hrm.. i could see him learning about buffer overflows and stuff here, but not how to do them, etc. he may have learned the theory but not the way in which to practice. since this site deals with everything security related, he could have read some discourse on how to prevent buffer overflows, and took it there, so dont throw out him learning about buffer overflows completely at AO, that just makes this site look lame if you completely eliminate the possibility of a person learning about something here, just not *how* to do it maliciously...