Bridging the Gap Between Hackers and Academics

Tal Garfinkel writes "There has long been a disconnect between academic computer security and underground forums like Black Hat and Phrack. A new USENIX-sponsored workshop called WOOT (Workshop On Offensive Technologies) is looking to bridge that gap by providing a high-quality, peer-reviewed forum for attack papers, with top reviewers from the academic, open source, commercial IT, and information warfare communities. Got a great attack paper? See if it makes the cut at WOOT."

WOOT?

[EvanED (569694)]

I'm sure the WOOT conference would have been happy to publish "How to 0wn the Internet in Your Spare Time [icir.org]," which, incidentally, has to be the best academic paper title ever.

Re:

[eviloverlordx (99809)]

Shouldn't that be 'How to Pwn the Internet in Your Spare Time'?

Re:WOOT?

[EvanED (569694)]

This was 2002, before the P took the place of zero.

But I agree, if it were to be published today, that would be the "proper" title.

Creating...

[Billosaur (927319)]

...the Hackademic. Ba-dum-bum. I'm here all week.

Re:

[ScrewMaster (602015)]

Ackadacker.

Re:

[Tackhead (54550)]

> Ackadacker.

"It's a HONEYPOT!" [elitemrp.net]

A gap?

[saintlupus (227599)]

There has long been a disconnect between academic computer security and underground forums like Black Hat and Phrack.

Just because "academics" don't introduce themselves as such to the script kiddies, doesn't mean that we're not around.

--saint

A lot about hacking, not so much about bandwidth

[192939495969798999 (58312)]

Apparently the disconnect may have to do with how bandwidth works, because that site is slashdotted all to hell now! Either that, or during that long delay, they were hacking into my PC. Anyone else get the jitters when they go to a website about hacking and it just sits there and grinds in the browser?

Information warfare communities...

[$RANDOMLUSER (804576)]

I bet they'd be interested in my design for a chair cannon.

academics ? oh come on now.

[unity100 (970058)]

do you think those black hatties, phrakkers etc need academics or "peer review" ? peers need to get themselves reviewed by the other.

Whats the point?

[splug (992725)]

If it is so cutting edge why the hell is the conference "by invitation only, with preference given to the authors of accepted position papers/presentations". If it suppose to be academic the people with papers probably know this stuff already. Shouldn't it be for everyone? This way no one learns.

Re:Whats the point?

[blhack (921171)]

Contrary to what my receptionist believes "Computers" is not one skill. While one person might be especially good at manipulating Wi-Fi networks, another person might be talented at writing kernel-mode rootkits for unix. Still another person might be exceptionally experienced with IBM as400 mainframes and have written papers on the topic. It is by invitation only so that they don't get 2000 fresh out of puberty "hackers" who have never written an application in their life constantly asking them how to hack into pr0n sites and hotmail.

it is exactly the same as if a bunch of physicists got together for an invitation only conference. Its for academics.

Re:

[VENONA (902751)]

Maybe security by obscurity is still considered valid by USENIX conference organizers? :)

Yes, that is a joke. It's probably due to space limitations, or they don't want it to take on a Black Hat '07 ambiance or something.

I'd be amazed if at least the best couple of papers didn't appear on the portion of usenix.org available to non-members.
http://www.usenix.org/publications/library/proceed ings/best_papers.html [usenix.org]

BTW, the editor has made a *gasp* mistake. USENIX is a professional organization for anyone that us

There's your problem.

[mcmonkey (96054)]

This doesn't seem to have anything to do with hackers at all.

You want crackers. Two doors down.

Some academics have always been crackers

[giafly (926567)]

Help DDOS the next generation. Become a lecturer.

Re:

[mcmonkey (96054)]

Human language is context-sensitive.

I agree 99 and 44/100%. My post was not meant to be flamish or trollish or, FSM-forbid, ESRish.

My post was meant to express, when I read the headline, I thought the article was about the academic, theoretical implementations of information technology and systems vs. the every day practical and actual uses of said technology and systems.

Of course, once I read the summary I knew otherwise. In the context of a headline on /. (as opposed to a headline on cnn.com or m

Supposedly...

[arkham6 (24514)]

If you submit to WOOT and are rejected, they will state "Paper Was Not Designated Useful"

My paper wuz rejected.

[minotaurcomputing (775084)]

My paper, "How to Pwn n00b Sys Admins" wuz turned down by teh pier reveiw commitee bcuz they sed i had bad grammer.
teh suxors im l33t
-m

Other publications to follow suit

[sam_handelman (519767)]

That's not the only party of IRC seeking academic legitimacy. Expect the following in the near future:

- Proceedings of the National Association for the Advancement of Kiddie Porn

- Transactions in Piracy

- Nigerian Finance Quarterly

- Kawaii! Anime of journal from translate poorly, for sure yes or else!

- Trends in Russian Credit Card Management

- Journal of Interactive Marketing
  Oh, wait, this already exists.

Sorry but Woot is taken

[dwillden (521345)]

The name Woot is already taken by http://www.woot.com/ [woot.com]

Author is also a WOOT Program Chairs

[Evil W1zard (832703)]

Anyone else catch that the person posting the article is also one of the Program Chairs for the event. Guess if you want free advertising /. is the way to go! Can't wait to see when Ron J. posts the article for P0rncon here!

And may it ever be.

[Jason Scott (18815)]

There has long been a disconnect between academic computer security and underground forums like Black Hat and Phrack.

And you know what?

Thank fucking God.

Thank fucking God.

Although I do think it's stretching it to call Black Hat "Underground".

- Jason Scott
    Textfiles.com

The success is in the mix

[Opportunist (166417)]

Hire hackers and you have a veritable unmanageable subverted subculture working in your IT department that can well work against you instad of for (depending on how "ethic" your company is in the eyes of your hackers).

Hire academics and you'll have pseudosecurity 'cause they got all the theory down but no experience and they do actually care for patents and laws.

Mix them together and you get a truely useful combination. I see it every day at work. We have a very tight coop with the IT department of the loca

Hi

[mandelbr0t (1015855)]

Dear Mr. Academic,

Why is it that you have more years of education than me, yet can't get anything accomplished without calling my help desk at least twice? No, I will not teach you how to use your computer no matter how incompetent you pretend to be. The only thing worse than stupid people is smart people who pretend to be stupid. Didn't you learn anything for yourself in school, or did you just 'delegate' all your homework to the more naive but technically superior classmates you had? You can't live withou

university

[f1055man (951955)]

When I was in school, the CS profs played basketball and soccer tournaments with the undergrads. I guess it's good that the faculty is spending some time with the grad students playing their favorite extracurricular activies.

Seriously, it always seemed to me that the grad students did the hacking and it was their advisors' role to run interference.