After-School Hacking Special 287
securitas writes "The NY Times writes about an after-school program that teaches teenagers how to hack, attack and defend systems. There doesn't seem to have been the same uproar as the virus-creation course at the University of Calgary (see previous Slashdot thread), even though the participants in Tiger Team (the name of the program) are younger than the university students."
Cool Idea (Score:3, Informative)
I think the program directors argument should qualm any skeptics.
"Some of them grilled us pretty heavily on the concept of, 'Well, aren't you training hackers?' " he said. "I go, yeah. I have a black belt in martial arts. If I wanted to be a bad guy, I could go and hurt people. But I don't do it. That's not the emphasis of the program."
Re:Cool Idea (Score:2, Interesting)
You teach them to comment their code, watch the buffers and never let programs leave the box unless you absolutly have to.
This whole hacker mythology is poor.
Re:Cool Idea (Score:5, Interesting)
There's a good reason people are getting paid $90,000 a year to hack into computers of big companies, despite your scepticism.
Re:Cool Idea (Score:5, Insightful)
Explaining a buffer overflow and actaully programming one are two different things. And programming an expliot for one drives the idea home even better.
I'm not saying that they should be trying to hack nsa.gov or something. However, when you actaully have a chance to play with a virus or recent exploit in a controlled environment you will get a better understanding.
That is why folks honeypot and such. They can actually figure out what are the techniques used in the wild and how to defeat those techniques.
Re:Cool Idea (Score:5, Interesting)
My Prof in Netprog showed us a old version of some crappy software (that has been since been repaired). He then installed the code on a server and proceeded to hack into the machine. Seeing this live demo followed up by code analysis REALLY hit home buffer overruns. I really believe this made me a better programmer.
In this case, we learned to "hack" but there was certainly no harm and no foul. I remember to check/fix overruns, but I would have to check my notes on the steps for hacking it.
Re:Cool Idea (Score:5, Insightful)
Most people don't care about theoreticals. They care about what they can see and what affects them. If you show them their page in Lynx and Mozilla and Opera, perhaps they will understand the need for standardization. If you show them that no one else can compile their program, they might start writing standardized code.
The point is, people aren't going to understand that they have hackable systems unless you hack them and say, "Look what I found!" By proving the flaws in their systems you inspire them to fix them, creating secure systems.
Like they say, there's no teacher like bad experience.
Re:Cool Idea (Score:5, Informative)
Typically a SysAdmin staff does not consist of programmers, and even if they are programmers, their job is not to write the security-intensive code and send the company to bankruptcy while they re-implement the OS, the terminal emulators, the network protocol, etc. Their job is to solve problems using the most efficient solution, and this often includes using other people's already developed, tested, code.
Their job is to install it, configure it, manipulate it and understand at a high level how it works; and when things inevitably go bad, minimize the damage and fix it quickly.
Learning to predict HOW things can go bad would help a lot.
Re:Cool Idea (Score:3, Insightful)
You teach them to comment their code, watch the buffers and never let programs leave the box unless you absolutly have to.
This whole hacker mythology is poor."
I agree. Instead of teaching people how to hack systems, wouldn't it make more sense to teach them how to set up firewalls properly, restrict setuid, restrict the number of services running, set up a patching strategy, and run an intr
Re:Cool Idea (Score:4, Funny)
HR Drone: "So I see you've done an after school program on hacking"
Kid: "Yes, that's correct. I am a security expert because of it."
HR Drone: "...So you're a tool"
Kid: "Well actually sir, I am trying to be a security professional."
HR Drone: "...So you're a tool"
Kid: "In this program, sir, we learned the most advanced techniques for securing today's modern computer systems."
HR Drone: "So you've mastered Windows Update?"
Kid: (blushes and stares at feet) "...yeah"
Nice troll, but not good enough (Score:4, Insightful)
And to commence feeding: your comment on hacking experience being bad is totally groundless: I wouldn't trust an architect who couldn't tell me the points in a building vulnerable to bombing, and I wouldn't trust a sysadmin who didn't have at least a basic knowledge of hacking techniques.
Re:Nice troll, but not good enough (Score:3, Insightful)
What method did probably 90% of the currently problematic worms and hacks use to get around? Vulnerabilities in MS Exchange, MS Outlook, and MS Outlook Express, IIS, and SQL Server. What language offers the tightest integration with all of these systems, including many, many prebuilt system objects for working with them? VB. What language would an employee of a Microsoft shop probably be working with daily? VB. So, if you were to hire a hacker to work in your Microsoft shop,
Re:Cool Idea (Score:3, Interesting)
Re:Cool Idea (Score:2, Interesting)
Doesn't matter what the emphasis is from the instructors' point of view, all it takes is one script-kiddie to hack a site, and the teacher (and by extension, the school) are up for both civil lawsuits and criminal liability (contributing to the delinquency of a minor, etc).
