[JohnWill]

Well, you folks are selling, but I'm not buying.

[tomdkat]

Quote:

Originally Posted by MikeSwim07

In my opinion it's not like these students are going to use this info for bad. They are going to university to study security. They probably will work for some AV company etc where they can use this to possibly improve the avs.

The thing is, we really don't know how the students will actually use this information after the course is over. People are tired of having to deal with the malware that's out there already so the last thing they want or need is someone "teaching" possible future hackers how to hack.

I've got mixed feelings on this since I can see both sides of the argument. On one hand, if the course was a "survey" course in computer security and how hackers can be successful at hacking various systems, I wouldn't have much of an issue with it at all. On the other hand, if this course focused exclusively on Windows and for no real reason other than convenience, I would have to question the usefulness of it.

I don't see this kind of course "training" new hackers. If someone wants to learn how to hack, the information is already out there for those who know how to find it. Furthermore, we don't even know if this professor is any good as a hacker or if he's teaching things that aren't already known and well documented issues or exploits.

I think some people are a bit paranoid about this kind of course existing and I think that paranoia can be justified.

Peace...

[new tech guy]

Quote:

Originally Posted by win2kpro

From life experience I have the knowledge and know how that I could teach a person with a little mechanical knowledge how they could steal a specific "object" (that will go unnamed), and with an investment of approximately $20,000-$50,000 could sell that "object" within approximately 18 months for $300,000-$1,000,000 with less than a 1% chance of being caught.

Side note: To me that sounds alot like a car that has a body kit to look like an exotic to me.

In any event, In my opinion, this is a good experience because then it could be used in the classroom to simulate a live attack by setting up a small network, a server, and some pcs representing clients. Then you could have one student infect those machines in any pattern they wish with a virus of their own code and have the other student reverse-engineer the code and get rid of the virus. And doing this you learn 2 things, 1. How malware is constantly changing. And 2, how to reverse engineer malware and apply it to the security software to protect against the nasty code. And it really helps to reverse engineer somthing when you have a clear understanding of how it works and making them is the perfect way to find out.

[MikeSwim07]

I agree

It would be another thing if this guy would be teaching this to people he has never met. But it is his own students.

[win2kpro]

Quote:

Originally Posted by MikeSwim07

It would be another thing if this guy would be teaching this to people he has never met. But it is his own students.

Surely, you are not naive enough to believe that students who learn to hack, don't pass it on to others.

A Federal judge just issued a temporary restraining order against 3 students to keep them from passing on hack information.

http://www.msnbc.msn.com/id/26126287/?GT1=43001

[win2kpro]

Quote:

Originally Posted by new tech guy

Side note: To me that sounds alot like a car that has a body kit to look like an exotic to me.

Sorry, that guess is not even close.

[new tech guy]

Well the truth is, you cannot control how one uses their knowledge. And if those kids chat on im, that restraining order means nothing as they can just chat to each other and im the info across. The point in his lesson is to also let the student choose what they do with their knowledge.

[gurutech]

IMHO - If the students understand the theory of "creating" viruses, then they will also understand the theory of "removing" the viruses. They understand how a virus works, and can better guess what steps the virus is taking to infect a PC, and then begin to take counter measures to remove the virus.

[ekim68]

Wow, interesting discussion...Knowledge is power....For whoever...

[JStergis]

Quote:

Originally Posted by briealeida

Don't want to start a war but I disagree.

AV software should be constantly changing and improving. If writing a virus that will thwart AV software is so easy and methodical that it can be taught in this way, it is a warning sign!

In the wrong hands, this education is bad. Obviously. But any information in the wrong hands, can be dangerous. These students are better prepared to work for AV companies and help them improve their software. People should know how viruses work. If only malicious users knew how viruses worked, how could we stop them?

I agree as well, the more they know about how to get by the av software, the more they'll know about how to improve it.

However, it could get into the wrong hands and they could determine creating a virus fit for use as "job security."

[win2kpro]

The problem is the university has no control over the students after they leave. How many will go to work for AV companies, who knows.

Take for instance the 9/11 hijackers. They went to flight school to learn the basics of flying large commercial aircraft. I don't believe any of them went to work in the airline industry. The flight schools that taught these guys the basics had no way of knowing how they would use their knowledge. Now we know.

Any learned knowledge can be used for good or bad, but I still don't agree the "hacking" should be a college level course.

[tomdkat]

Quote:

Originally Posted by win2kpro

The problem is the university has no control over the students after they leave. How many will go to work for AV companies, who knows.

Yep, this is true. The thing is, we have to keep in mind this goes both ways. How many will work for anti-virus companies? We don't know. How many will NOT work for anti-virus companies? We don't know. How many will use this info to write viruses of their own? We don't know. How many will use this info to write malicious viruses? We don't know. How many will further pursue malicious virus development to gain more hacking skills? We don't know. How many will move on to something else completely? We don't know.

Quote:

Take for instance the 9/11 hijackers. They went to flight school to learn the basics of flying large commercial aircraft. I don't believe any of them went to work in the airline industry. The flight schools that taught these guys the basics had no way of knowing how they would use their knowledge. Now we know.

Ok, let's roll with that. The WTC attackers most likely didn't plan the attack around the fact that flight schools existed in the US. If they were not permitted to learn to fly at the school where they did, they would have gotten that info somewhere else. When there's a will, there's a way.

Quote:

Any learned knowledge can be used for good or bad, but I still don't agree the "hacking" should be a college level course.

It's not. The course is computer security and understanding hacking is relevant to computer security.

Peace...

[MikeSwim07]

They are learning how to make malware, not hacking. Big difference.

[defscarlett]

In order to protect from it, you need to know how to do it. It's the same with a police officer, you have to think like a crook in order to catch a crook, it's all on which side of the "law" you are on.

[win2kpro]

Quote:

Originally Posted by MikeSwim07

They are learning how to make malware, not hacking. Big difference.

From the story;

"In a windowless underground computer lab in California, young men are busy cooking up viruses, spam and other plagues of the computer age. Grant Joy runs a program that surreptitiously records every keystroke on his machine, including user names, passwords, and credit-card numbers. And Thomas Fynan floods a bulletin board with huge messages from fake users. Yet Joy and Fynan aren't hackers—they're students in a computer-security class at Sonoma State University. And their professor, George Ledin, has showed them how to penetrate even the best antivirus software."

Do you not consider running a keylogger, stealing user names, passwords and credit card numbers a "hack"? If you don't consider this kind of activity a "hack" please explain to me your definition of "hack".