Slashdot Mirror
American Idol for Security Geeks
Ant writes to tell us SearchSecurity.com has an article touting the latest "reality show" idea from the Georgia Tech College of Computing, Information Security Center, and Graphics, Visualization and Usability Center. The "Tiger Team" competition promises to be an "American Idol for security geeks." Students "prep, sweat and show their stuff while a panel of critics decides their fates. But unlike the popular 'reality' TV show, judges aren't determining who can best carry a tune. Instead they weigh students' ideas for making information security more user-friendly, with $50,000 -- enough cash to fund a project for 12 months -- hanging in the balance."
Can you even get ONE developer of any cred for that?
I wonder when the networks will get it through their thick skulls that nobody wants any more reality TV. It's the lowest cost way of dumping out several hours of content sure, but what's the use of it when so many people loathe it?
Taking a leaf from the RIAA/MPAA book of customer relations, perhaps?
RST
Wait, American Idol only exists so we can mock the idiots that don't know what they're doing. I already mock people who don't know what they're doing. It's called:
root@notmine>rm -rf *
There are some people that if they don't know, you can't tell 'em.
Simon Cowell to be replaced by Slashdot members.
That's not going to be very effective without some means of identifying/limiting who gets to rate a site.
I'm not sure how the other composites are doing nowadays (Amazing Race, Survivor, Family Makeover) but they don't have to do that well to turn a profit.
Among the intelligensia, sure, reality programming bites it, but we're not the targets.
You better watch out, there may be dogs about . .
Wait a minute, aren't blogs pretty-much reality TV for the Internet? People whining, advertisements, cool graphics, +1 insightful, advertisements, some asshole being a jerk, *static*, vacation pictures, advertisements, more people whining, advertisements, and so on. The Internet is pretty much just like reality TV, just with more porn!
Zhrodague.net - I do projects and stuff too.
This is lame.
It sounds more like a VC "talent search", where the $50k MIGHT be enough cash to pay one person a mac-and-cheese salary and get a business plan and some collateral marketing done to get properly financed.
Or, it could be a "anything you submit will become our property" type "scam", where some grad student has a unique approach that this group then becomes the owner of for a mere $50k. They can then take the idea and run with it, and reap the benefits.
All in all, sounds like something I'd not be lining up for.
$0.02 (CDN)
I think that thinking people don't want reality TV, and the reality is that there are more stupid people than thinking people. How else can you explain Brittany Spears? I really don't know where they get these focus groups, and people with nielson boxes. I can't imagine what kind of people like the kinds of shows that are on TV these days. Commercials suck too, but I'm happy that my MythTV eats them for me.
Zhrodague.net - I do projects and stuff too.
Hmmph, editors removed my brief comment.
Does anyone think American Inventor fits better instead of American Idol for this story? It seems like this story is about inventing.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Pop: Windows
Alternative: Linux
Rock: BSD
Jazz: Mac
Country: Solaris
William Hung: Pick any above. Set root/admin password to PASSWORD. Mission accomplished.
what's that, the GTCOCISCGVUC
my God, geeks, learn to be succinct!
$50,000?!? That's enough to fund 2 green card graduate students for 5 years EACH!!
Careless with money...
sig?
Where was Apple computers founded? They made the PC revolution happen, before any AT clones were seen in peoples homes. Wasn't it just a bunch of guys who liked computers, and put in work for the cause? I don't remember the exact facts, but didn't it start by ordering parts from a magazine and seeing what they could make it do? It was more of an intellectual game.
If a person already has their home rent paid for, a computer does not take up that much space. The choice between watching television or working on a program is not one of money, it is a choice of preference. $50K for winning a game sounds fun. You won't win $50K watching television.
Or, it could be a "anything you submit will become our property" type "scam", where some grad student has a unique approach that this group then becomes the owner of for a mere $50k. They can then take the idea and run with it, and reap the benefits.
In todays world, isn't everything already patented? Who cares if a company takes the idea and runs? $50,000 for just an idea is not bad! It beats washing dishes at the pizza joint.
Maybe I'll get flagged troll for this, but $50,000 isn't even enough to pay for a yearly salary of one employee at a corporation. How do they expect that much money to be able to fund a 12 month project?