Especially since he agreed that he was teaching kids to hack.
Remember, just because you CAN do something
Re:Cool Idea (Score:5, Insightful)
From what the article says, he's strongly encouraging ethical behavior. Personally, I wish I had something like this in high school.
Re:Cool Idea (Score:5, Insightful)
I don't know where you went to school, but most of my chem classes were equations, and we never did get to try the "crushing head with bowling ball" in physics. Head-crushing was kind of frowned upon, both during and outside of school.
If he was really into encouraging ethical behaviour, he'd first teach them the difference between hackers and crackers.
Then, you've got to keep in mind how insecure most school networks are, and how unsophisticated most adult users at schools are:
Q: What's your password?
A: 'password'/'my name'/'my birthdate'/it's written on the post-it on/under/beside the monitor/keyboard/mouse
Sort of like mixing matches and gasoline. It's not a question of 'if' there's going to be a fire, but 'how badly are you going to get burned'.
Re:Cool Idea (Score:2, Insightful)
You don't seem to have alot of faith in the next generation, or indeed in your fellow human beings. You expound a tired point, which has been used by the less clueful of the world to stop everything from sex ed to skeet shooting.
The point of this class is twofold - first, much like a karate or skeet shooting class, to teach respect and self control for the skill
Re:Cool Idea (Score:2)
<quote>you will always have hackers, just like you will have always (sic) pregenant (sic) teenagers</quote> - and your point is? Sure' we'll always have kids screwing around, that doesn't mean we encourage it on sch
Re:Cool Idea (Score:2)
Safety was emphasized.
None of this "take a pickup truck full of fertilizer, an oil tank full of diesel, mix in a cement truck, and park in front of a building" shit, or the computer equivelant - cracking.
And definitely no crushing of skulls with bowling balls in physics. English lit, maybe ... :-)
Re:Cool Idea (Score:2)
There's been cases where defense lawyers faulted the movie "Matrix" for murders so I wouldn't be suprised if the lawyers fault teachers for hacking and bombing cases.
Re:Cool Idea (Score:5, Insightful)
I think the teacher found a very adequate metaphor: when you teach martial arts you're teaching ways to hurt, and sometimes kill. There is no doubt this sort of knowledge can be misused to hurt people; it was perfected for that purpose.
Yet it is also taught and learned mostly for other reasons: for self-defense, for sportsmanship, for physical and/or psychological self-improvement. Sometimes kids are taught martial arts to (gasp!) teach self-control, responsability and discipline.
Society trusts that kind of training because the ethics and discipline are ingrained in the practical teaching, it's not just a chapter and a lecture in the curriculum. Perhaps a similar approach can be used for something like this.
Re:Cool Idea (Score:4, Funny)
Re:Cool Idea (Score:2, Interesting)
Re:Cool Idea (Score:2)
Actually, that's not quite true. If you've learned how to write good code, and you review someone else's, and it looks like something the dog barfed out, you'll recognize that, because it "just looks bad".
You'll be suspicious, you'll want to replace obscure/unclear/weird code with clean code. You won't have to test the existing code for buffer overflows, for example, or freeing objects multiple times, because your rewrit
Re:Cool Idea (Score:2)
"Some of them grilled us pretty heavily on the concept of, 'Well, aren't you training hackers?' " he said. "I go, yeah. I have a black belt in martial arts."
And then he opens up a can of serious whup ass and shuts them up!
: )
Hehehe, take THAT skeptics!
Yeah! (Score:5, Funny)
Yeah! Finally we after-schooler AD&Ders have a group nerdier than us to beat up!
Re:Yeah! (Score:2)
Re:Yeah! (Score:4, Funny)
Re:Yeah! (Score:2, Funny)
My trombone (Score:3, Funny)
Go away if you know what's good for you.
Re:Yeah! (Score:3, Interesting)
Percent of CS majors in my college who were female: about 5%
Any questions?
Re:Yeah! (Score:2)
mmmm yea (Score:4, Funny)
And one time... in band camp... we hacked the white house and asked GWB if he was out of TP.
Re:mmmm yea (Score:2, Funny)
Were you boys all playing the skin flute?
Re:mmmm yea (Score:2)
Re:mmmm yea (Score:2)
Now that.... (Score:5, Insightful)
Little Johny: Hey, Jimmy try this script out. First one is free tell your friends.
Could be useful (Score:5, Interesting)
After taking a similar class (Score:5, Insightful)
However, I wonder why the adults behind this "after school program" think that kids will have the same degree of responsibility that university students do when learning these things. What is to keep them from going out and writing viruses, unleasing them upon the Internet and generally causing lots of trouble after learning how to "protect" systems.
Re:After taking a similar class (Score:2, Interesting)
An interesting point. With University students, namely engineers, they are required to take at least one, sometimes several ethics courses designed to encourage responsible practices later on in their careers.
Hopefully, something similar will be put in place for these highschool students, though it may not be as effective due to the generally lower level of maturity.
Re:After taking a similar class (Score:3, Interesting)
Re:After taking a similar class (Score:2)
My engineering ethics professor told us that when we get our first job, we shouldn't try to impress them by "volunteering to all sorts of activities when they are proposed. Instead, don't do any work that's not specifically assigned to you, because the moment you show them that you're competent with other duties, they'll start assigning them to you and you'll never get any free time."
Granted...that wasn't part of his actual lecture, it was during his Pre-Lecture Ramblings(tm). Still, I didn't think it w
Re:After taking a similar class (Score:3, Interesting)
Re:After taking a similar class (Score:3, Interesting)
Re:After taking a similar class (Score:2)
Re:After taking a similar class (Score:2)
Re:After taking a similar class (Score:2)
If you never did anything out of the line after your second decade of life, then I think you're in the minority.
Re:After taking a similar class (Score:2)
Yeah, but in my opinion, I figure that if that were due to actual phisiological differences you'd have a much smaller minority of kids that were aware of consequences. And I think there are too many "good kids" to set them out as outliers. Rather, although most teenagers do some things wrong from time to time, I think there is a small minority of kids that, for example, get in trouble with the law, or do things that
Re:After taking a similar class (Score:2)
So you're saying that it's your belief that older man cannot be unethical?
However, I wonder why the adults behind this "after school program" think that kids will have the same degree of responsibility that university students do when learning these things. What is to keep them from going out and writing viruses, unleasing them upon the Internet and generally causing lots of trouble aft
Re:After taking a similar class (Score:5, Insightful)
Most modern civilised societies today train *thousands* of young men to kill, wound, stab and inflict damage on others. Despite this, rarely does it happen that these people use their skills after-hours in an inappropriate way. Of course there are exceptions, for example people with mental illness etc.
Personally, I have a fully automatic rifle with XXX numbers of shoots stored in my home provided to me by the government. I could easily create a mess with this weapon, or with a shotgun or a pistol I own privately. Despite this I don't.
As long as the individuals/persons that are taught these skills are enough mature and they are taught ethics and the difference between right and wrong I don't se the problem.
After all: Deep inside, most people are good.
It's better that they acquire these skills in a way that gives someone the possibility to correct bad behaviour right then. And besides that it gives them something they can put on their CV and use to get a white-hat job.
This is a clear example of a case where the positive effects out-weights the negative.
Re:After taking a similar class (Score:3, Insightful)
Cracking computer systems is much different. You can do it from the comfort and privacy of your own home. You don't see the greif your actions causes others. It is traditionally much more difficult to get caught.
I heard that the website advertising the course.. (Score:5, Funny)
I severely doubt it's integrity and capability with regard to teaching me the kiddie skillz I need to get by on IRC nowadays!
- DemonShadowHa>0rSpawnNeo
--------------- THERE IS NO SPOON
--------------- HACK THE MPAA RIAA AND AA
The Hacking After-School Special (Score:5, Funny)
Susie: Hi Timmy! Wanna go get a malted milk?
Timmy: Nah, I've got something keener to do.
Susie: What then?
Timmy: I don't think you would get it.
Susie: Come on! We're best friends, right?
Timmy: OK then. I'm gonna go home and hack.
Susie: (pause) Gosh Timmy! You shouldn't hack!
Timmy: Why not?
Susie: Hackers are theives and cost lots of folks money! They're akin to a device that breaks the lock on your house!
Timmy: Aw shucks, you're so old fashioned. I gotta go, see you tomorrow.
[ Susie walks away sadly. ]
[ The next day... ]
Teacher: Rodney?
Rodney: Here.
Teacher: Susie?
Susie (sadly): Here.
Teacher: Timmy?
[ silence ]
Teacher: Susie, do you know where Timmy is?
Susie: I sure do, Mrs. Martin. He went to jail.
