http://www.slate.com/id/2116244/ is an interesting article on the
failure of "peer review". The AEG paper is a classic example of this.
The scientists have a response here:
http://security.ece.cmu.edu/aeg/response.html . "Most of his post
centers around our paper introduction; there appears to be no
legitimate complaint about the research itself."
If they want, they can feel free to defend the paper here on the list,
and we can talk about the "research itself". I know all interested
parties are, in fact, on this list. Sponsors, researchers, giggly
hackers, etc.
We can start with the section on this bit of code (slightly modified
from the paper - we use this example in our classes):
int function(char * arg) {
char *p;
char var[1000];
p = var; /*p=malloc(50);*/
strcpy(var,arg);
return strlen(p);
}
In their paper they claim (as I understand it) that the methodology
for writing their exploit is to make sure they restore p to its
original value. There's a lot of basic issues with this, but the most
obvious one is there when you replace p=var with the malloc line in
the comment.
Other massive gaping holes:
1. The shellcode creation is just a list of 20 different shellcodes?
2. The encoder/decoder problem isn't addressed at all. How do you
model unicode shellcode, for example? Trying to reason about an
arbitrary shellcode encoding algorithm f(x) is completely ignored.
-dave
On Tue, Dec 14, 2010 at 8:41 PM, Christey, Steven M. <[email protected]> wrote:
> I would love to see a resource for real-world problems that the academic
>
> community could consider... or even a resource for other up-and-coming
>
> researchers to examine at for ideas. Such a site might not be relevant
>
> enough for PhD thesis work (which thrives on originality as I understand
> it?)
>
> but who knows, maybe some master’s level projects or capstones.
>
>
>
> There could even be a voting-style mechanism for other researchers to
>
> comment or offer their support.
>
>
>
> But, such an idea site would take an individual or group with the drive,
> willingness, and
>
> ability to actually do it, then for them to actually do it, and for the
>
> security industry to adopt/encourage it...
>
>
>
> nah, that would never happen.
>
>
>
> - Steve
>
>
>
> _______________________________________________
> Dailydave mailing list
> [email protected]
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
_______________________________________________
Dailydave mailing list
[email protected]
https://lists.immunityinc.com/mailman/listinfo/dailydave