"You had this look that of an angel, it was such a bad disguise" --Dishwalla
shouldn't the goal be to make it more secure?
the problem isn't that security software is too technical (look at zonealarm's nice and friendly interface), it's that people aren't educated about the most fundamental aspects of computer security, like what firewalls are, and that AV programs only work if you keep them updated. Bleh.
I could think of better things to spend my money on. Like 16,666.67 cups of coffee!
No really. Security contest? To make things easier? OpenBSD could use some new security tool interfaces. And I'm sure if the developers get something together it will be high quality. OpenBSD needs money.. 50k would help!
And if they win, stupid VC's can fork if they want. The contest/VC people get a new UI. OpenBSD gets a new tool, publicity, and money.
OpenBSD IS America's (ok maybe Canada's first) Security Idol.
Talk amongst yourselves.
Parent is vastly underrated.
Given a choice between this show and the one that's going to be a twenty-year long epic about moisture farming on a desert planet, I choose the latter.
Any one who has worked in Tech Support would understand this.
1. Users cant read.
2. USERS CANT READ.
3. Users dont know the difference between the Address bar and the 50k search bars they have below it. (Yahoo, AOL, and yes even Google toolbar).
4. Users blindly follow the messages that they get and just click on yes. (Would you like to install Gator monitoring software so that you can have the best ad experience ever? They click yes)
5. Users are stupid and understand hoaxs from the real thing no matter how many times you tell them that the credit card company will never ask for thier info they still believe that when there is a problem with the credit card they send all the info)
5. Users cant read
solution to this problem is this. Internet licensing. We have them for cars, and we have them for guns. You need a license to own a computer. And You need a higher grade to have internet. Problem solved no more security threats
http://video.google.com/videoplay?docid=9151435244 001559688
I think these guys desrve to win!
Rent: $3600 (utilities included)
Food: $1200
Tuition and Fees: $5000
So for a round $10K a year, you get your basic Grad Student(TM). Pay them $50K and you will get a whole lot more than that. It has been my experience that there's a lot of distance from the bottom of the grad student pile to the top. Top students can accomplish two orders of magnitude more, and you don't have to pay them a whole lot, just give them a diploma at the end.
This kind of reminds me of a dilbert strip...
What will they say when the decide to kick the contestant?
/contestant/MJones
JHiggins@Judge.Tiger:> echo You have nothing >
JHiggins@Judge.Tiger:> rm -R MJones
Security is but an illusion of the mind
~M45T3R S4D0W8~
Rent : $300 pm
In a safe neighborhood? You dont want your programmer murdered or mugged before the project is over.
Food : $1200 pm
What? mac n Cheese? What about a balanced diet? Do you even care about this person you are paying???
Please use realistic figures that someone can actually live by. 4 years ago, you could not live with that amount of cash in Los Angeles. How about now?
Find a job you like and you will never work a day in your life.
That is some ghey ass bullshit !! 50k ? thuckle up on deez nutz knee grows!!
I would pay per episode to see a recording of this. Sounds pretty cool.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
holy christ... $1200/mo in food isn't enough for one person? or just not enough for the average slashdotter?
what does that break down to? $40/day?
where do YOU do your grocery shopping? steakhouses?
for a minute there, i lost myself...
so, they're going to take the idea of a show, which takes people with no origionality, barely any musical talent, and bring it to the tech world? wow, microsoft should win this one.
But I bet the smell of your Mom's pancakes gets you out of the basement for a short while.
"Instead they weigh students' ideas for making information security more user-friendly,"
besuretodrinkyourovaltine
He meant $1200/year which is $100/month. That's really not much to live on...even if you don't dine out at all. I'm a poor college student and last month I spent $89.20 eating out and $100.72 on groceries...and that doesn't even include beer. :)
You might be able to get away with $300/month rent living in a used trailer in a trailer park.
