📚
OpenRCE
is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.
About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
Piotr
's Blog
Created: Wednesday, March 7 2007 12:38.30 CST
Printer Friendly ...
Boring. Boring.
Author:
Piotr
# Views:
3390
Have you ever considered finding bugs boring?
Blog Comments
cpanic
Posted: Wednesday, March 7 2007 13:34.35 CST
Hm, it kinda depends on many factors. Sometimes it can be quite boring, but it's pretty good when you find some complex thing and start to examine it in detail.
But yes, most of time it can be boring, though, if you do it as work, not every aspect of work can be hyper-enjoyable.
Imho good way to prevent that feeling, that it's boring, is trying to look for new ways of searching bugs all the time. Simply you won't have time to think about if it's boring or not. :>
dennis
Posted: Wednesday, March 7 2007 15:28.21 CST
it depends on what your intentions are.
as an employee, never try auditing your own company's products for example (if not explicitly told so).
or is it just *my* company not treating this as an improvement in security? ;-)
sapheal
Posted: Wednesday, March 7 2007 18:26.07 CST
I have always thought that security is only a creation and wouldn't be necessary if it hadn't been for us. We could build up robots that help blind people to see, we could find new medicines; instead of those, we seek for the vulnerabilities to make it more secure as we expect the attacks. That's pretty sad. On the other hand, if you don't crave for the infinity, security gives you a great oppurtunity to develop your brain as it involves much research. I suggest that you ask questions - as much as it is possible.
PS. It would be nice if we didn't care about the security - such idealistic point of view lies in me; in this world revealing all the password and leaving house open might lead to our destruction in a way.
dennis
Posted: Thursday, March 8 2007 01:27.28 CST
sapheal, nice perspective. i can share your toughts.
but wasting time on thinking about destroying ourselves isn't that much better anyway ;-D
sapheal
Posted: Thursday, March 8 2007 03:23.47 CST
dennis,
I think it _actually is_ better but very hard to perform. So many people crave for money; now, many people crave for knowledge. I have always loved to learn new things; but, as I said, security is just a creation. Socrates called this 'sofism 'as we don't achieve higher level of understanding but enough high to become important in the information-world nowadays. This is sad. This is words - I could talk years about it. But it is not all about me, it is all about people who try to forget about it but not asking questions themselves.
Orr
Posted: Thursday, March 8 2007 03:50.49 CST
I admire your courage in admitting this, piotr :)
For me, finding bugs was always like keygenning - it is fun for the first few times, but then it becomes a tiring, somewhat formulatic routine, for me. I cannot say that it is always boring as sometimes you get to find an interesting challenge.
Also, I cannot forget the thrill of actually finding exploiting my first real bug, kinda like when I found the first serial on a commercial software and not a crackme.
Nevertheless, I think that experience in finding bugs is _very_ helpful, but mostly for hackers trying to break into systems :)
Piotr
Posted: Thursday, March 8 2007 06:17.01 CST
Guys :)
Mostly i agree with Orr and cpanic. Someday suddenly you realize searching bugs is really boring action and it cannot extend your knowledge in anyway. Personally i dont like staying in the same "place" for a long period of time.
Of course this ability (exploiting etc.) is really helpful but maybe it is time to look for a new objectives :)
> dennis
Auditing my company software is one of that things i will surely never do :) Specially if you wrote the orginal code your brain will make some false assumptions by itself :)
>Sapheal
I guess you think too much about things you are not able to realize in anyway. You said many people crave for money, aren't you one of those persons Michael? Money is money, thats a need, specially when you are not able to EAT your exploits and you dont have rich parents. Generally, no offense but u speak like a damn politic guy (and God knows i hate politics :)), blurping with the same seudo-psycholgical stuff with no effect. Finally speaking about philosophy, my only Socrates is my old TASM5.0 compiler. Tak, w karietie prosz�owo nikuda nie ujediesz.
sapheal
Posted: Thursday, March 8 2007 07:56.05 CST
Piotr,
I always tell people to ask questions. I don't like politics too, I am not that kind of guy. I just don't want to get used to so-called normality. I agree that money is a need, we need food to survive. But, still, there is something more to experience in this life. Yes, I am one who earned and earns much on penetration testing; but, I am working on myself to achieve the higher level of understandning. I understand your point, Piotr. You know what's about me? I am just saying that I see something bright in the horizon and it is my destination.. but, still, I do much wrong as leaving everything behind would become the beginning of my disappereance for this world.
dennis
Posted: Thursday, March 8 2007 08:07.52 CST
piotr, one good question you should ask yourself:
what kind of job isn't boring anyway? as soon as you
do repetitive tasks in your everday's work, it becomes
boring. on the other hand, be happy to have a job ;-)
it might be your point of view :)
Orr
Posted: Thursday, March 8 2007 08:28.40 CST
For me, the next level of 'hacking' was always about Automation.
For example, you manually unpacked a PE-protected file? Way to go! What's next? Write a generic unpacker.
Although there are many cases in which automation is not possible and is on the edge of AI, but I think that it is of a higher level of research and development. I believe that many efforts are directed towards this, and you can see it for yourself - today everybody and his dog is writing a disassembler. I think that the future will show us many automatic tools that will help us swim in binary code as if it was water.
So, hmm, what about an auto-stack-overflow-scanner project, for starters?
Piotr
Posted: Thursday, March 8 2007 08:55.41 CST
>dennis
Indeed good question :) I think there is no such job unless you work for yourself and do whatever you want to :) Anyway i always wanted to be a game programmer but i'm not enough good currently to try it in buissnes matter. However once i saw Blizard guys on Discovery, really cool atmosphere in the office, honestly it looked ubber cool.
> Orr
In the end, i hope i will leave something interesting behind me - non omnis moriar :)
Orr
Posted: Thursday, March 8 2007 09:04.12 CST
Piotr, you just promise and promise...:) 4514N ETA?
Piotr
Posted: Thursday, March 8 2007 09:22.52 CST
> Orr
Haha Aslan is my cutest baby so far although it is still not finished thanks to my university :/ Anyway the bad news is that already some companies declared they want to have it as their own product, so i dont know if it will be free at all.
But just let me know and i should give you a BETA when it will be out :)
MohammadHosein
Posted: Thursday, March 8 2007 20:18.03 CST
i would like to have a look at this so-called beta :)
btw , really dont have any idea what kind of company may want such a thing as a commercial product ;)
Piotr
Posted: Thursday, March 8 2007 23:36.59 CST
>MH
I'm also bit suprised :) Anyway this is to early say for sure, but it seems i'm going to open my own company :)
Add New Comment
Comment:
There are
31,328
total registered users.
Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12
Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...
Recent Blog Comments
nieo
on:
Mar/22
IAT Patcher - new tool for ...
djnemo
on:
Nov/17
Kernel debugger vs user mod...
acel
on:
Nov/14
Kernel debugger vs user mod...
pedram
on:
Dec/21
frida.github.io: scriptable...
capadleman
on:
Jun/19
Using NtCreateThreadEx for ...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}