Slashdot Mirror
Hacker High School Starts to Spread
thelordx writes "Hacker High School, an initiative from the non-profit Institute for Security and Open Methodology, pioneers of the OSSTMM have received some media coverage for their Hacker High School Program. It's a license-free open-source program that provides security and privacy-awareness teaching materials to teachers.
Here's the link to the BBC stream and article about the project."
The concept is interesting, although I hardly see this type of thing ever getting very big. Unfortunately, especially in the U.S., too many people will be against this kind of alternative teaching, probably likening it to getting kids to stay off drugs by encouraging them to try them first. I doubt there'd be much support for this outside the ISECOM, even though this type of experience would benefit anyone going into the network administration sector.
;)
FTA: "The school believes there could be jobs out there for this new breed of ethical hacker."
There are, and have been for quite some time. The FBI employs at least one former hacker, that I know of. There is an article that explores this a bit more, though it's a little dated.
Besides, high school kids already have too many freedoms: open campus lunches, driver's licenses, free thinking. We need to put an end to this now!
Digital Sailor
How many teachers do you think are going to hear about this and react as following: "hacker highshool? why would we want to teach our kids to be hackers (computer criminals)". Perhaps they could have called it something involving the word security or protection.
Philosophy.
They coded it as a virus.
It looks like they're on to me
Dear aunt, let's set so double the killer delete select all
Now this is how a Slashdot article should read. Good job.
sysadmin actually was happy when students report exploits that they found. But here's the catch he still reports them becuase the schoool principal is a dumbass. Maybe she should see this?
If the goal is to increase the kids awareness of security and prevention of things like identity theft, they should just be taught good internet safety practices and the use of a firewall and anti-virus software.
Why should we teach them how to hack?
E = m c^3 Don't drink and derive E = m c^3
I saw this on the news earlier. They seemed to deliver it VERY poorly. Rather than explain how "hacking" is infact "testing the system" as it came across to me, it pretty much played into the steriotype of "we break into computers".
Of course this was "Click online" which never gives you any facts, it just goes "oh look a new iPod" or "theres more security holes, work out for yourself how to avoid being owned".
I like muppets.
Basic Hacking 101
Intermediate Hacking 102
Advanced Hacking 103
Electives
Phishing
DDOS bot management
FBI Hacking basics
Virus writing
Port Knocking 101
Increasing awareness of security related computer problems: Good!
"Hackers" BAD!
Making teens memorize the motto "antivirus / firewall / no pirate programs" BAD
Of course, It doesn't seems to me they can teach anythong useful (like nmap for instance, or how to "smash the stack")
how long until
This might work, teaching kids early about this will make them become more aware of their internet usage. I know a lot of people who will freely post personal information about themselves, leave logs around, etc. With today's problems with viruses, security has become such a big concern and its quite the prize if anyone can manage to control it. It wont be recieved in good light however, thanks to the media. Whenever you hear of the word 'hacker' the average joe will think of crackers, identify thieft, etc.
... hack into the school records and change your marks :)
Thoughts on the Emergence of Computing Intelligence
What the word hack, hacking et al.. really mean?
hack1 Audio pronunciation of "hack" ( P ) Pronunciation Key (hk)
v. hacked, hacking, hacks
v. tr.
Slang. To cope with successfully; manage: couldn't hack a second job
(removed the other meanings that don't really pertain to its use in with computers)
I always thought of the term hacking as someone who could take what was available to them, and figure out a way while tinkering around to get whatever it was to do what YOU wanted it to. You hacked a solution.
With the word associated with all this security mumbo jumbo now-a-days people lost track of what 'hackers' really were years ago.. some of the very people who pioneered a lot of existing technology we use today.
Excuse me, I don't mean to impose, but I am the ocean
Where the leet meet to have their spirits broken.
Theoretically speaking is good. Practically speaking is not. I just got out of high school and even though a program like this would've been interesting, I know, that not everyone has the maturity to use this information. Yes, it's good, that they teach you how to protect yourself, but giving this information is as good as if they give you a gun and try to teach you how to use a gun "ethically". Some people will actually serve the purpose of the program, while others simply will not.
Like I said, theoretically speaking, it's OK. Practically speaking, it will fail their purpose.
Insanity: doing the same thing over and over again and expecting different results.
I'm part of the ISECOM family, so I'll take a stab at addressing this concern:
The concept of the class is to teach kids about the ethics and legalities of life online. Unfortunately, calling the class "Internet Ethics and Legalities" is going to draw far fewer kids in than "Hacker Highschool".
However, if you look into ISECOM's other programs, such as the OSSTMM Professional Security Analyst (http://www.opsa.org) or the OSSTMM Professional Security Tester (http://www.opst.org), you'll notice a downplay of the whole "hacker" mystique. The OPST/OPSA classes are for the professional adults that are tired of the "come learn how to be a hacker (ie, learn nmap/nessus)" classes.
