Canadian University to Begin Training Hackers 379
torok writes "According to an article at The Edmonton Journal, The University of Calgary is going to start teaching select computer science students to write software viruses in a special new disconnected lab. Will Canada be accused of training the world's next generation of cyber-terrorists... or peacekeepers?"
Crackers (Score:5, Informative)
I understand this is a losing battle but lets not get it wrong on slashdot.
Not a big deal... (Score:4, Informative)
Re:Hacking ethics (Score:5, Informative)
http://www.cs.berkeley.edu/~bh/hackers.html [berkeley.edu]
Re:Hacking ethics (Score:3, Informative)
Re:Crackers (Score:5, Informative)
http://www.grinberg.net/vitaliy/hacker.html [grinberg.net]
in short
hackers: just enthusiasts
crackers: evildoers
Re:Crackers (Score:5, Informative)
Crackers (and cracking), on the other hand, are those who maliciously exploit hardware and software that is not their own, for personal gain, and sometimes just for the sake of having done it.
Did that help clarify the difference? Hackers are reverse-engineers who seek to educate themselves, without inflicting damage. The objective of a cracker, however, is damaging a system (in whatever way), and being able to claim responsibility for it, because they (and their clique) may consider it "cool" or "macho," or in some cases, because they can fraudulently benefit from it (usually economically...)
I hope that helps. If I'm wrong, someone please correct me.
P.S. The "cool" and "macho" part was added by me, but I can see no other motivation to do it.
Re:Crackers (Score:2, Informative)
Re:U of "C" doesn't teach "C" (Score:4, Informative)
A Computer Science program at any (Canadian) University worth its salt has maybe 3 or 4 programming courses, and the other 30+ are algorithms, databases, networks, algebra, AI, operating systems, distributed systems, parallel systems, real-time systems, security, automata, digital logic, data structures, software engineering, graphics, instruction set architectures, compilers, professional ethics...
Note that any and all of the above are (relatively) language-independent. A CS student should be able to pick up a new language in a matter of days/weeks - but CS is not about syntax memorization.
your're an idiot. (Score:1, Informative)
Although many right wing Latin American dictators(Galtieri) and generals were trained there, they aren't terrorists.
You must understand:
left wing oppression == terrorist: FARC, SHINNING PATH
right wing oppression == no other way to stop the misguided commies. Pinochet wasn't all that bad.
It's nice and cute to be living in the first world and complain about how bad human rights are in (insert your favorite Latin American shithole here) but the truth is, human rights get REALLY bad when the left takes over.
Instead of complaining about the SOA, why don't you complain about Cuba training and supporting terrorists in Columbia and most poignantly Venezuela. Where Chavez followed Castro's(and Hitler's) playbook to the letter. I will summarize, talked a good (leftist) game, got elected by 80% of the vote, promptly revamped the constitution and parliament, extended his term twice. He's there for life.
I lucky escaped my Latin American shithole, I know what goes on there. You should regurgitate shit you hear on NPR but don't fully understand.
Re:Not a big deal... (Score:3, Informative)
Well, I was wondering if I'd have to be the one to point this out.
In the early 70's, I had several CS courses that went into the topic. This included both studying some known examples and writing new ones for some of the available campus machines. It seemed like a reasonable thing for a computer course to study.
I mean, imagine a course of study in other kinds of engineering in which you never studied how things could fail or be sabotaged. Such a program wouldn't exactly turn out competent engineers, now would it?
Considering how important computers and networks are becoming in this world, I'd think you'd have to be pretty stupid to think you don't want to teach people about how such things can be sabotaged. How do you think you're ever going to make them sturdy and reliable, if the people building and maintaining them don't study such things?
I've had this prof before . . . (Score:3, Informative)
He definitely has a strong security focus in his courses, and has one of the highest standards I've encountered in a prof regarding testing ( after turning in our implementation of an md5 hash as a system call in OpenBSD, he asked the class if anyone had tried testing with 1 Gb input strings. Just an example).
There's another course with a similar bent - a 4th year SysAdmin course that's year-long and involves substantial network programming. I'm told that the instructors will take down the network during your examination, forcing you to fix things while still completing your test online. Past grads also like to hammer the servers the students setup.
Personally, I'm glad to see these courses - most of these problems are things I've no clue about or would even think about how to prevent. Exposure is a start.
Re:Crackers (Score:2, Informative)
Reverse engineering is protected by numerous free trade laws. I also quite seriously doubt that the DMCA could have any effect on you if you are in a country other than the US. Unless you pull a Skylarov and come over here, that is.
Re:Pleased (Score:4, Informative)
At Portland State University, we've been teaching a virus course in a "disconnected lab" for several years now. I was surprised that the Calgary course is big news---I imagine other institutions have been doing this as well.
(Disclaimer: I am speaking for myself and not in any official Portland State University capacity. Not that you thought I was.)
Re:U of "C" doesn't teach "C" (Score:5, Informative)
At the time, U of C didn't teach C either. Students were expected to be able to learn "C" on their own by third year, since they'd already been exposed to three or four different programming languages from different spheres. Once you were in third year, you could, for the most part, do your projects in whatever language you wanted, as long as the TA knew the language. Most students did their projects in C.
As well, the first year courses almost always used languages that students were unlikely to have encountered ever before. This helped level the field between the people who were "xc3113nt C h4x0rz" and everyone else. Everyone started from first principles in functional programming.
By the time I'd hit third year, I'd had courses where the language of choice were Pascal and Modula/2 from the "Von Newman" sphere, ML from the functional sphere, and PDP-11 assembly (was being replaced with SPARC assembly at the time) from the low level sphere.)
