Slashdot Mirror
After-School Hacking Special
securitas writes "The NY Times writes about an after-school program that teaches teenagers how to hack, attack and defend systems. There doesn't seem to have been the same uproar as the virus-creation course at the University of Calgary (see previous Slashdot thread), even though the participants in Tiger Team (the name of the program) are younger than the university students."
Sounds like a very interesting program. If someone is serious about system security, this seems like the best way to learn.
I think the program directors argument should qualm any skeptics.
"Some of them grilled us pretty heavily on the concept of, 'Well, aren't you training hackers?' " he said. "I go, yeah. I have a black belt in martial arts. If I wanted to be a bad guy, I could go and hurt people. But I don't do it. That's not the emphasis of the program."
"I can not bring myself to believe that if knowledge presents danger, the solution is ignorance" - Isaac Asimov
Yeah! Finally we after-schooler AD&Ders have a group nerdier than us to beat up!
Trolling is a art,
I would have loved to go to a highschool offering programs like this. It really would have given me something to do other than being a marching band dork. On the other hand, band was one giant orgy, so maybe its best that I stayed away from computers at that point in my life.
And one time... in band camp... we hacked the white house and asked GWB if he was out of TP.
Little Johny: Hey, Jimmy try this script out. First one is free tell your friends.
If you educate talented kids on how to defend systems you could produce some very valuable assets to the future security community. Learning how to hack goes hand in hand with learning security because you need to have the same level of knowledge as the hackers (preferably better). If they can see the profit potential of using this knowledge for good then they will probably be swayed from the dark side.
After learning how to break systems fom a prominate IDS designer, I can honestly say that I will design much more secure systems myself. Becuase of my age, I don't feel the need to go out and try what we learned on real systems to see if I can cause havoc.
However, I wonder why the adults behind this "after school program" think that kids will have the same degree of responsibility that university students do when learning these things. What is to keep them from going out and writing viruses, unleasing them upon the Internet and generally causing lots of trouble after learning how to "protect" systems.
didn't have any spinny flaming skulls on it, and their wasnt a single biohazard sign anywhere! :(
I severely doubt it's integrity and capability with regard to teaching me the kiddie skillz I need to get by on IRC nowadays!
- DemonShadowHa>0rSpawnNeo
--------------- THERE IS NO SPOON
--------------- HACK THE MPAA RIAA AND AA
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
Timmy: Hi Susie!
Susie: Hi Timmy! Wanna go get a malted milk?
Timmy: Nah, I've got something keener to do.
Susie: What then?
Timmy: I don't think you would get it.
Susie: Come on! We're best friends, right?
Timmy: OK then. I'm gonna go home and hack.
Susie: (pause) Gosh Timmy! You shouldn't hack!
Timmy: Why not?
Susie: Hackers are theives and cost lots of folks money! They're akin to a device that breaks the lock on your house!
Timmy: Aw shucks, you're so old fashioned. I gotta go, see you tomorrow.
[ Susie walks away sadly. ]
[ The next day... ]
Teacher: Rodney?
Rodney: Here.
Teacher: Susie?
Susie (sadly): Here.
Teacher: Timmy?
[ silence ]
Teacher: Susie, do you know where Timmy is?
Susie: I sure do, Mrs. Martin. He went to jail.
[ murmurs from the classmates ]
Susie: He was downloadin' music and stuff, and he got caught. He's really in a darn pickle now.
Teacher: Class, let this be a lesson to you all. Good kids don't hack. If somebody asks you to hack, just say, "I don't hack. That's whack."
It's great to teach others, but without the background, or the teaching of consequenses (I can't spell worth a damn), that could bite the school in the arse.
Why worry? Each of us is wearing an unlicensed "nucular" accelerator on his back.
Sig changed for readability by G.W.
I'm still of the mindset that the best way for high school kids to learn things is on their own. No matter what, throughout high school, the most I learned was all on my own time. I didn't have ANY courses in my school about anything related to computers (except a "typing" class), so, in an effort to actually try and challenge myself, I ordered a few books off of Amazon.com, and taught myself C++. And, I think that if I had access to a class that simply taught C++ with proprietary textbooks and software, I wouldn't have appreciated the experience nearly as much.
Trent Polack
www.polycat.net
Tiger team.
