Slashdot Mirror
University Of Calgary To Offer Course On Spam
jrcsnet writes "CBC is reporting that the University of Calgary is going to be adding yet another controversial course (The first, on computer viruses, was covered on Slashdot a while back). According to the article, 'Students will be taught how to write programs that create e-mail spam as well as spy software.' While there must be some benefit for everyone else by creating programs to work against these nuisances, is it worth the risk to the rest of us or even to the potential careers of the graduates of the course?"
One day when spam is truly prosecutable, these graduates might find themselves the first to be questioned :)
What's next? A course on editing child porn photos digitally?
Rock that crushes, Paper & Scissors that don't matter.
I say we just nuke every spammer we find.
For you Americans... Alberta is basically all of your middle states combined. Lots of Right-Wing rednecks with oil.
Fantastic...a curriculum has finally been designed that will allow students to pay their own way through university, creating and running spam generators!
It's things like this that keep the word 'almost' in my motto 'I'm almost always proud to be Canadian'.
Does this mean I can start to expect spam advertising that I can now get a non-accredited degree on how to spam others?
Either this is some kinda freaky pyramid scheme or I just entered the Twilight Zone...
Wouldn't it be more productive to study ways to combat spam? From simple Bayesian techniques to graph theoretic methods? That would teach you a lot of theory and principles you could apply to other courses as well. Right now, it just sounds like they're just doing this for attention...
- sm
What's next? A course on editing child porn photos digitally?
Next are courses on Recreational Pharmaceutical Agriculture, Distribution, and Marketing.
From: http://www.ucalgary.ca/it/self_help/email/spam/
"The University of Calgary's Computing Policy prohibits U of C users from spamming others. If you receive spam that originated at the University of Calgary, please report it to abuse@ucalgary.ca."
I wonder if someone should inform the IT department.
win32Api I and win32api II
I happen to chat online occasionally with people who run blogspammer software, and their response to the rel="nofollow" thing to combat blog spam was, "That's history. We're already on to the next thing."
I don't know how much of that is bullshit, and how much is true, but I think that it's important to always be looking for the new potential ways to get spam through so defenses can be prepared before the deluge.
500GB of disk, 5TB of transfer, $5.95/mo
is it worth the risk ... to the potential careers of the graduates of the course?
They're the ones who choose to take the course.
Don't blame me -- I voted for Roslin.
This kind of information is avilable anywhere really. You could run a google search and get a tutorial on creating a spam cannon server. If someone wants to become a spammer, they can do it without the class.
The attractive aspect here is that these students will know the tricks of the trade when it comes to spamming, and you know what they say: It takes a thief to catch a thief.
Would I pay the 300USD pricetag (Which is the going rate for a 3 hour course at my school, plus books) to take this class? No. But the same is said by many students about Archery, Chess, Basket Weaving and many other classes that are seen as electives.
Let's fake an answer for the curious; let's fake it all for the fame.
Where you were taught theory and higher level thought about subjects. Now we are having people go to college for the pure reason to get a job when they graduate.
What has happened to education?
According to TFA,
Some companies are run by idiots.
How are people supposed to write security software if they don't know malware works? And how can one really learn how malware works without writing some?
When I worked on a firewall project years ago, I wrote some code to test it versus SYN floods. Where we supposed to just do a theoretic analysis and say "sure, it's safe against this attack"?
When I'm not hacking, among the other things I do is teach karate. That includes playing the attacker sometime for my students to defend. And sometimes they play the attacker for other students. It's the only way to learn.
(Of course in both hacking and budo there are legitimate safety issues. While there aren't enough details in TFA to say for sure, it sounds like they've addressed them.)
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Let's see.. I learn about: * The SMTP protocol. * How to telnet in to an SMTP server * How it will accept any input as to who I am without checking it, and send mail. * How to write a shell script to automate the above Oh wait.. I can already do that. This better be a 1 credit course. But seriously, it gives these students information about why we have a spam problem, and vital background information so that they can fix it. These students are e-mail users themselves (most spammers aren't, and the one I heard on NPR that is uses I Hate Spam(R) :-)
These students hate spam just as much as we do.
Gmail, anyone? Automatic Bayesian Filtering across many users.. works great.
--Sam
Aycock acknowledges there is a potential for viruses and other malicious software to spread outside the classroom.
He says that's why there are precautions, such as security cameras and a ban on all outside electronic equipment in the classroom.
Each student signs a legal form that says a breach of the security means an automatic "F" and a potential criminal investigation.
I guess they think that there is a high risk that a person will intentionally wreak havoc with the knowledge he learns in that class. Then again, this might just be a publicity thing for the class. I doubt that it's more dangerous than a class on computer security and virus/malware prevention in terms of the risk of damage being done.