[ murmurs from the classmates ]
Susie: He was downloadin' music and stuff, and he got caught. He's really in a darn pickle now.
Teacher: Class, let this be a lesson to you all. Good kids don't hack. If somebody asks you to hack, just say, "I don't hack. That's whack."
Re:The Hacking After-School Special (Score:2, Funny)
xScruffx
The real hack is that... (Score:2, Troll)
And now the story is being spread as true!
Re:The real hack is that... (Score:2)
http://www.centralmaine.com/news/stories/030113et
http://www.isfound.org/tiger-team.html [isfound.org]
Re:The real hack is that... (Score:2)
Are there morals taught as well?? (Score:4, Insightful)
Careful who you hire to teach (Score:2)
Re:Are there morals taught as well?? (Score:2)
I mean if we didn't teach kids to read and right we could control them better.
Re:Are there morals taught as well?? (Score:2)
"The students are getting a good dose of ethics along with some sobering words about legal repercussions. Scheduled guest speakers include a lawyer and a police officer, and Mr. Robinson is hoping to recruit a speaker from the Federal Bureau of Investigation."
near the bottom.
Hmmm... Old-School Mindset (Score:3, Interesting)
Re:Hmmm... Old-School Mindset (Score:2)
Now if the stupid school could make the difference between hackers and crackers ...yeah, like that's ever going to happen - sigh - :-(
Re:Hmmm... Old-School Mindset (Score:2)
My school [fortbendisd.com] has an AP Computer Science class. The textbook is the most pitiful book I have ever read. Its written by some idiot named Schram. It was often wrong and it was hard to read (because he obviously doesnt know what he is talking about).
Crappy books and teachers are a major problem with public school. Something needs to be done
Re:Hmmm... Old-School Mindset (Score:2)
Re:Hmmm... Old-School Mindset (Score:2)
Re:Hmmm... Old-School Mindset (Score:2)
Re:Hmmm... Old-School Mindset (Score:2)
Poor buggers... (Score:2)
Watch this get shut down the instant some newly initiiated script kiddie hacks the school computer systems and defaces their website... The web's greatest game is free again, www.planetarion.com [planetarion.com] to sign up!
Wow (Score:5, Funny)
Anyone else see visions of the football team, glee club and chess team in an ad-hoc alliance, beating the living shit out of the "tiger team"?
Re:Wow (Score:2, Funny)
Im curious where they get their teachers.... (Score:5, Insightful)
I know that I was in high school a few years ago, the head netadmin/sysadmin was worse than pitiful, a MS Certification only type of person. The only systems he ever hacked into were those in a computer game. Granted, I did go to private HS, and IT was not at the top of their budget priorities.
Regardless, it brings up a good point of having competent people teaching these types of classes, and how difficult it is for schools feeling the budget crunch to find competency.
Re:Im curious where they get their teachers.... (Score:3, Insightful)
Re:Im curious where they get their teachers.... (Score:5, Informative)
Mr. Robinson, 38, who runs a small information security company...
Re:Im curious where they get their teachers.... (Score:2)
IT is most definately NOT at the top of pulbic school priorities either. Having seen what passes for IT in this town I wonder if attempting to use it is actually crippling students' education.
Re:Im curious where they get their teachers.... (Score:2)
Teacher: "Hm.. that method used to take an integer, but then we DID just upgrade JBuilder.. maybe they changed something."
Me: "Actually, the newer version of JBuilder uses the same JDK as the version we were using before."
Teacher: "... I don't follow you. Hey, let's check the Borland website!"
Me: "Whatever."
and then I
Great Idea. (Score:5, Insightful)
We can then hope that industry picks these students up and listens to them. Some companies [microsoft.com] won't like what the clueful have to say about their software. But every other company in the world needs to hear it.
Bad for Microsoft (Score:2)
Good. The more such hacking and virus writing schools will be around the world the less chances Windows will have to survive on the market.
All other OS vendors (including/especially OS teams) are adapting quickly (Apple even abandoned their old crap in a favor of BSD), while Microsoft still sticks to the old mix of DOS and VMS.
Of course the law also will catch
Scenes from www.whiteshouse.gov (Score:2)
Server Tech : "I don't know, sir! It started about 3:15 pm - right after school got out..."
Webserver: "We're gonna ZOOM, ZOOM, ZOOMA, ZOOM..."
Remeber when hacker was a good word? (Score:3, Insightful)
I can remeber when I used to say I was a hacker and that was a good thing. That was back when hacker was closer to the dictionary, a hacker or hack was someone who worked long hours.
