Comment Re: All that work... (Score 1) 61
Given that HexRays doesn't support MIPS you're definitely not getting better decompilation for this particular problem with it.
Comment resources (Score 5, Informative) 102
(for some reason the first time I loaded this page there were no comments, so some of this is duplicate)
Excellent! Very glad to hear it. There are a
* CTFTime : http://ctftime.org/ : Website that tracks team scores, upcoming events, and writeups for previous events.
* CapTF : http://captf.com/ : My CTF dump-site that includes a calendar, links to "practice" sites (aka Wargames), and many years worth of CTF events archived
* Field Guide : http://trailofbits.github.io/c... : Specifically covering the skills / approaches, the field guide is a good read for anyone getting into this world.
* Guide for Running a CTF : https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fgithub.com%2Fpwning%2Fdocs... : Written by PPP (CMU's ever-dominant CTF team) along with feedback from the broader CTF community, this guide is more relevant when making a CTF, but can aid in understanding how the good CTFs are designed.
* PicoCTF : https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fpicoctf.com%2F : PicoCTF is designed for high school students, but had an awesome difficulty curve, getting up to some relatively advanced challenges by the end of it. It's also extremely well designed, runs for a longer period of time and is a
* CSAW : https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fctf.isis.poly.edu%2F : One of the best events targeted specifically at College students, unfortunately the qualifier round just finished, and the participants already selected for the final round, but you can always check out the archives of previous challenges to get a feel for the difficulty. Note that the qualifier event is typically intended to be much easier than the in-person finals to better encourage new students to get into the sport.
* IRC : irc.freenode.net#pwning : There's a lively and active community in #pwning on freenode that would be happy to help you with questions/advice related to CTFs.
* YouTube : There's a couple of different presentations/talks on CTFs over the years. If your'e interested in learning more about attack-defense CTFs and in-particular DEF CON CTF, I gave an old talk that's mostly still relevant (https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DokPWY0FeUoU), though I'd recommend you not focus on A/D at first, but just get into the regular challenge based or jeopardy boards as they're sometimes called.
The best way to prepare for CTF is by... playing CTFs. There's no real magic formula, just go out there and start working on challenges. Old CTFs are great as learning exercises since you can usually cheat and read a writeup, but avoid the temptation as much as possible. If stuck, go off and try another problem first, and only if you're
Comment Re:"What were you thinking?" (Score 5, Informative) 628
This might have been true in the past but it isn't true of the current CS department. Since UF was designated a "Research 1" university, the CISE department has made huge strides to increase its research competitiveness. They have won 12 NSF CAREER awards for young faculty, received 11 best paper awards at major conferences in the last 5 years, and have quintupled their external research grant funding.
Submission + - University of Florida Eliminates Computer Science Department (forbes.com) 2
DustyShadow writes: The University of Florida announced this past week that it was dropping its computer science department, which will allow it to save about $1.7 million. The school is eliminating all funding for teaching assistants in computer science, cutting the graduate and research programs entirely, and moving the tattered remnants into other departments. Students at UF have already organized protests, and have created a website dedicated to saving the CS department. Several distinguished computer scientists have written to the president of UF to express their concerns, in very blunt terms. Prof. Zvi Galil, Dean of Computing at Georgia Tech, is “amazed, shocked, and angered.” Prof. S.N. Maheshwari, former Dean of Engineering at IIT Delhi, calls this move “outrageously wrong.” Computer scientist Carl de Boor, a member of the National Academy of Sciences and winner of the 2003 National Medal of Science, asked the UF president “What were you thinking?”
Facebook's New Terms of Service 426
An anonymous reader writes "Chris Walters writes about Facebook's new terms of service. 'Facebook's terms of service (TOS) used to say that when you closed an account on their network, any rights they claimed to the original content you uploaded would expire. Not anymore.
Now, anything you upload to Facebook can be used by Facebook in any way they deem fit, forever, no matter what you do later. Want to close your account? Good for you, but Facebook still has the right to do whatever it wants with your old content. They can even sublicense it if they want.'" Oh no! Now they'll be able to license your super flair goblin poke 25 tag history!
Confessed Botnet Master Is a Security Professional 278
An anonymous reader writes "John Schiefer, the Los Angeles security consultant who in last 2007 admitted wielding a 250,000-node botnet to steal bank passwords, sometimes from work, says he's spent the past 15 months working as a professional in the security scene while awaiting sentencing. Prosecutors are pushing for a five-year sentence, noting the exceptional threat he represented to society."