Anyone else see visions of the football team, glee club and chess team in an ad-hoc alliance, beating the living shit out of the "tiger team"?
I don't need no instructions to know how to rock!!!!
I'm curious where they get their teachers. In order to make this program worthwhile (IE - the kids learn something about security), you would need someone with some significant experience and knowledge.
I know that I was in high school a few years ago, the head netadmin/sysadmin was worse than pitiful, a MS Certification only type of person. The only systems he ever hacked into were those in a computer game. Granted, I did go to private HS, and IT was not at the top of their budget priorities.
Regardless, it brings up a good point of having competent people teaching these types of classes, and how difficult it is for schools feeling the budget crunch to find competency.
We can then hope that industry picks these students up and listens to them. Some companies won't like what the clueful have to say about their software. But every other company in the world needs to hear it.
Friends don't help friends install M$ junk.
Were you boys all playing the skin flute?
*sigh*
I can remeber when I used to say I was a hacker and that was a good thing. That was back when hacker was closer to the dictionary, a hacker or hack was someone who worked long hours.
This grumpy old man moment was brought to you by...
Come the revolution, the Bourgeois, Capitalistic, "A PARKING STICKER HOLDERS", will be first against the wall!
Wasn't everyone throwing a fit about N.Korea doing this, in a slashdot article this week?
I can relate to this from personal experience.
:-( [we theorized that he learned afterwards that Linux was Haxx0r material, so he banned it, but we'll never know for sure :-) ].
During my high school years, I had been banned for a time from using computers at the school library, only because of my programming knowledge was superior to that of the teacher of Computer class (this was 1994 - the guy even thought the Net was an useless fad!). Rumor must have spread that I could hack a machine by looking at it, or something of the sort, since they didn't want me near a two-meter radius of any terminal. At first I didn't give a damn since I limited my computer stuff to home and that class...
However at some point the professor hired some "security expert" consultant to assess threats to the network, and my name appeared on top of a list of people who allegedly had "hacking tools" in their network space. This was too much (I only used it for school papers, and I could prove it) and I had to go to the professor and threaten to sue for libel. Of course I didn't had to go so far, since the professor apologized, removed my name for the list, and restored my normal access to the library computers. Since then I didn't have any problems (even the librarians asked for help afterwards).
What the moral of this story? Ignorant professors == bad news. If kids are smart enough to want to learn hacking, or programming, then they should allow their creativity to be expressed. Or else you will fall into idiotic situations like what I have lived.
PS: As a matter the fact the professor, much to his credit, at some point offered to create a "Linux club" (1995). However, the college grad supposed to sponsor the club dissapeared after the first meeting... so we never had anything...
The ENIAC Demo Competition
This sounds like the North Korean story from a few days ago, so here are lines from both stories and you can guess which article the students are from:
- "White-hat Hackers" or "Cyber terrorists"
- "hunger stricken" or "fortified with pizza"
- "another weapon" or "band of pickpockets"
- "creating mischief" or "training hackers"
Not a fair comparison, I know. All of the above is out of context.
Esteem isn't a zero sum game
... what a hacker is: http://catb.org/~esr/faqs/hacker-howto.html
While many adults want to shelter our children from anything that may harm them, I would advocate teaching children (at an appropriate age) how to responsibly make use of dangerous tools. These would include using a firearm, various contact sports, martial arts, chemistry, computer security, and so on. Of course, there are morons who will mis-apply their karate or hacking skill, but then there will be many more trained peers to counter them.
If everyone is equally stronger and more knowledgable, the entire system is stronger. The world cannot be populated with softies who leave security to the "experts".
- James
here you go
Anyone have any contact information? I am actually interested in pursuing something like this in my area. Give the teens something to do this summer.
---
It was a book to kill time for those who liked it better dead.
At least college students are (hopefully) smart enough to want to learn something serious about computers. With highschool kids, 95% of them would be content with having a button saying "break into someone's system" that would do just that. However, we hope that in our nation's universities, students are taking the computer classes because that is the field they would like to go into, and as such they will refrain from doing stupid things. My college offers a security class, but there is no way to take it before at least your 4th semester in school, and AFTER you know C++, Java, Assembly language, and have the department approve you. And they don't teach you how to hack either. Sure you will come out of the class knowing how to break into some systems, but the focus of the class is not on cracking, but securing a network or a computer. The kids in NY public schools are just going to become script kiddies. We have enough of those already.
has more dents than your head.
