Slashdot Mirror
University Of Calgary To Offer Course On Spam
jrcsnet writes "CBC is reporting that the University of Calgary is going to be adding yet another controversial course (The first, on computer viruses, was covered on Slashdot a while back). According to the article, 'Students will be taught how to write programs that create e-mail spam as well as spy software.' While there must be some benefit for everyone else by creating programs to work against these nuisances, is it worth the risk to the rest of us or even to the potential careers of the graduates of the course?"
How to beat the living shit out of the professor who thought this up...
seriously tho, i can understand for people wanting to learn how to as a post college course but at university level i can see this being put to evil
If you feed a spammer you a ter'rist!
If you learn this spamming course thingy you a real ter'rist and I'll get yer spamming ass dead er alive!
God bless America.
You can hold down the "B" button for continuous firing.
Does this mean I can start to expect spam advertising that I can now get a non-accredited degree on how to spam others?
Either this is some kinda freaky pyramid scheme or I just entered the Twilight Zone...
Wouldn't it be more productive to study ways to combat spam? From simple Bayesian techniques to graph theoretic methods? That would teach you a lot of theory and principles you could apply to other courses as well. Right now, it just sounds like they're just doing this for attention...
- sm
According to TFA,
Some companies are run by idiots.
How are people supposed to write security software if they don't know malware works? And how can one really learn how malware works without writing some?
When I worked on a firewall project years ago, I wrote some code to test it versus SYN floods. Where we supposed to just do a theoretic analysis and say "sure, it's safe against this attack"?
When I'm not hacking, among the other things I do is teach karate. That includes playing the attacker sometime for my students to defend. And sometimes they play the attacker for other students. It's the only way to learn.
(Of course in both hacking and budo there are legitimate safety issues. While there aren't enough details in TFA to say for sure, it sounds like they've addressed them.)
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
People are upset because a university is teaching courses on viruses and spam engines?
You know, if I wanted to learn how to murder someone, probably the best thing I could do is train to be a cop. Or a forensics investigator. Or maybe even a doctor. That's where I'm most likely to learn the skills necessary to help me get away with murder.
Problem is, those classes are also where I'm most likely to learn the skills necessary to prevent a murder, or to save a life, or to bring a murderer to justice.
So what should we do: prohibit universities from teaching skills that might be put to bad use? What would that leave? Philosophy and creative writing?
Sure, someone will argue: but spam engines don't have any good use! You can't save someone's life by learning how to write a spam engine! But I can guarantee you that most of the people who work to block spam engines and stop illegal spammers knows how those spam engines work. They learned it somewhere. Tell me why a university shouldn't be one of the places to acquire those skills.
And certain people who design operating systems should probably take more of those courses in how viruses work. Might keep them from having to release new security patches every eleven days.
What he wants is more important that what I want. What he wants is also more important that what you want.
If locksmiths understand how safes they build will be attacked by safecrackers, they can reinforce critical points and develop devices to seal the safe if a breach is detected. The idea carries over well into IT and compsci - programmers and sysadmins who understand how their systems might be attacked will be able to reinforce against unauthorized access and find potential security breaches. It's one thing to simply say that "checking your input to make sure it fits in the buffer is good" or that "Bayesian filtering is good," but it's another thing entirely to understand and implement attacks and methods to exploit weaknesses in a system.
That's it. I'm no longer part of Team Sanity.
The whole point of going to University is to learn how to think, not what to think. I would hope that any University computer science major would be able to figure out how to make a basic network application (like a mass-mailer) by reading the RFCs and API documentation for their platform of choice. I can program a word processor even though I never took "Word Processor Coding 204" and "Text Editor Development 189". Maybe these courses will not only teach how to write a piece of crap-ware but also how to exert a little self-discipline and ethics when they're making all those semi-colons and curly brackets.
These courses actually look interesting and I'm considering taking some courses part-time to work towards my masters there just because they're offering a little variety.
So far, everyone has posted on how this is such a bad idea and every graduate is going to turn into a spammer.
People, there's a forest in these trees!
Listen, if I'm a programmer, and I took my normal devry programming course, I have no idea what a syn flood is, nor have they taught me anything to do with the basics of a buffer overflow.
Classes taught to exploit these types of vulnerabilites assure that every student *knows in his/her soul* how things can be exploited. They know exactly how a stack can be overwritten, exactly where to find the return address to overwrite. With this information, and this *big picture* understanding, it will make the better coders in the long run.
Compare most blackhats with most whitehats. What do you seen? You see blackhats with crazy abilities to not only forsee vulnerabilites, but also an intimate understanding of how to exploit them. Most whitehats are just people who know enough not to use insecure commands.
Personally, I'm glad Mr. Venema knows more about average vulnerabilites than current Mr. Joe State University graduate, because he knows how things are exploited (Obviously. Look at TCT, Postfix, TCP Wrappers).
If the average developer *knew* something about programming, maybe we'd actually be better off.
Yes, it's true that no one assumes anymore that cops et al. are taught the things they're taught for the purpose of killing someone. So it that sense, my logic is somewhat reversed. But it is not true that cops and forensic investigators especially (perhaps less so with doctors) do not learn how to kill people. They most definitely do. Haven't you seen those silhouette targets cops use on the shooting range? Tell me those aren't designed to teach them how to bring a man down somewhat permanently. So, half a point.
The best way to be a doctor is not to learn how to kill someone, of course. But I would certainly hope that any doctor into whose hands I put my life is well-versed and highly-trained in identifying the things that might kill me, and how they work. And that analogy extends to my computer: I certainly hope the people I'm trusting to keep my systems safe are well-versed and highly-trained in the things that might bring them down. Or even merely annoy me. And I don't even mind if they learn that stuff at the University of Calgary.
What he wants is more important that what I want. What he wants is also more important that what you want.
Writing mass-mailer SMTP client is trivial.
You don't actually need to do anything, there are excellent SMTP components in all frameworks. You just need to write code to randomize subjects, attachment names, seemingly plausible content, and scan the Winblows machine in question for address books. The couple of most common formats will do.
Then the part about getting it to run.. for my hypothetical win32.Goatse email worm that changes the background image to hello.jpg I would not even have to resort to holes in outlook or anything. Just send the executable. In a perfect world mail servers would drop win32 executables automatically, but this is not widespread policy.
Let it pop up a requester: 'This attachment is executable content. Are you sure you want to run it?' [Yes]/No
'To provide better support to the goatse community, do you want to send unsolicidated email?' [Yes]/No
'Do you want to install desktop shortcuts?' [Yes]/No
'Do you want goatseMailer to run automatically upon Windows startup?' [Yes]/No
If this was launched late sunday evening, the number of goatse'd background imaged would reach thousands easily. Windows users ARE that stupid.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
It is really sad that "socialists" think it is OK to keep knowledge hidden because they think it is the _knowledge_ that is bad.
Well, I am here to tell you that it is not the knowledge. What if I were to post right now how to make a _very_ simple explosive. Would that mean that anyone that read this post would be "bad" or "potentially bad"?
To all you socialists out there... repeat after me
IT IS NOT KNOWLEDGE THAT MAKES SOMETHING BAD! IT IS THE PERSON _WITH_ THAT KNOWLEDGE THAT DOES SOMETHING BAD.
Basically if _every_ computer user in the world knew how to send millions of anonymous spam mails every day, that knowledge of how to do that is _not_ bad. It is the person exploiting that knowledge that is bad.
To put it in simple cave-man language:
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
the actually format of this course I don't know, but obviously in order for programmers to create spam filters, they need to know how spammers spam this is true for everything, a good cop needs to know how to be a criminal, in order to stop one. i could go on with examples but ya get the picture
Signatures are so 90s
Hopefully, the school's CS degree program also has a hefty ethics course requirement.
do we really want these kinds of people running loose with the knowledge of how to make spam software and spyware programs? May as well give them loaded machine guns and hand grenades
We do. It's called the army.
While there must be some benefit for everyone else by creating programs to work against these nuisances, is it worth the risk to the rest of us or even to the potential careers of the graduates of the course?
No, it's not worth the risk. Any knowledge that could be used for evil must be supressed. Knowledge is bad.
Seriously, what kind of question is that? Are you suggesting that ignorance is the best approach to combating spam? Should we stop teaching say, chemistry, so there's no chance people will learn to make dangerous chemicals? I learned to make thermite in high school, after all. "It might be risky, we'd better not teach it" is a quick road to never teaching anything.
I understand that most people don't like this at all. But I myself find this a very usefull method.
I have myself learned how to hack into computers. I know how damn easy it is, if you make just a few little mistakes when securing your computer. Because I know that, I try to avoid those mistakes very much.
Making a program that sends spam is easy. Anyone with programming skills can do it. But if you actually do it, you will have to fight with the same problems that spammer do, and by doing that, you will learn what can make spamming difficult. You also learn what makes it easy. And when you learn that, you can use that information to fight the spam by increasing the difficulties and decreasing the things that make it easy.