Getting your mojo back

["Dave Aitel" <dave.aitel () gmail com>]

So one thing I've noticed with hackers is they tend to occasionally lose
their mojo. This might be because of random other life events, or because
for whatever reason they've burnt out on a problem. Generally the only
solution is to take on a series of easy problems for a while until the brain
gets back in order.

One thing I find, if not easy, then satisfying is teaching these how-to-hack
classes. Over time, of course, you have to change your classes - Windows
2000 is a good learning tool, but there's going to be a time when the class
has to be taught entirely with ActiveX controls and OS X remotes. For now
though, it's Windows 2000. Gotta love it.

Anyways, more posts this month than last month. I'm starting to feel the
heart of darkness beat again. In the meantime I spent some time reading the
IATAC newletters, to warm up, and you notice things like the paper by Wei
Li, Lap-chung Lam, and Tzi-cker Chiueh  about Win32 sandboxing [1] draws
graphs by looking at the call stack. The call stack, of course, is data
which is in user-space, under hacker control. Likewise you don't see a whole
lot about threading in the paper - threading being the problem all system
call graph algorithms blow up on. They claim that the false negative rate
for their system is "miniscule". This is probably true for any system no one
has ever attacked, but given a couple days and a hacker with some mojo, I'm
sure that can be changed. :>

-dave

[1] http://iac.dtic.mil/iatac/IA_newsletter.jsp

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave