Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25
  1. #21
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Originally posted here by rapier57
    Yeah, I just read the ISC diary. I passed that to my former boss. He'll get a chuckle out of that, seeing as how we used to fight the C-suite mentality that faculty can do no wrong. The big question is: Why did the powers that be in the university not know that the activity was illegal, and could possibly be a federal offense if the students went outside the campus or actually got into a live business?

    I'd be for getting the professor turned into the feds and make a poster boy of him.
    I totally agree, the professor (even though it was a computer security course) should not have even thought about giving an assignment like this...
    there's always a way in...

  2. #22
    Join Date
    Apr 2003
    This one isn't going to go away any time soon, it seems. Take a look at today's ISC (aside from the Apple updates). Also, the original Professor Packetslinger entry has been updated and there are some interesting notes.

    Tom Liston has a pretty interesting entry and makes some good observations.


  3. #23
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    Exactly what parameters, what restrictions, and what applicable laws and regulations were conveyed to the students?
    This is actually what's really important. I've done a similar assignment to students when I taught an Intro to Security class. Here's what I did different however (and what that prof should have done):

    1. "Investigations" to external entities were done as "passive". That is, use only info found online and NO active probing of machines (e.g., no Nmap, nessus, etc.). Tools that were used: whois, traceroute, dig, searches through Google, Usenet, etc.

    2. Probative/Active investigations were done on a server that was setup for the class called Tank (it was aptly named). Students could pound the crap out of it whether within the classroom or from home (as long as they were registered for the class and they had signed an agreement of the school's IT policy).

    Either way, students were told -- very emphatically by me -- that any laws violated, doing any active investigations against external entities, etc. would result in not only an F but possible explusion. For the most part it worked fine although required tweaking as time went on (students one year interpreted a later assignment for going after other students in the class to include the school's wireless network -- I had to specify that it was within the WIRED classroom only).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #24
    Join Date
    Sep 2005
    Wow. I'm taking the security class at my school and two things my professor told us/had us do was

    1) he told us what laws cover hacking and whatnot


    2) gave us the agreement from our school for us to sign stating that we will only use what we learn in that class for educational purposes.

    And on top of those two things that classroom is on its own network at school.

  5. #25
    Well, the only obvious course of action for myself if I were in that class would be to Hack, err, evaluate Mr. Packetslinger's computer system!

    I would go straight to the FBI and tell them about it.......

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.