PoC||GTFO 0x08

International Journal of Proof-of-Concept or Get The Fuck Out (PoC||GTFO or PoC or GTFO) posted issue 0x08 this month

What an interesting piece of work. I found 0x08 brought me a little bit of joyful glee when I read this technical note: 

This issue is a polyglot that can be meaningfully interpreted as a ZIP, a PDF and a Shell script featuring the weird cryptosystem described in 8:12. We are the technical debt collectors!

... and it actually worked. 

Other fantastic pieces in this issue:

  • An article written by Scott Bauer, Pascal Cuoq, and John Regehr wherein they show how a backdoor can be constructed (proof of concept provided for sudo) out of a known mis-compilation.
  • A rant on the nature of academia which I am incredibly sympathetic to:

    The scientific community has a structural problem. In computer science, we do not require researchers to build real systems that can be scrutinized. We do not have a mechanism for thorough review, so we generally do not bother publishing work that breaks another paper. Our field just doesn’t consider a broken paper to be particularly notable.

    Academics in computer science are too often doomed to talk nonsense unless we fix these issues. Further, researchers in our field are continuing to verge towards irrelevance if they simply follow the system of incentives that makes it a better career move to drop a paper and file a patent than do the work of building real systems and determining real truths about our machines.

Given how much I've enjoyed the percentage of this issue of PoC||GTFO, it looks like I really ought to dig into the back-catalogue.

Somehow, I've become very interested in computer security writing. Though I'm not sure what working in computer security would be like, I have to say, I enjoy reading about it quite a bit. I've noticed that my Twitter feed is at least a quarter people from info-sec.