As is your comment, coincidentally. This is just a student’s project paper, not an actual research paper in a journal. I wouldn’t hold it up to that standard.
The paper is very light on details. I'm a little surprised MIT published this actually. It doesn't present anything new, and hinges on vulnerabilities since fixed to say that there are definitely new ones. Snooping on friends by looking at when they are online is interesting, but something known for a while and circumventable by just changing who can see your online status (I think it's people on your contact list by default). If you're expecting a security vulnerability, this isn't the paper to find one in (not that rolling your crypto is a good idea)
I think it is important to note that this is a final paper for a course at MIT. I would not hold it to the same quality standards as novel, peer-reviewed research.
There are LaTeX errors, jokes... but of course the contents is what counts, and I don't see anything noteworthy there either. It's a good writeup of what is quite well known (if you're into this kinda thing anyway) but it's not research. I wonder whether they passed the course.
It appears to be an introductory computer and network security course for undergraduates. With that in mind, it seems like they did a good enough job, though I agree that the jokes are distracting.
I was only curious as to why this was submitted to HN.
``Lainon" is a term for a user of Lainchan, a 4chan-alike for programmers. It could be that someone in that community wrote that paper or found it interesting.
Everyone is bashing this as if it's a peer-reviewed paper...Note guys: This is just two students' final project for a class, not some security experts' publication
Even as a final paper for an undergraduate class, this is pretty light on details and doesn't appear to have even undergone basic editing. The "exploit" is only a couple pages of bare discussion that's very similar to the defaultnamehere discussion of Facebook Messenger from over a year ago.
Given the skimpy details and lack of citation of the exploit's inspiration... I'd probably give this a C- at best. I really wish people in CS would ask friends to peer review their writing, because a lot of writing (not all, but a lot) is awful.
I think nobody would mind criticising the paper with their name and surname. It is an objective fact that the paper contains grammar mistakes, jokes, and no original research - it is hardly defamation or libel to say so.
Because it's from MIT? It's a golden standard when it comes to technology, so I guess everybody was expecting some super-mega-hack and were disappointed to find just a mediocre essay that one could expect to see on some noname, local university.
27 comments
[ 0.25 ms ] story [ 70.5 ms ] threadI was only curious as to why this was submitted to HN.
Given the skimpy details and lack of citation of the exploit's inspiration... I'd probably give this a C- at best. I really wish people in CS would ask friends to peer review their writing, because a lot of writing (not all, but a lot) is awful.
Yes. I was expecting to see an Architecture Diagram in the section titled Architecture. Instead, there's a screenshot of the app.