[locacorten]

The main trait of a top researcher is skepticism -- the willingness to doubt results. You learn to be skeptical as part of the training during your Ph.D.

Unfortunately, the standards have fallen. The security community is one of the worst instances of the lack of skepticism in the science arena. The community has started to reward clickbaity papers because they "sell". It's a race to the bottom.

[jnwatson]

A security research does not have to develop an entire exploit to demonstrate a vulnerability. This is analogous to that.

It is valuable research if someone can take it to the next step. Inasmuch, it is definitely worthy of publishing.

[Spooky23]

Security is tough because you a mix of complete idiots trolling for attention, business, or jobs, vendors seeking fud to drive sales, and incredibly talented people reverse engineering and discovering things.

I suspect that some the worst are seeded and encouraged by parties who benefit from a lack of trust in research and maximum chaos.

[locacorten]

Great point.

But there should be a distinction between academic conferences where professors from U. Mich are publishing and practitioner conferences aimed at industry (including sales, etc.).

My criticism is about academic conferences -- there's little skepticism left when reviewing papers describing attacks. As long as it's cool, it's in.

Look at the title above: "Hard Drive of Hearing: Disks that Eavesdrop...". It's not far off from the headlines on CNN or Fox News. At this rate, I predict by 2025 we'll have Breaking News red banners on academic conferences sites.

Let me re-assure everyone out there ... No, your disks are not eavesdropping. Disks eavesdropping should be the least of your worries security-wise.

[jaclaz]

>Let me re-assure everyone out there ... No, your disks are not eavesdropping. Disks eavesdropping should be the least of your worries security-wise.

Sure, but think about how many people will refuse your statement and - thanks to the article - will start to believe that aliens use hard disk recordings before abducting them.

The damage has alas already been done, on - quite frankly - a very thin basis, your general criticism is very well founded, a "reputable" institution would (should) never accept those clickbaity titles.

[jackpirate]

Security researchers should be much more skeptical of claims that a system is safe than they should about claims that a system is unsafe. The default posture of accepting that all reputable claims about a system being unsafe are true is probably not too bad of a one to have.