It's a fun class; worth keeping in mind that several topics with 1-2 units here are whole specializations in the field, including:
* memory safety and exploitation (the "buffer overflow" section is about 20 years out of date, though super appropriate for a first course)
* the WebPKI/certificates thing
* messaging security and messaging cryptosystems,
* microarchitectural security and hardware side channels.
Multiple full courses on each of these subjects would bring you up to "practitioner" levels of expertise.
Considering an undergraduate course is about 3-4 months in duration, there's only so much it can cover in any depth. Even the most rigorous are still pretty shallow compared to what someone with years of work in the field would know.
Of course! It's a survey course. But you could probably get somewhere significant in a rigorous 3-month course on memory corruption.
RPISEC's Modern Binary Exploitation is somewhat famous for doing exactly that!
More people interested in security should know about RPI. :)
Seeing this makes me miss the salad days of MOOCs. I learned programming in the 2010s through MIT’s EDX Introduction to Programming course, and then a course on Coursera by Martin Odersky on Functional Programming through EPFL, and I feel like that ladder has been kicked away due to MOOC monetization policies. I wonder if we could return to these days.
I took the EPFL course as well, although did not finish it. As someone who only had experience working with imperative programming and OOP stuff, it blew my mind -- I never knew you could write code like this. The course was great but a bit too fast for me at the time (part of the reason I did not complete it).
Dont many of them end up as Youtube playlists anyways?
Yeah, there were 2 golden ages:
1- When this internet thing came out
2- When this covid thing came out
On the first era, here's a Java lecture from Stanford, if it's too basic for you, it still has historical value, iirc it's something like Java 6. And it also reinforces the basics.
It's a bit harder to follow along with online materials since you have to use the Internet Archive, and download older compilers or use options to target older versions, but it's all the more fun for it.
What they don't tell you. Everyone in the company will hate you, no one will fix the bugs you find, HR will want to sack you for fun, and the execs are all psycho's. Find a better career, like watching paint dry, or become a monk. Its fun, but not worth it. People are twats.
Sucks being a cost center. I've come to realize that a lot of what makes security fun for me still boils down to engineering problems that isn't only found in security teams.
Cost center... now there's a frame. It's nothing but ignorant or malicious bean counter talk.
Or just go to the dark side if you are good enough /s
I kinda think the dark side is now pretty competitive, though.
I like that the MIT CSAIL CSS website (https://css.csail.mit.edu/) has a link to a Russian online gambling site due to what I’m assuming is a typo (click on the Foundations of Cryptography class)
Likely it was an expired domain. I have seen this trend happen quite a bit with semi-popular domains, e.g., International Olympiad in Informatics 2019 official website, ioi2019.az
It's a fun class; worth keeping in mind that several topics with 1-2 units here are whole specializations in the field, including:
* memory safety and exploitation (the "buffer overflow" section is about 20 years out of date, though super appropriate for a first course)
* the WebPKI/certificates thing
* messaging security and messaging cryptosystems,
* microarchitectural security and hardware side channels.
Multiple full courses on each of these subjects would bring you up to "practitioner" levels of expertise.
Considering an undergraduate course is about 3-4 months in duration, there's only so much it can cover in any depth. Even the most rigorous are still pretty shallow compared to what someone with years of work in the field would know.
Of course! It's a survey course. But you could probably get somewhere significant in a rigorous 3-month course on memory corruption.
RPISEC's Modern Binary Exploitation is somewhat famous for doing exactly that!
More people interested in security should know about RPI. :)
Seeing this makes me miss the salad days of MOOCs. I learned programming in the 2010s through MIT’s EDX Introduction to Programming course, and then a course on Coursera by Martin Odersky on Functional Programming through EPFL, and I feel like that ladder has been kicked away due to MOOC monetization policies. I wonder if we could return to these days.
I took the EPFL course as well, although did not finish it. As someone who only had experience working with imperative programming and OOP stuff, it blew my mind -- I never knew you could write code like this. The course was great but a bit too fast for me at the time (part of the reason I did not complete it).
Dont many of them end up as Youtube playlists anyways?
Yeah, there were 2 golden ages:
1- When this internet thing came out
2- When this covid thing came out
On the first era, here's a Java lecture from Stanford, if it's too basic for you, it still has historical value, iirc it's something like Java 6. And it also reinforces the basics.
https://www.youtube.com/watch?v=KkMDCCdjyW8&list=PLA70DBE71B...
It's a bit harder to follow along with online materials since you have to use the Internet Archive, and download older compilers or use options to target older versions, but it's all the more fun for it.
What they don't tell you. Everyone in the company will hate you, no one will fix the bugs you find, HR will want to sack you for fun, and the execs are all psycho's. Find a better career, like watching paint dry, or become a monk. Its fun, but not worth it. People are twats.
Sucks being a cost center. I've come to realize that a lot of what makes security fun for me still boils down to engineering problems that isn't only found in security teams.
Cost center... now there's a frame. It's nothing but ignorant or malicious bean counter talk.
Or just go to the dark side if you are good enough /s
I kinda think the dark side is now pretty competitive, though.
I like that the MIT CSAIL CSS website (https://css.csail.mit.edu/) has a link to a Russian online gambling site due to what I’m assuming is a typo (click on the Foundations of Cryptography class)
Likely it was an expired domain. I have seen this trend happen quite a bit with semi-popular domains, e.g., International Olympiad in Informatics 2019 official website, ioi2019.az
The domain was created two months ago.
https://whois.domaintools.com/mit6875.org
Presumably for SEO tactic of the gambling site?