This grumpy old man moment was brought to you by...
You think you're old? (Score:2)
Wait, wait, wait... (Score:2, Insightful)
this is very good (Score:5, Interesting)
During my high school years, I had been banned for a time from using computers at the school library, only because of my programming knowledge was superior to that of the teacher of Computer class (this was 1994 - the guy even thought the Net was an useless fad!). Rumor must have spread that I could hack a machine by looking at it, or something of the sort, since they didn't want me near a two-meter radius of any terminal. At first I didn't give a damn since I limited my computer stuff to home and that class...
However at some point the professor hired some "security expert" consultant to assess threats to the network, and my name appeared on top of a list of people who allegedly had "hacking tools" in their network space. This was too much (I only used it for school papers, and I could prove it) and I had to go to the professor and threaten to sue for libel. Of course I didn't had to go so far, since the professor apologized, removed my name for the list, and restored my normal access to the library computers. Since then I didn't have any problems (even the librarians asked for help afterwards).
What the moral of this story? Ignorant professors == bad news. If kids are smart enough to want to learn hacking, or programming, then they should allow their creativity to be expressed. Or else you will fall into idiotic situations like what I have lived.
PS: As a matter the fact the professor, much to his credit, at some point offered to create a "Linux club" (1995). However, the college grad supposed to sponsor the club dissapeared after the first meeting... so we never had anything...
Us and Them guessing game (Score:3, Interesting)
- "White-hat Hackers" or "Cyber terrorists"
- "hunger stricken" or "fortified with pizza"
- "another weapon" or "band of pickpockets"
- "creating mischief" or "training hackers"
Not a fair comparison, I know. All of the above is out of context.
When will people ever learn... (Score:3, Informative)
Learning Dangerous Skills (Score:5, Insightful)
If everyone is equally stronger and more knowledgable, the entire system is stronger. The world cannot be populated with softies who leave security to the "experts".
- James
Contact Info?? (Score:4, Informative)
---
It was a book to kill time for those who liked it better dead.
Re:Contact Info?? (Score:2)
Either way though, I still would like to get in touch with this group and see if they have their curriculum available to the public..etc..
---
The 80's -- when you can't tell hairstyles from chemotherapy.
Teaching Kids is much worse (Score:2, Interesting)
Any Questions - I am on the Board of the Program (Score:4, Interesting)
Re:Any Questions - I am on the Board of the Progra (Score:2)
Re:Any Questions - I am on the Board of the Progra (Score:2, Funny)
Re:Any Questions - I am on the Board of the Progra (Score:3, Insightful)
Your analogy is wrong, this is more closely like a chemistry teacher teaching how to make bombs, a physics teacher how to make projectile weapons, and a music teacher how to make rap music.
If this class was about computer security then your analogy would hold true.
As long as they teach ethics as well... (Score:3, Insightful)
Great idea- (Score:4, Insightful)
Most likely, the teacher involved with a program like this is the defacto 'resident tech' of the school, being the one-person network admin/troubleshooter/etc. Having a face and personality assosciated with 'The Admin, my Enemy' can give a whole new perspective to the 'up-and-coming' hacker. This can be good or bad ('y'know, X isn't so bad, maybe I shouldn't target the school' vs. 'Oh, I -hate- that fscker, time to bring on the hurt'), but at least it can bring up the point that there's a real PERSON behind that box they're hacking. If done right, clubs like this can help cultivate the 'old-school hacker mentality' by having in-depth discussions of ethics, legalities, etc.
We live in a world where 'morals' are generally defined by social groups. If a kid getting his feet wet is exposed to nothing but script kiddies and their sites, just guess which way he's most likely to turn out...
Login as (Score:2, Funny)
More about the University of Calgary (Score:3, Informative)
Re:So does this mean? (Score:2)
Music Videos too? (Score:2)
What cute little music videos will the new generation bring? Perhaps something along the lines of "Rootkit Randy Goes to Jail", "Virus Vinny He's Such a Ninny" and "You Can't Ride A Trojan Horse" (sung to the tune of Eagles' "You Can't Hide Your Lyin Eyes")
sure thing! (Score:3, Funny)
Re:Hacking in the media (Score:3, Informative)
I read the MIT Hacker's Dictionary before many people posting in SlashDot were born. The fact is that "hacker" and "hacking" have had a pejorative connotation for a long time. I remember the University of Maine operations manager calling me a "hacker" (in a disparaging tone) in 1980 when I first exploited a race condition to break out of the limited student shell into "full CMS" (the humor here will only be apparent to those who have experience