wi-Fi networks, another person might be talented at writing kernel-mode rootkits for unix. Still another person might be exceptionally experienced with IBM as400 mainframes and have written papers on the topic. It is by invitation only so that they don't get 2000 fresh out of puberty "hackers" who have never written an application in their life constantly asking them how to hack into pr0n sites and hotmail.

      it is exactly the same as if a bunch of physicists got together for an invitation only conference. Its for academics.

      --
      NewslilySocial News. No lolcats allowed.
    3. Re:Whats the point? by Pheersome · · Score: 1

      Calm down. It's sponsored by Usenix, so the accepted papers will be published online, freely accessible by everyone. Also, academic conferences exist to provide a forum for new research, that is, ideas and results that no one save the authors have seen before; therefore, the workshop attendees will in fact learn from their peers.

      --
      Better to light a candle than to curse the darkness.
    4. Re:Whats the point? by VENONA · · Score: 1

      Maybe security by obscurity is still considered valid by USENIX conference organizers? :)

      Yes, that is a joke. It's probably due to space limitations, or they don't want it to take on a Black Hat '07 ambiance or something.

      I'd be amazed if at least the best couple of papers didn't appear on the portion of usenix.org available to non-members.
      http://www.usenix.org/publications/library/proceed ings/best_papers.html

      BTW, the editor has made a *gasp* mistake. USENIX is a professional organization for anyone that uses a Unixy OS, not just academics. It's companion organization, SAGE, is for SysAdmins. That was almost spun off a couple of years, ago, but in the end it didn't work.

      Dues are reasonable. $165/yr. for both, and there are student discounts. I know a couple of people who've been able to expense their dues.
      https://db.usenix.org/cgi-bin/memb/memb.cgi?action =new

      I would recommend either or both, depending upon what your doing at the moment. Look the Web site over, and form your own conclusion, of course.

      --
      What you do with a computer does not constitute the whole of computing.
    5. Re:Whats the point? by Random+Walk · · Score: 1
      it is exactly the same as if a bunch of physicists got together for an invitation only conference. Its for academics.

      Except that academic conferences usually are not invitation only. The general public is kept out by the admission fee (which for academic participants is usually covered by some grant).

    6. Re:Whats the point? by Hal_Porter · · Score: 1

      maybe the acdam^wacadamics want 2 keep out teh n00b lamerz coz they wunt 2 stay l33t.

      its like irc. all teh good chans like #fbi-internal make u hack in, kick teh lamerz. only then do the l33t hackorz delurk an teell u teh new scripts.

      hold on, therez a load of swat guyz at teh door.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  12. There's your problem. by mcmonkey · · Score: 3, Informative

    This doesn't seem to have anything to do with hackers at all.

    You want crackers. Two doors down.

    1. Re:There's your problem. by Paracelcus · · Score: 0, Troll

      Yup, "Academics" AKA "Pseudo Intellectuals" AKA "People who sit around and brag about their educations", don't know the difference between "Hackers", "Crackers" and Script Kiddy's".

      --
      I killed da wabbit -Elmer Fudd
  13. The name! by EvanED · · Score: 1

    I was making fun of the name, not trying to be interesting! Mod me funny dammit! ;-)

  14. Woot! by Anonymous Coward · · Score: 0

    One Day, One Workshop.

  15. Supposedly... by arkham6 · · Score: 1

    If you submit to WOOT and are rejected, they will state "Paper Was Not Designated Useful"

    1. Re:Supposedly... by Anonymous Coward · · Score: 0

      Grim, stony-faced golf clap.

    2. Re:Supposedly... by Anonymous Coward · · Score: 0

      But what if you post your paper in prominent places on their website describing it as "Stunning" and "Elegant" without authorization?

  16. My paper wuz rejected. by minotaurcomputing · · Score: 4, Funny

    My paper, "How to Pwn n00b Sys Admins" wuz turned down by teh pier reveiw commitee bcuz they sed i had bad grammer.
    teh suxors im l33t
    -m

  17. English is not a programming language - context! by Anonymous Coward · · Score: 1, Informative

    Eric S. Raymond and others like him (and you) like to pretend that there is one "right" word for people who engage technology creatively, "hackers", and another word for people who engage technology destructively, "crackers". This doesn't make you a bad person, but it's a flaming torch you shouldn't waste time carrying.

    "Crackers" is a minority usage even within the hacker community.

    Human language is context-sensitive. This notion that there is one particular word for one thing, and that it cannot be used for anything else isn't accurate or realistic. "Hackers" call themselves "hackers". The people you refer to as "crackers" also refer to themselves, predominately, as "hackers". Words can have more than one meaning, and instead of going language-lawyer every time someone uses the word "hacker" in a way you don't approve of, why don't you just accept the fact that the English language has words with multiple meanings?

    Context is king, and linguistic proscriptionism is a dead-end for anyone interested in how language is actually used.

  18. Some academics have always been crackers by giafly · · Score: 1

    Help DDOS the next generation. Become a lecturer.

    --
    Reduce, reuse, cycle
  19. Re:English is not a programming language - context by Loplin · · Score: 1

    Besides, I can see how "hackers" would have a problem with this inevitable conversation:
    [Prospective mate]/[Peer to be impress]: What do you do for a living?
    'Hacker': I'm a cracker.