By the time I'd graduated, I'd added courses that required languages based on category theory (Charity) and one based on primitive recursion (it only had zero(), succ() and recurse(x,y) functions and you had to define the whole rest of the language yourself based on those.) If I'd taken different courses, I would have been exposed to Lisp, Prolog, SQL, etc.
The theory behind all this was they wanted to teach you different ways to think about problems, not just how to pound in a solution in C. People who just wanted to learn to code in C, be able to say they were a "programmer" and go on to a career went to SAIT or DeVry.
Pick any academic program and you'll find people who think something is "missing" or can be "better." That's why they evolve over time. The main flaw I found with the U of C program (IMHO) was that the only course that really required you to deal with a large project (CPSC 510, full year, write a compiler from scratch) wasn't a mandatory course.
But I'm glad I got my degree from U of C. And I'm not crippled in my ability to work in C/C++ because I never took a half-year course in it.
Re:Crackers (Score:1, Informative)
You don't seem to under the real meaning of "reverse engineering". :) Sorry. There's really two different classes of reverse engineering: clean room and non-clean room (WhatIs [techtarget.com]).
The former is the only type of reverse engineering that has in court cases been upheld as a legal form (of course, this is prior to the DMCA). Realistically, the latter form, involving any and all means to understand the way in which something works is what's normally done when it's seen as unlikely that a competitor has even a remote chance of prosecuting for not doing clean room reverse engineering. Why, you might ask? When you want to see how your competitor's product works, the fastest way is to test some inputs first, then disassemble the parts you don't automatically understand. When time to market matters, and it always does to some extent, shortcuts are the prefered way.
But what does that mean? In the physical world, reverse engineering is so likely that patents are the norm for virtually anything produced. It's understood that competition would otherwise make void all the research needed in making a new product. In the software world, even with patents, clones abound (voris vs mp3, png vs gif, etc). The culture of at least the ideal hacker has resulted in patents for the most part being abhored and circumvent by one means or another (make a clone, offer that gif module off-shore where the patent doesn't apply but people can still get it, publish a long document on all sorts of features you discover). Of course, anything not patented in the physical world is cloned as well and almost never is there a legal fight over it--saying you can't make and sell your own lemonade after finding out what the competitor's lemonade is made of would be scoffed at, assuming it wasn't patented.
But, with the DMCA, copyrighted works have more or less gained the same level of protection as patented works, which is ironic since those companies most likely to invoke the DMCA use it against copyrighted works which are encrypted, something entirely opposite to the openness of patented works. Reverse engineering becomes virtually impossible, except through tedious clean room methods and even then so long as it doesn't happen to circumvent a copy protection mechanism. It seems the DMCA was written without the realization that copyright law is designed to promote the arts and sciences. By this I mean, it gives authors the ability to simutaneously profit from the works they've made while preventing others from directly profiting as well. And society profits as well, by viewing the author's work they benefit as a whole from the work itself possibly, but they also benefit from the extensions others make. If we were to believe the principle ideas of the DMCA and the very narrow scope as defined by fair use in quoting a work, we'd have had to wait the lifetime + 90 years of an author for another competitive work to include an original idea presented, something resulting in a massive stagnation of arts and sciences.
And realistically, this has not happened. Fair use is not needed to quote why ideas might be read and reused by another in even a few months after a best selling novel (fair use wouldn't be a valid exception anyways). The result is laws which in words prevent much more than what the spirit of the courts have shown as accepted behavior. However, when it comes to things in the technical field, an almost magical spell exists where the letter of law is so closely followed like it were a new fronteer where new laws need written to protect what is already protected.
But I digress. The DMCA is a means of creating a new law to prevent another law from being broken. Because of its vague wording (and mostly because the spirit of the law hasn't been established well in this new fronteer), various companies have invoked it to stop "legal" and non-"legal" reverse engineering. For the most part, it has been demo
Re:Just tools (Score:4, Informative)
There are also some schools [upenn.edu] out there that will let you propose a course, provided that:
- the subject is educational
- you find more than the minimum required number of students
- you find someone to teach the class
[...] I took an Information Warfare class [...]
Funny you mention that, so did I -- at the aforementioned school. Officially it was called "Computer Ethics", but we've learned a lot about breaking into computers as well. There was even this one guy there, whose name eludes me for security purposes, who looked to be in his 30s at the time and who claimed to have worked for the gov't and was getting his masters at the time, IIRC. At the end of the semester the class got divvied up into groups for a project/presentation, so I made sure I was in the same group as he was. I've learned of a few neat tricks that the gov't was able to do with their technology, though no specifics (for obvious, classified reasons), like being able to pick up EM radiation from a monitor cable and reconstruct the video -- from a few hundred feet away.
But getting back on-topic... if there's a will, there's a way. If students are interested in learning something the school doesn't offer, they should try rallying up support from both their peers as well as the professors to have courses offered.
Re:Just tools (Score:3, Informative)
This isn't just something the government can do--this is something that a dedicated amateur can do with a little time and money. In addition to some expertise, you will need the following equipment [sfsu.edu]:
- A good commercial wide band radio receiver preferably designed for surveillance (requires a little modification) with spectrum display. Sensitivity and selectivity are paramount. Not all receivers will do the job adequately
- Horizontal and vertical sync generator. Commercially available and will require some modification.
- Multi-Scan Video Monitor with Shielded cables
- Active Directional Antenna (phased antenna array) with shielded cables. Think radio telescope.
- Video tape recording equipment.
This stuff will all fit in a van. The government may have more effective purpose-built tools, but there's nothing preventing a compentent technician from building such a device.