University Of Calgary To Offer Course On Spam

jrcsnet writes "CBC is reporting that the University of Calgary is going to be adding yet another controversial course (The first, on computer viruses, was covered on Slashdot a while back). According to the article, 'Students will be taught how to write programs that create e-mail spam as well as spy software.' While there must be some benefit for everyone else by creating programs to work against these nuisances, is it worth the risk to the rest of us or even to the potential careers of the graduates of the course?"

Uhhh...

[shadowmatter]

Wouldn't it be more productive to study ways to combat spam? From simple Bayesian techniques to graph theoretic methods? That would teach you a lot of theory and principles you could apply to other courses as well. Right now, it just sounds like they're just doing this for attention...

- sm

Re:Uhhh...

[RockClimb]

"Wouldn't it be more productive to study ways to combat spam?"

I agree, but the truth of the matter is, there is money being made in spam. Nevermind the fact that 99+% of the people being spammed hate it and hate the spammers. Now if I were an alumni of this University, they could kiss my shiney white backside before I would ever give them another dime.

Now the story does say "The aim is to develop new ways to fight these online nuisances." I read this and I see a whole new problem.... They write the spamming software and sell it, then write the anti-spamming software and sell it. This course will do nothing more than make problems worse.

When I see things like this course being offered, and things like this story, I no longer belive that what is right matters, it's all about the money or just being plain annoying to as many people as possible . I for one will not shed a tear if the University of Calgary burns to the ground for this as long as no one is hurt (no, I'm not saying it should be torched). What ever happened to doing things to help yourself and/or others?

Spammers remind me of the kid(s) in school who everyone ignored or avoided, only now they have found a way to make people pay attention to them, and they're getting even. I just wish I could burn my email addresses. :)

Some companies are run by idiots

[Mr.+Slippery]

According to TFA,

some companies have said they're not going to hire his graduates because they don't like the perception of having someone on board who has written viruses.

Some companies are run by idiots.

How are people supposed to write security software if they don't know malware works? And how can one really learn how malware works without writing some?

When I worked on a firewall project years ago, I wrote some code to test it versus SYN floods. Where we supposed to just do a theoretic analysis and say "sure, it's safe against this attack"?

When I'm not hacking, among the other things I do is teach karate. That includes playing the attacker sometime for my students to defend. And sometimes they play the attacker for other students. It's the only way to learn.

(Of course in both hacking and budo there are legitimate safety issues. While there aren't enough details in TFA to say for sure, it sounds like they've addressed them.)

So let me get this straight.

[Dylan+Thomas]

People are upset because a university is teaching courses on viruses and spam engines?

You know, if I wanted to learn how to murder someone, probably the best thing I could do is train to be a cop. Or a forensics investigator. Or maybe even a doctor. That's where I'm most likely to learn the skills necessary to help me get away with murder.

Problem is, those classes are also where I'm most likely to learn the skills necessary to prevent a murder, or to save a life, or to bring a murderer to justice.

So what should we do: prohibit universities from teaching skills that might be put to bad use? What would that leave? Philosophy and creative writing?

Sure, someone will argue: but spam engines don't have any good use! You can't save someone's life by learning how to write a spam engine! But I can guarantee you that most of the people who work to block spam engines and stop illegal spammers knows how those spam engines work. They learned it somewhere. Tell me why a university shouldn't be one of the places to acquire those skills.

And certain people who design operating systems should probably take more of those courses in how viruses work. Might keep them from having to release new security patches every eleven days.

Re:My spider sense is tingling

[PurpleFloyd]

OK, I'll bite the troll: Where is the "intellectual irresponsibility?" The reality is that to create a secure system, you must understand how it will be attacked. Would you trust a locksmith who didn't understand safecracking? Similarly, it's important for IT and computer science students to understand how their systems might be compromised by attackers and how spammers might try to get around their filters.

If locksmiths understand how safes they build will be attacked by safecrackers, they can reinforce critical points and develop devices to seal the safe if a breach is detected. The idea carries over well into IT and compsci - programmers and sysadmins who understand how their systems might be attacked will be able to reinforce against unauthorized access and find potential security breaches. It's one thing to simply say that "checking your input to make sure it fits in the buffer is good" or that "Bayesian filtering is good," but it's another thing entirely to understand and implement attacks and methods to exploit weaknesses in a system.

Re:Is it worth the risk to their careers?

[evn]

The whole point of going to University is to learn how to think, not what to think. I would hope that any University computer science major would be able to figure out how to make a basic network application (like a mass-mailer) by reading the RFCs and API documentation for their platform of choice. I can program a word processor even though I never took "Word Processor Coding 204" and "Text Editor Development 189". Maybe these courses will not only teach how to write a piece of crap-ware but also how to exert a little self-discipline and ethics when they're making all those semi-colons and curly brackets.

These courses actually look interesting and I'm considering taking some courses part-time to work towards my masters there just because they're offering a little variety.

Parent is only one who didn't knee jerk!

[fimbulvetr]

So far, everyone has posted on how this is such a bad idea and every graduate is going to turn into a spammer.
People, there's a forest in these trees!
Listen, if I'm a programmer, and I took my normal devry programming course, I have no idea what a syn flood is, nor have they taught me anything to do with the basics of a buffer overflow.
Classes taught to exploit these types of vulnerabilites assure that every student *knows in his/her soul* how things can be exploited. They know exactly how a stack can be overwritten, exactly where to find the return address to overwrite. With this information, and this *big picture* understanding, it will make the better coders in the long run.
Compare most blackhats with most whitehats. What do you seen? You see blackhats with crazy abilities to not only forsee vulnerabilites, but also an intimate understanding of how to exploit them. Most whitehats are just people who know enough not to use insecure commands.

Personally, I'm glad Mr. Venema knows more about average vulnerabilites than current Mr. Joe State University graduate, because he knows how things are exploited (Obviously. Look at TCT, Postfix, TCP Wrappers).

If the average developer *knew* something about programming, maybe we'd actually be better off.