Sketchy Subject Assignment
A story hit Slashdot today that caught my attention. A professor at an unnamed university has given his students the following task.
“Student is to perform a remote security evaluation of one or more computer systems. The evaluation should be conducted over the Internet, using tools available in the public domain.” Source: SANS
The Slashdot posting was filled with plenty comments of outrage over such action by this college professor.
I have no problems with professors teaching hacking techniques to students in a security program, but there is a place for this type of stuff. The hacking should be done in a very controlled environment that is isolated from public networks. The students should NOT be instructed to perform reconnaissance “remote security evaluations” on random Internet devices. While reconnaissance in itself is not generally considered a hack, it is the first step any hacker takes in the hacking process to determine what he or she is up against when planning a hack a device over the Internet.