  20. Other publications to follow suit by sam_handelman · · Score: 3, Funny

    That's not the only party of IRC seeking academic legitimacy. Expect the following in the near future:

    - Proceedings of the National Association for the Advancement of Kiddie Porn

    - Transactions in Piracy

    - Nigerian Finance Quarterly

    - Kawaii! Anime of journal from translate poorly, for sure yes or else!

    - Trends in Russian Credit Card Management

    - Journal of Interactive Marketing
      Oh, wait, this already exists.

    --
    The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
  21. Sorry but Woot is taken by dwillden · · Score: 1

    The name Woot is already taken by http://www.woot.com/

    --
    I'm too lazy to compose a creative sig.
    1. Re:Sorry but Woot is taken by mr_mischief · · Score: 1

      Yeah, I was getting all excited about a magic box that gaps divides between over-schooled, under-experienced weenies and under-aged, over-caffeinated workers in the trenches being on sale real cheap from midnight until sell-out!

      Then I found out they just $t013 t3h nam3! ;-)

  22. Author is also a WOOT Program Chairs by Evil+W1zard · · Score: 3, Funny

    Anyone else catch that the person posting the article is also one of the Program Chairs for the event. Guess if you want free advertising /. is the way to go! Can't wait to see when Ron J. posts the article for P0rncon here!

    --
    News Reporters Make Tasty Polar Bear Treats!
  23. And may it ever be. by Jason+Scott · · Score: 1

    There has long been a disconnect between academic computer security and underground forums like Black Hat and Phrack.

    And you know what?

    Thank fucking God.

    Thank fucking God.

    Although I do think it's stretching it to call Black Hat "Underground".

    - Jason Scott
        Textfiles.com

  24. Re:English is not a programming language - context by mcmonkey · · Score: 1

    Human language is context-sensitive.

    I agree 99 and 44/100%. My post was not meant to be flamish or trollish or, FSM-forbid, ESRish.

    My post was meant to express, when I read the headline, I thought the article was about the academic, theoretical implementations of information technology and systems vs. the every day practical and actual uses of said technology and systems.

    Of course, once I read the summary I knew otherwise. In the context of a headline on /. (as opposed to a headline on cnn.com or my local daily paper), use of the word 'hackers' was misleading. Nothing to do with what I accept or approve.

    In the context of the mass media, I know 'hackers' means 'people who break stuff, usually whilst wearing black hats.' However, in other contexts, I expect a more sophisticated audience who can appreciate the distinction between 'people who break stuff' and 'people who are not content to "use as directed."'

  25. The success is in the mix by Opportunist · · Score: 1

    Hire hackers and you have a veritable unmanageable subverted subculture working in your IT department that can well work against you instad of for (depending on how "ethic" your company is in the eyes of your hackers).

    Hire academics and you'll have pseudosecurity 'cause they got all the theory down but no experience and they do actually care for patents and laws.

    Mix them together and you get a truely useful combination. I see it every day at work. We have a very tight coop with the IT department of the local university, with lots of good people (of both breeds) amalgamating in our company. We, the "old school, hands-on" guys, can learn a lot from the methodic approach those "learned" people can give us. They in turn get a (well, sometimes not too nice) cut why their nice theory fails in practice. PoC included. :)

    Generally, it's a good combo. And the success proves us right.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  26. Re:English is not a programming language - context by Anonymous Coward · · Score: 0

    That's funny. Isn't this the same Slashdot where we get criticized all the time for babbling in techno-jargon that Joe Sixpack wouldn't understand?

    So let's not confuse Joe by mixing up "hacker" and "cracker". While we're at it, how about we leave the implication that open source developers are the ones breaking into your computer off of the summaries?

  27. Connection reset... by Mipsalawishus · · Score: 1

    "There has long been a disconnect between academic computer security and underground forums..."

    So in other words...connection reset by peer review?

  28. Hi by mandelbr0t · · Score: 1

    Dear Mr. Academic,

    Why is it that you have more years of education than me, yet can't get anything accomplished without calling my help desk at least twice? No, I will not teach you how to use your computer no matter how incompetent you pretend to be. The only thing worse than stupid people is smart people who pretend to be stupid. Didn't you learn anything for yourself in school, or did you just 'delegate' all your homework to the more naive but technically superior classmates you had? You can't live without me, but I can certainly live without you. Get your fucking nose out of the air and start working with me instead of pushing me around.

    Sincerely,
    Mr. Hacker

    --
    "Please describe the scientific nature of the 'whammy'" - Agent Scully
    1. Re:Hi by Anonymous Coward · · Score: 0

      Because Mr. Academic knows different stuff than you and does different work? Why should he have to learn sysaddmin, when that is not what he does?

  29. university by f1055man · · Score: 1

    When I was in school, the CS profs played basketball and soccer tournaments with the undergrads. I guess it's good that the faculty is spending some time with the grad students playing their favorite extracurricular activies.

    Seriously, it always seemed to me that the grad students did the hacking and it was their advisors' role to run interference.

  30. It didn't say... by Seahawker101 · · Score: 1

    When I first read the article I thought it said UNISEX, not USENIX. Guess I found out where my mind has been for the past few days.

    --
    Nothing inspires forgiveness quite like revenge.---Scott Adams
  31. Re:English is not a programming language - context by somersault · · Score: 1

    I don't think I've been criticized for that before. WTF is 'Joe Sixpack' doing here anyway? Trying to find out how to empty his recycle bin?

    --
    which is totally what she said