March 2nd, 2006, 06:25 PM
I totally agree, the professor (even though it was a computer security course) should not have even thought about giving an assignment like this...
Originally posted here by rapier57
Yeah, I just read the ISC diary. I passed that to my former boss. He'll get a chuckle out of that, seeing as how we used to fight the C-suite mentality that faculty can do no wrong. The big question is: Why did the powers that be in the university not know that the activity was illegal, and could possibly be a federal offense if the students went outside the campus or actually got into a live business?
I'd be for getting the professor turned into the feds and make a poster boy of him.
there's always a way in...
March 2nd, 2006, 06:41 PM
This one isn't going to go away any time soon, it seems. Take a look at today's ISC (aside from the Apple updates). Also, the original Professor Packetslinger entry has been updated and there are some interesting notes.
Tom Liston has a pretty interesting entry and makes some good observations.
March 3rd, 2006, 12:47 PM
This is actually what's really important. I've done a similar assignment to students when I taught an Intro to Security class. Here's what I did different however (and what that prof should have done):
Exactly what parameters, what restrictions, and what applicable laws and regulations were conveyed to the students?
1. "Investigations" to external entities were done as "passive". That is, use only info found online and NO active probing of machines (e.g., no Nmap, nessus, etc.). Tools that were used: whois, traceroute, dig, searches through Google, Usenet, etc.
2. Probative/Active investigations were done on a server that was setup for the class called Tank (it was aptly named). Students could pound the crap out of it whether within the classroom or from home (as long as they were registered for the class and they had signed an agreement of the school's IT policy).
Either way, students were told -- very emphatically by me -- that any laws violated, doing any active investigations against external entities, etc. would result in not only an F but possible explusion. For the most part it worked fine although required tweaking as time went on (students one year interpreted a later assignment for going after other students in the class to include the school's wireless network -- I had to specify that it was within the WIRED classroom only).
March 3rd, 2006, 02:56 PM
Wow. I'm taking the security class at my school and two things my professor told us/had us do was
1) he told us what laws cover hacking and whatnot
2) gave us the agreement from our school for us to sign stating that we will only use what we learn in that class for educational purposes.
And on top of those two things that classroom is on its own network at school.
March 7th, 2006, 03:02 PM
Well, the only obvious course of action for myself if I were in that class would be to Hack, err, evaluate Mr. Packetslinger's computer system!
I would go straight to the FBI and tell them about it.......