:)
Go away if you know what's good for you.
retrorocket.o not found, launch anyway?
If anyone has any questions about the Tiger Team, I am on the Board of Directors and would be glad to answer them.
I don't necessarily see a problem with this. How many 'white hat' do the same things every day in test labs and for clients? This could be good career training for them. However, I've observed kids often view hacking, etc as something cool to do, without thinking of the consequences. While they're running this program, they should be teaching ethics and legality. Otherwise these kids might take this program as a license to hack.
--
Luck is just skill you didn't know you had.
Most likely, the teacher involved with a program like this is the defacto 'resident tech' of the school, being the one-person network admin/troubleshooter/etc. Having a face and personality assosciated with 'The Admin, my Enemy' can give a whole new perspective to the 'up-and-coming' hacker. This can be good or bad ('y'know, X isn't so bad, maybe I shouldn't target the school' vs. 'Oh, I -hate- that fscker, time to bring on the hurt'), but at least it can bring up the point that there's a real PERSON behind that box they're hacking. If done right, clubs like this can help cultivate the 'old-school hacker mentality' by having in-depth discussions of ethics, legalities, etc.
We live in a world where 'morals' are generally defined by social groups. If a kid getting his feet wet is exposed to nothing but script kiddies and their sites, just guess which way he's most likely to turn out...
There's no wrong way, to eat a Rhesus...
How does a chemestry teacher teach kids not to make bombs. How does a physics teacher teach kids not to make projectile weapons. How does a music teacher teach kids not to make rap music.
--- If the bible proves the existence of God, then Superman comics prove the existence of Superman.
How does can an effective teacher control the use of the knowledege she/he places in the hands of adolesents?
Your analogy is wrong, this is more closely like a chemistry teacher teaching how to make bombs, a physics teacher how to make projectile weapons, and a music teacher how to make rap music.
If this class was about computer security then your analogy would hold true.
username:anonymoose1 password:aaaaa
You should use AdiumX on your Mac.
And to commence feeding: your comment on hacking experience being bad is totally groundless: I wouldn't trust an architect who couldn't tell me the points in a building vulnerable to bombing, and I wouldn't trust a sysadmin who didn't have at least a basic knowledge of hacking techniques.
That's it. I'm no longer part of Team Sanity.
We've released a statement outlining our position. Happy Reading...
No sig for you.
I read the MIT Hacker's Dictionary before many people posting in SlashDot were born. The fact is that "hacker" and "hacking" have had a pejorative connotation for a long time. I remember the University of Maine operations manager calling me a "hacker" (in a disparaging tone) in 1980 when I first exploited a race condition to break out of the limited student shell into "full CMS" (the humor here will only be apparent to those who have experience with IBM's VM mainframe operating system).
You can rail against this usage all you want, but it's an accomplished fact--and I at least have given up trying to convert the rest of humanity to "cracker" or "threat agent." Perhaps we can all join a class action suit against "the media" based on defamation of character, and force them to use something more acceptable. But probably not.
Andy
Andrew T. Robinson
President, Chairman
Information Security Foundation
www.isfound.org
Good Question. Andy Robinson, the originator of the program thought up the name. A lot of time was spent considering the social consequences in high school. In many ways, the kids attracted to the program are already less socially active with many high school peers, because they are into computers. We hope this environment actually helps them learn teamwork because it requires a lot of interaction among the team members.
I seem to find the less people tend to do their research, the more ridiculous they sound on Slashdot.
Perhaps people decided not to bother going to the ISF website?
Today, I set up an Apache server and beat the bloody hell out of it. Throught this, I learned new things and applied the lessons. When the other team gets to hacking the Apache server, I'm going to learn something that I didn't know existed.
Perhaps over-reliance on the New York Times (which, as most now know, isn't a very reliable source) tends to give people a demonized or skewed image of what the whole program is trying to accomplish.
Oh, and a note to the AD&Der's: As a teenager with built up rage and paranoia, I could devour your miserable soul, after taking a +10 elixer and Pills of Sleepless Nights (No-Doz).
Love and kisses,
-Dave C.
He may be a crazy right-wing lunatic, but at least he's OUR crazy right-wing lunatic.