--
Free iPod? Try a free Mac Mini
Or a free Nintendo DS
Wired article as proof
Why do rednecks and oil == right wing? Stupidity? I'm one of 6 liberals in my state (full of rednecks, oil, stupidity & republicans). How the hell did we ever get a democrat for a governor? Oh yeah you need to add football to the list if Barry Switzer (former OU Football Coach) endorses you, you'll have a better chance of winning. The funny thing is our governor beat a football star (and right-wing dipshit) Steve Largent. Wonders will never cease.
Hmmm...I guess the university simply spams people saying "enroll for our spamming class". Who else would want to sign up? Oh the cruel irony...
"He uses statistics as a drunken man uses lampposts...for support rather than illumination." - Andrew Lang
People are upset because a university is teaching courses on viruses and spam engines?
You know, if I wanted to learn how to murder someone, probably the best thing I could do is train to be a cop. Or a forensics investigator. Or maybe even a doctor. That's where I'm most likely to learn the skills necessary to help me get away with murder.
Problem is, those classes are also where I'm most likely to learn the skills necessary to prevent a murder, or to save a life, or to bring a murderer to justice.
So what should we do: prohibit universities from teaching skills that might be put to bad use? What would that leave? Philosophy and creative writing?
Sure, someone will argue: but spam engines don't have any good use! You can't save someone's life by learning how to write a spam engine! But I can guarantee you that most of the people who work to block spam engines and stop illegal spammers knows how those spam engines work. They learned it somewhere. Tell me why a university shouldn't be one of the places to acquire those skills.
And certain people who design operating systems should probably take more of those courses in how viruses work. Might keep them from having to release new security patches every eleven days.
What he wants is more important that what I want. What he wants is also more important that what you want.
programmers writing viruses and spamming tools as there are now if there were more good paying jobs for people who like to program? It doesn't matter what you teach people ...it matters what you pay them to do with their skill.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
If locksmiths understand how safes they build will be attacked by safecrackers, they can reinforce critical points and develop devices to seal the safe if a breach is detected. The idea carries over well into IT and compsci - programmers and sysadmins who understand how their systems might be attacked will be able to reinforce against unauthorized access and find potential security breaches. It's one thing to simply say that "checking your input to make sure it fits in the buffer is good" or that "Bayesian filtering is good," but it's another thing entirely to understand and implement attacks and methods to exploit weaknesses in a system.
That's it. I'm no longer part of Team Sanity.
$pAM 1O1?
Can you imagine going to a doctor who's never studied viruses? Knowing how easy it would be for a contagion to spread across the globe and wipe everyone out, do you think it's a good idea for money-hungry corporations to be playing around w/ virus strains in their labs? Would you support sending American troops to Iraq w/out showing them how easy it is to build an Improvised Explosive Device out of pretty much anything that needs batteries?
Yeah, I didn't think so.
Every single computer scientist in training should have a fundamental understanding of computer security. And if learning means doing, then computer scientists should be taught how to write viruses, send spam and remotely 0wn b0xes. And don't let them graduate if they can't.
[o]_O
So far, everyone has posted on how this is such a bad idea and every graduate is going to turn into a spammer.
People, there's a forest in these trees!
Listen, if I'm a programmer, and I took my normal devry programming course, I have no idea what a syn flood is, nor have they taught me anything to do with the basics of a buffer overflow.
Classes taught to exploit these types of vulnerabilites assure that every student *knows in his/her soul* how things can be exploited. They know exactly how a stack can be overwritten, exactly where to find the return address to overwrite. With this information, and this *big picture* understanding, it will make the better coders in the long run.
Compare most blackhats with most whitehats. What do you seen? You see blackhats with crazy abilities to not only forsee vulnerabilites, but also an intimate understanding of how to exploit them. Most whitehats are just people who know enough not to use insecure commands.
Personally, I'm glad Mr. Venema knows more about average vulnerabilites than current Mr. Joe State University graduate, because he knows how things are exploited (Obviously. Look at TCT, Postfix, TCP Wrappers).
If the average developer *knew* something about programming, maybe we'd actually be better off.
Yes, it's true that no one assumes anymore that cops et al. are taught the things they're taught for the purpose of killing someone. So it that sense, my logic is somewhat reversed. But it is not true that cops and forensic investigators especially (perhaps less so with doctors) do not learn how to kill people. They most definitely do. Haven't you seen those silhouette targets cops use on the shooting range? Tell me those aren't designed to teach them how to bring a man down somewhat permanently. So, half a point.
The best way to be a doctor is not to learn how to kill someone, of course. But I would certainly hope that any doctor into whose hands I put my life is well-versed and highly-trained in identifying the things that might kill me, and how they work. And that analogy extends to my computer: I certainly hope the people I'm trusting to keep my systems safe are well-versed and highly-trained in the things that might bring them down. Or even merely annoy me. And I don't even mind if they learn that stuff at the University of Calgary.
What he wants is more important that what I want. What he wants is also more important that what you want.
Writing mass-mailer SMTP client is trivial.
You don't actually need to do anything, there are excellent SMTP components in all frameworks. You just need to write code to randomize subjects, attachment names, seemingly plausible content, and scan the Winblows machine in question for address books. The couple of most common formats will do.