... need to organize a come up with a new name. The media has taken this term, which originally had a positive meaning, bastardized it when viruses became more widespread (since the journalists weren't bright enough to come up with their own term or use the right term; "Well, we heard them say hacker in their computer mumbo jumbo talk that we can't understand, so we'll just use that."), and the misusage of the word has gotten so bad that even Slashdotters and other "computer geeks" use "hacker" when the word "cracker" should be used.
The computing community needs to come up with a new term that means, "a person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular." (quote from Jargon File). Perhaps the word "tinkerer" fits this description finely. Or, we can borrow a word from another language. Perhaps we can create a brand new word, I don't know.
The point is, the media has stolen the word "hacker" and made the word defined to mean something completely different than it used to mean, Joe Average is using the media's definition, and older computer "hackers" can't use the term without being looked suspiciously. The word has been destroyed by the media. We need a new term, and the sooner, the better.
We'll give them a controlled environment and let the student hacker know what is right and wrong. Now, as a student of hacking some 25 years ago, and knowing the mentality of the hacker (that has changed only in the tools available, and maybe the determination level a bit) then, I suspect a real hacker is not going to be afraid of being caught or care if some 'teacher' embraces their hobby or not. The profile of a hacker is pretty forward, they are loners, lack approval in their real lives, desire greatly to have others worship them, and basically don't take showers and are always looking over their shoulders. That guy on the last photo in the article hardly looks to be someone the hacker I know and endear to heart would give a dime to let alone an hour of their time.
--- Old Time NeXThead
I'm not sure what program you saw, but I think you're mistaking another website with ISECOM's HHS program.
:).
5 200.28-STD.pdf), the Red Book (http://www.radium.ncsc.mil/tpep/library/rainbow/N CSC-TG-005.pdf), and Common Criteria (http://www.commoncriteriaportal.org/) will be injected.
:).
If you go to http://www.hackerhighschool.org/lessons.shtml and http://www.osstmm.org you're going to see no signs of a free ipod
In the next release, we're going to try to incorporate even more traditional security fundamentals. Essential core pieces of the Orange Book (http://www.radium.ncsc.mil/tpep/library/rainbow/
I think you need to double check which links you visited in the past. Your comments don't seem to relfect anything related to ISECOM.
Also, I know a thing or two about the program... I've helped contribute and I've trained other teachers how to teach it
On the other hand, there is a serious need to teach CS students how the systems they design will eventually be hacked. Everyone should understand how to analyze a system for weaknesses. There are too many authentication systems with blatant holes, too many communication syatems that are wide open to DOS attacks.
One step further, one should also teach how to test systems for possible security bugs, either by "black box testing" or by code analysis.
If we don't teach that, how will we ever get the quality systems that society can rely on?
The lesson plans are not on hacking, but are merely a slightly glorified how to securely use your computer.
As it is, CS education initiatives in high school are pretty disappointing, with the advanced placement curriculum being essentially "learn the syntax of java" and with more developed initiatives such as "Teach Scheme!" not being as widespread as they deserve. However, this pseudo hacker stuff surely takes the cake for being a true disappointment.
I keep seeing comments along the lines of, "They shouldn't have used the word hacker, teacher's won't appeal to that." I think the entire point is being missed, however, as the target is the students. The inherent problem being that the teachers may not adopt the program and introduce it to the kids.
Consider this, though. If I were in high school, I'd be much more intrigued to participate in a program called Hacker High School than I would Introduction to OS Security and the Internet.
But that's just me.
At that age, why is as important as how.
.. http://www.unicornscan.org was the link. It seemed really neat.
Also, they do teach a wide variety of tools. I caught a talk by an ISECOM presenter recently where they showed an alternative to nmap
Teaching kids how to be computer hackers is basically teaching kids how to learn this is a good thing and there should be more of it in schools.
Teach a child the answer to a math problem you teach him nothing, teach a child HOW TO SOLVE a math problem and you make a difference!
...worst senior prom ever!
[ Sorry, got my Subj line pre-published ]
I was going to say:
If teachers could modify the thing,
they could pick & choose what to use.
Send it out in a modifiable format
(ie, if not already in one now...)
The local high school opens their premier ICT room
each day (at lunchtime) to kids who want to use computers
As lunchtime is about 30 min's, the student council
has proposed also opening the same room at Recess.
There has to be a teacher (doing "Yard Duty" there),
so there's a cost involved to the school.
But one SC rep says she has a list of teachers
willing to volunteer for a Recess shift,
now & then.
So, I guess this school has a little different
take on who "owns" the computers (ie, tax-payers,
who ought to get maximum value from their investment)
I like that thought... Now, I'd like to get that
kind of thinking into the debate on the Iraq War
I don't know how hard some may find it to
"start a new [course]" but it -is- possible
to add such topics to a general ICT course.
Here, teachers can run their courses as they
wish (within reason, of course), so changing
an existing course to meet a need or expressed
interest (eg, one student's request to learn
to program) is easily done.
If a teacher wishes to let some would-be hackers
do their thing, it's easy enough to do, eg,
just by offering the same option to all.
Not everybody needs to sign-up, for it to work.
Of course, the teacher has to do a bit more
preparing (or, in this case, modifying), ie,
if they wish.
