Boring. Boring.
 Piotr Bania (Piotr) <bania piotr gmailcom> |
Wednesday, March 7 2007 12:38.30 CST |
Have you ever considered finding bugs boring?
Comments
 cpanic |
Posted: Wednesday, March 7 2007 13:34.35 CST |
|
Hm, it kinda depends on many factors. Sometimes it can be quite boring, but it's pretty good when you find some complex thing and start to examine it in detail. But yes, most of time it can be boring, though, if you do it as work, not every aspect of work can be hyper-enjoyable. Imho good way to prevent that feeling, that it's boring, is trying to look for new ways of searching bugs all the time. Simply you won't have time to think about if it's boring or not. :> |
|
 dennis |
Posted: Wednesday, March 7 2007 15:28.21 CST |
|
it depends on what your intentions are. as an employee, never try auditing your own company's products for example (if not explicitly told so). or is it just *my* company not treating this as an improvement in security? ;-) |
|
 sapheal |
Posted: Wednesday, March 7 2007 18:26.07 CST |
|
I have always thought that security is only a creation and wouldn't be necessary if it hadn't been for us. We could build up robots that help blind people to see, we could find new medicines; instead of those, we seek for the vulnerabilities to make it more secure as we expect the attacks. That's pretty sad. On the other hand, if you don't crave for the infinity, security gives you a great oppurtunity to develop your brain as it involves much research. I suggest that you ask questions - as much as it is possible. PS. It would be nice if we didn't care about the security - such idealistic point of view lies in me; in this world revealing all the password and leaving house open might lead to our destruction in a way. |
|
|
dennis |
Posted: Thursday, March 8 2007 01:27.28 CST |
|
sapheal, nice perspective. i can share your toughts. but wasting time on thinking about destroying ourselves isn't that much better anyway ;-D |
|
|
sapheal |
Posted: Thursday, March 8 2007 03:23.47 CST |
|
dennis, I think it _actually is_ better but very hard to perform. So many people crave for money; now, many people crave for knowledge. I have always loved to learn new things; but, as I said, security is just a creation. Socrates called this 'sofism 'as we don't achieve higher level of understanding but enough high to become important in the information-world nowadays. This is sad. This is words - I could talk years about it. But it is not all about me, it is all about people who try to forget about it but not asking questions themselves. |
|
 Orr |
Posted: Thursday, March 8 2007 03:50.49 CST |
|
I admire your courage in admitting this, piotr :) For me, finding bugs was always like keygenning - it is fun for the first few times, but then it becomes a tiring, somewhat formulatic routine, for me. I cannot say that it is always boring as sometimes you get to find an interesting challenge. Also, I cannot forget the thrill of actually finding exploiting my first real bug, kinda like when I found the first serial on a commercial software and not a crackme. Nevertheless, I think that experience in finding bugs is _very_ helpful, but mostly for hackers trying to break into systems :) |
|
|
Piotr |
Posted: Thursday, March 8 2007 06:17.01 CST |
|
Guys :) Mostly i agree with Orr and cpanic. Someday suddenly you realize searching bugs is really boring action and it cannot extend your knowledge in anyway. Personally i dont like staying in the same "place" for a long period of time. Of course this ability (exploiting etc.) is really helpful but maybe it is time to look for a new objectives :) > dennis Auditing my company software is one of that things i will surely never do :) Specially if you wrote the orginal code your brain will make some false assumptions by itself :) >Sapheal I guess you think too much about things you are not able to realize in anyway. You said many people crave for money, aren't you one of those persons Michael? Money is money, thats a need, specially when you are not able to EAT your exploits and you dont have rich parents. Generally, no offense but u speak like a damn politic guy (and God knows i hate politics :)), blurping with the same seudo-psycholgical stuff with no effect. Finally speaking about philosophy, my only Socrates is my old TASM5.0 compiler. Tak, w karietie prosz�owo nikuda nie ujediesz. |
|
|
sapheal |
Posted: Thursday, March 8 2007 07:56.05 CST |
|
Piotr, I always tell people to ask questions. I don't like politics too, I am not that kind of guy. I just don't want to get used to so-called normality. I agree that money is a need, we need food to survive. But, still, there is something more to experience in this life. Yes, I am one who earned and earns much on penetration testing; but, I am working on myself to achieve the higher level of understandning. I understand your point, Piotr. You know what's about me? I am just saying that I see something bright in the horizon and it is my destination.. but, still, I do much wrong as leaving everything behind would become the beginning of my disappereance for this world. |
|
|
dennis |
Posted: Thursday, March 8 2007 08:07.52 CST |
|
piotr, one good question you should ask yourself: what kind of job isn't boring anyway? as soon as you do repetitive tasks in your everday's work, it becomes boring. on the other hand, be happy to have a job ;-) it might be your point of view :) |
|
|
Orr |
Posted: Thursday, March 8 2007 08:28.40 CST |
|
For me, the next level of 'hacking' was always about Automation. For example, you manually unpacked a PE-protected file? Way to go! What's next? Write a generic unpacker. Although there are many cases in which automation is not possible and is on the edge of AI, but I think that it is of a higher level of research and development. I believe that many efforts are directed towards this, and you can see it for yourself - today everybody and his dog is writing a disassembler. I think that the future will show us many automatic tools that will help us swim in binary code as if it was water. So, hmm, what about an auto-stack-overflow-scanner project, for starters? |
|
|
Piotr |
Posted: Thursday, March 8 2007 08:55.41 CST |
|
>dennis Indeed good question :) I think there is no such job unless you work for yourself and do whatever you want to :) Anyway i always wanted to be a game programmer but i'm not enough good currently to try it in buissnes matter. However once i saw Blizard guys on Discovery, really cool atmosphere in the office, honestly it looked ubber cool. > Orr In the end, i hope i will leave something interesting behind me - non omnis moriar :) |
|
|
Orr |
Posted: Thursday, March 8 2007 09:04.12 CST |
| Piotr, you just promise and promise...:) 4514N ETA? | |
|
Piotr |
Posted: Thursday, March 8 2007 09:22.52 CST |
|
> Orr Haha Aslan is my cutest baby so far although it is still not finished thanks to my university :/ Anyway the bad news is that already some companies declared they want to have it as their own product, so i dont know if it will be free at all. But just let me know and i should give you a BETA when it will be out :) |
|
 MohammadHosein |
Posted: Thursday, March 8 2007 20:18.03 CST |
|
i would like to have a look at this so-called beta :) btw , really dont have any idea what kind of company may want such a thing as a commercial product ;) |
|
|
Piotr |
Posted: Thursday, March 8 2007 23:36.59 CST |
|
>MH I'm also bit suprised :) Anyway this is to early say for sure, but it seems i'm going to open my own company :) |
|