Wikipedia's New Definition of Truth 428
Hugh Pickens writes "Simson Garfinkel has an interesting essay on MIT Technology Review in which he examines the way that Wikipedia has redefined the commonly accepted use of the word 'truth.' While many academic experts have argued that Wikipedia's articles can't be trusted because they are written and edited by volunteers who have never been vetted, studies have found that the articles are remarkably accurate. 'But wikitruth isn't based on principles such as consistency or observability. It's not even based on common sense or firsthand experience,' says Garfinkel. What makes a fact or statement fit for inclusion is verifiability — that it appeared in some other publication, but there is a problem with appealing to the authority of other people's written words: many publications don't do any fact checking at all, and many of those that do simply call up the subject of the article and ask if the writer got the facts wrong or right. Wikipedia's policy of 'No Original Research' also leads to situations like Jaron Lanier's frustrated attempts to correct his own Wikipedia entry based on firsthand knowledge of his own career. So what is Wikipedia's truth? 'Since Wikipedia is the most widely read online reference on the planet, it's the standard of truth that most people are implicitly using when they type a search term into Google or Yahoo. On Wikipedia, truth is received truth: the consensus view of a subject.'"
Comment http (Score 1) 1044
Just put the pictures on the web somewhere and put a URL in the box. I'm sure we'll still have the Internet in 25 years.
Comment notebook? papers? (Score 4, Interesting) 505
Well, can the police read, say, my notebook, kept in my backpack in the car? Can they look at my wallet full of business cards and contacts? What if these papers and information are protected by attorney or medical privilege? What if these are my (HIPAA-protected) health records? These seem to be the closest analogues to what's on my iPhone, apart from the actual phone itself.
Submission + - ISPs to filter traffic for copyrighted media? (nytimes.com)
Dr. Zarkov writes: "At a CES forum, representatives of AT&T and other ISPs discussed the need to filter traffic at the network level, to stop the transfer of copyrighted material."
Feed Science Daily: Cancer-causing Benzene Is Still Elevated In Certain Drinks (sciencedaily.com)
Only nine percent of 199 beverage samples had benzene levels above the U. S. Environmental Protection Agency limit of 5 parts per billion (ppb) for benzene in drinking water, according to a new study. The study found that product formulation, shelf-life, and storage conditions were important factors affecting benzene formation.
Comment Re:It seems to me... (Score 1) 183
This is an important point. I'm no really sure what the GP means. In fact, long ago when I actually understood a very tiny bit about how these things worked I asked a similar question on sci.crypt and got the following responses:
http://groups.google.com/group/sci.crypt/browse_thread/thread/d096e5e93192f176/6e0e62f174f8a9e3
http://groups.google.com/group/sci.crypt/browse_thread/thread/d096e5e93192f176/6e0e62f174f8a9e3
Submission + - Wii + Warp Pipe = Del.icio.us Tabbed Browsing
An anonymous reader writes: The folks at Warp Pipe have developed a simple yet useful tabbed browsing interface for the Wii with del.icio.us bookmark integration which makes browsing on the Wii more efficient until the fully realized Opera build hits later next year. The web application does not require registration, this video overviews the interface and feature set in this early release.
Submission + - What Questions Should We Ask RIAA "Expert"
NewYorkCountryLawyer writes: "In UMG v. Lindor, the RIAA has submitted an "expert" report (pdf) and 26-page curriculum vitae (pdf), prepared by Dr. Doug Jacobson of Iowa State University who is the RIAA's expert witness in all of its cases against consumers, relating to alleged copyright infringement by means of a shared files folder on Kazaa, and (b) supposed analysis of the hard drive of a computer in Ms. Lindor's apartment. The RIAA's "experts" have been shut down in the Netherlands and Canada, having been shown by Prof. Sips and Dr. Pouwelse of Delft University's Parallel and Distributed Systems research group (pdf) to have failed to do their homework, but are still operating in the USA. The materials were submitted in connection with a motion to compel Ms. Lindor's son, who lives 4 miles away from her, to turn over his computer and music listening devices to the RIAA. Both Ms. Lindor's attorney (pdf) and Ms. Lindor's son's attorney (pdf) have objected to the introduction of these materials, but Dr. Jacobson's document production and deposition are scheduled for January and February, and we would love to get the tech community's ideas for questions to ask, and in general your reactions, thoughts, opinions, information, and any other input you can share with us. (In case you haven't guessed, we are the attorneys for Ms. Lindor.)"
Journal Journal: Why your early adulthood music likely stays with you.
Slashdot Top Deals
Statistics are no substitute for judgement. -- Henry Clay