Then the part about getting it to run.. for my hypothetical win32.Goatse email worm that changes the background image to hello.jpg I would not even have to resort to holes in outlook or anything. Just send the executable. In a perfect world mail servers would drop win32 executables automatically, but this is not widespread policy.
Let it pop up a requester: 'This attachment is executable content. Are you sure you want to run it?' [Yes]/No
'To provide better support to the goatse community, do you want to send unsolicidated email?' [Yes]/No
'Do you want to install desktop shortcuts?' [Yes]/No
'Do you want goatseMailer to run automatically upon Windows startup?' [Yes]/No
If this was launched late sunday evening, the number of goatse'd background imaged would reach thousands easily. Windows users ARE that stupid.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
Is there a mailing list somewhere??
The University of Calgary was the first to standarize a library of text files to test compression programs. It's known as the Calgary Corpus.
Given this, I'd say that Calgary always keeps ahead of other universities in innovation. And certainly we want virus and spam writers on OUR SIDE. i.e. College graduates (versus socially-inadapted anarchists and script-kiddies). Who knows if one of these guys will later make the ultimate anti-spam tool? Remember that the Reed College graduate, Peter Norton, became so famous for his Antivirus tool.
You know, I was raised in Manitoba/Ontatio, and for all of my life I've been hearing the stereotype perpetuated by the parent. I just moved here (Calgary) a few months back, and I have to tell you, this province is anything but. Maybe it's the hippie influence from BC, maybe it's just that most Canadians don't really travel anywhere, and get 99% of their information from the Toronto-centric CBC.
If this province is right-wing, well at least they've done right-wing "right" (ie: correctly). The taxes here are lower than almost anywhere, people are in general more prosperous than anywhere I've ever been, we have an incredible public transportation system, some of the best roads in the country, an AMAZING parks system, some of the cleanest air I've ever breathed, North America's largest urban park (and mostly natural, too, although in this neck of the woods that basically means prarie grass), an incredibly healthy and athletic population, one of the lowest unemployment rates in the country...
By and large, the government seems to want to keep out of people's lives (contrast this with the "right" down south these days). About the only thing, and I admit it really pisses me off, is the provincial government's opposition to gay marriage.
I also work for one of the big oil companies out here, and from what I've seen, things are a hell of a lot different than they were in the past. I got to go on a field tour of our seismic lines recently (natural gas exploration), and was completely blown away as to the steps taken NOT to destroy the environment. It's really amazing - the people marching through the bush running wires etc are trained to bend tree branches out of their way, as opposed to breaking them off. Zero-impact indeed.
In short, for those that don't live here, don't listen to what you're told. Alberta is pretty much the polar opposite of what you hear on TV. Well, we do have the Stampede still, and some people wear cowboy hats during it. Whoopdee do.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Hopefully, the school's CS degree program also has a hefty ethics course requirement.
do we really want these kinds of people running loose with the knowledge of how to make spam software and spyware programs? May as well give them loaded machine guns and hand grenades
We do. It's called the army.
One must study viruses, how they work, and how they are written, in order to work on antiviruses. One must study spam, including how to do it, in order to work on ways to combat it. I don't understand how some people here seriously think this will lead these kids directly into the "dark side" once they graduate. They sound just like the idiots who were totally against sex education in school. Education is the best way to combat many things. Sure, maybe one student among many will dream up a new, more malicious, spam/virus technique with help from these courses. But don't we all say "security through obscurity is pointless"?
Loban Amaan Rahman ==> Anagram of ==> Aha! An Abnormal Man!
It's the same philosphy that all the computer hacking / security courses I took in college followed. If you're going to be a system administrator, you HAVE to know how people are going to try to break into your system, so you can prevent it.
The responsibilty of schools are to teach. It's the responsibility of the student to use the knowledge responsibly.
How much lethal knowledge do you think your average doctor (MD) has?
UTF-8: There and Back Again
What skills have you got?
...Spam
While there must be some benefit for everyone else by creating programs to work against these nuisances, is it worth the risk to the rest of us or even to the potential careers of the graduates of the course?
No, it's not worth the risk. Any knowledge that could be used for evil must be supressed. Knowledge is bad.
Seriously, what kind of question is that? Are you suggesting that ignorance is the best approach to combating spam? Should we stop teaching say, chemistry, so there's no chance people will learn to make dangerous chemicals? I learned to make thermite in high school, after all. "It might be risky, we'd better not teach it" is a quick road to never teaching anything.
Where are you getting this idea that socialists think information is dangerous? Isn't it you capitalist yanks that are enthusiastically taking away people's basic civil rights and trying to find ways to make "unwanted" information criminal?
Labelling someone a socialist and attacking them on that level doesn't work as well as it used to.
I think, therefore I am an Atheist.
Here is the profs webpage and the link to his new course.
The prof is a pretty cool guy but his jokes are AWEFUL! (If you are reading this Dr. Aycock, I'm just kidding. :P)