But - when you have something worthwhile
to get done - who do you ask?
A busy person or a person with time on their hands?
A busy teacher, of course...
'gotta get this puppy in modifyable format...
It was refreshing to see that the term hacker, as it was used in the article, was more closely in line with the original meaning of the term among those who identified themselves as "hackers" in the late 1980's and early 1990's. In the United States the marketers are already conducting a full-scale assault on the hearts and minds of our children in an attempt to breed the next generation of mindless consumers. Any type of program that encourages original thinking, awareness of privacy, and pursuit of full and accurate information is anathema to these marketers. It is ironic that corporations, pushing everything from junk foods, trendy clothing, and mass market entertainment to corporate propaganda that is passed off as factual "classroom materials", have nearly unlimited access to middle and secondary school students while a program which attempts to present an alternative position that encourages students to think for themselves and reach informed conclusions is quickly squelched. Is it any wonder that we are largely a nation of debtors?
Hackers: Originally used to describe a computer
enthusiast who pushed a system to its highest
performance through clever programming.
Now I wonder why I hate the media....
The links are dead...?
Some of the most important topics unfinisher
or (apparently) unavailable...!?!
If not now, when?
as a contributer to HHS, I completely agree.
Perhaps the "hacker" connotation has finally started to move out of the "criminal" sector and more into a "grok" type of connotation.
I refer to myself as a hacker, but have never done anything (terribly) unethical, hold degrees in math, cosc, and criminal justice, have a sec clearance, and am a vulnerability researcher. I take pride in being a "hacker", and take pride in the HHS program as it completely encompasses the same ideologies that I posess w/regards to hacking and ethics.
Is your son a computer hacker?
They left out one lesson:
/. effect.
How to protect your website from the
If you actually take the time to look at the lessons they have posted at http://www.hackerhighschool.org/lessons.shtml/ it actually seems like you could teach young people useful things beyond the knee-jerk antivirus and firewall mantra (which don't actually work anyways). What it doesn't seem like is that they are really teaching "hacking" at all. It looks like they're teaching how attacks are being made rather than how to make attacks. I see system scanning, forensics, and web app security but no exploit development. Which I think is good. I'm sure it's just a catchy title and a way to wake up the common person who reads scary hacker stuff in the papers and applauds the next jury who puts a hacker away in jail for 20 years based on anecdotal evidence they don't comprehend anyways. So yes, if it makes the average joe open his eyes and provides young people with a knowledge of how attacks are made so they take the time to be safe then it's what we probably have needed all along.
Okay, buddy - you asked for it. You want to talk about disgusting? Here's disgusting:
This pope was a joke, just like every pope before him. If you think he was really "god's representative on earth", you have one weakling for a god. I'll stick with atheism.
I ALWAYS browse at -1. More fun that way. But I'd rather reign in hell than serve in heaven, anyway.I pointed out I saw it on BBC news 24. A show called "click online", the link was to the BBC. So I skipped TFA and posted a comment. Click online protrayed it as "evil hacking turned good" and the guys they interviewed just threw around technical gargen to try and look smart ( I was only half watching, it's on at 7am when I goto bed, so I watch it while I do the last minute things).
I like muppets.
...you get the 1337 seal of approval ?
Won't work. Sooner or later, the media catch on and the cycle will continue. It is not worth the effort to play the cat-and-mouse game.
However, we can fight back. If they destroyed our name, our revenge may lie in destroying their form. Won't be much loss anyway - the traditional investigative journalism was replaced by mass-produced junk news.
Blogs, podcasting, Wikimedia and Ohmynews are the first steps.
The victory is ours.
please.
I'm a signature virus. Please copy me to your signature so I can replicate.
Declaration_of_Intent to start the ball rolling.
My intent: to coach a fee newbies with my experience, its an enthusiasm for experience swap basically... Any comments would be appreciated, recruits encouraged.
Not provokative enough, basically new hires are thin on the ground, so how do students get onto the free projects, and how do I get management experience, answers on an Electro Magnetic Pulse, build an atomic bomb in your back yard if necessary. Communism just has not been tried... yet. In Soviet Russia the government owned you.
Any reference to grooming and paedophilia is intentional.
Be Free: Free Software Tuition
Google_search_of school_computing_club
/dev/null, and I really believe in "learning by doing", and communities of one are hard to keep going!
Maybe I just need
Google_how_to_build_a_club
I feel I need one or two recruits to really get underway, otherwise the research is not directed, for academic research see
Be Free: Free Software Tuition
The term hacker is established and apt. It would be a mistake and most likely a failure to try to establish a different name. The ambiguity in the meaning is normal and based in reality. Consider a similar term, 'rebel'. This can also take on very negative connotations in certain contexts, like for example where rebel militias may have engaged in executions and torture. But it would be silly to drop the usage of the term 'rebel' in response to something like that. Hackers just need to keep hacking the public perception of their name, just like they hack computer systems to improve them over time.
mhack
Building a better ribosome since 1997
Yay for hacker school!
Mens et Manus