I would be interested in a different show where contestants are "would-be hackers" and security pros or just plain "kiddies" and "wannabes" who undergo a series of security/hacking related "tests" to test their ability and knowledge to penetrate certain security measures put in place. A preliminary contest would start initially with entry level web based hacking for example, or simple brute force password and username schemes to gain next level access to remote and local systems - albeit honey pots or live systems. As contestants are eliminated, the security increases and the tasks get more demanding and interesting. Maybe there would be elimination rounds where contestants would answer a series of questions given a certain scenario and would have to answer with the most unique and "clever" idea possible they would use to break into a system or crack a security system put in place. They would then be rates and reviewed by experts in the security field (maybe Kevin Mitnick or other well known "hackers"). A final showdown would be like wheel of fortunes final "puzzle" where the final person would be given 60 seconds or so to crack or decode a certain security scheme or problem for a grand prize of $50,000 or something - not to mention the fame and recognition of peers and the world of their extraordinary talent and unique skills and abilities. This show could teach others of the methods and techniques of other hackers to learn from them and improve their own security awareness. Maybe this wouldn't hit any mainstream market but computer hacking has always been a wide source of intrigue and interest for a lot of people with any understanding of computers. You can tell from the wide array of computer based films that all have some form of "hacking" involved to some extent. This would also give "hackers" and security experts an opportunity to use their knowledge in a constructive and controlled environment while fulfilling their own needs for cracking the code and gaining access and outsmarting the security system along with the recognition of their skills and ability. They say the common flaw of most "hackers" is that they want to show people how smart they are, and fortunately, that's how they get caught (by bragging on IRC or blogging their feats) - not that any real hacker would do this. The show would ultimately find those rare few who can back up their egos with proven "leet" skills and abilities. It would be good for all involved and would be a unique twist of reality TV that's never been seen before. Risky? Maybe. But done right, I think it has some real potential. I realize that not everyone cares about computer security or hacking and the show would have to be limited in content (i.e. 30 min show for example) would limit the complexity of each round and scenario and you would need to keep the show interesting and exciting and really glorify computer security and hacking much the same way Hollywood does in the movies. I figure if they can make a live TV show like "Iron Chef" on national cable TV to be successful, they can sure as hell make "Leet Hacker" a national hit as well or maybe that's just my warped perception and reality. ;)
"Reality is merely an illusion, albeit a very persistent one." - Albert Einstein (1879-1955)
"In the real world, when you are in a bad neighborhood it is very clear," said Mustaque Ahamad, director of Georgia Tech's Information Security Center. "But online, you have no idea whether you or your computer system is in any kind of danger."
That's BS
Here's how to determine if you're in a bad "cyberhood" in 3 easy steps with great accuracy and very reasonable false positive rate:
1. Are you illegally downloading content (music/movies/software/etc)? If yes, you are in a bad neighborhood.
2. Are you being offered something for nothing? If yes, you are in a bad neighborhood.
3. Pr0n? If yes, you are in a bad neighbothood.
Come on people, its not rocket science. Where my 50k?
-Lod
Tuition and fees... $5k??? Where the hell do you goto school? If it's a public school out of state grad tuition will likely run them $15k/year. Private school, maybe as low as $20-25k (my masters was $950/credit). In state grad tuition (plus fees, books, etc) at a public school might be less than $10k/year.
Food is more likely a bare minimum of $200/month, likely more, I know I spend more per month on that. More realistic housing depends where you live, and more importantly how many people you live with. I have a one room efficiency (with a kitchen) that costs me $475/mont with no utilities included. Then you have to add in heat, electricity (you have to power your computers somehow), internet (a neccessity), and maybe cable. Water may or may not be included with rent.
Anyhow, you're basic grad student runs you about $50k/year. The general stipend depends on where you goto school (cost of living mostly), and the average stipend (including summer months) is in the area of $1400-$1600 per month. Add onto that tuition costs, health insurance (technically grad students pay for it in most places, but at a huge discount), student fees (if they're covered), equipment, etc and your grad student costs much more than $10k.
Of course most grad students do purely research oriented project, take much longer than a year to finish the project etc etc. The whole thing doesn't seem like any different than how most grad students are funded. Not a very exciting story really.
phil
fgh
ahh.. you're right.. i didn't read the GP... i think bums spend more on food than that...
for a minute there, i lost myself...
I read this and thought what are these people thinking.
TALC - How does this concept not get ripped to shreds when a script could be used to sway the "danger sign" values. Even better, why not have the bad neighborhoods spoof the "danger rating". Doesn't this kind of rating (assuming it is implemented) just lead to web neighborhood profiling? I forsee that somekind of legislature would try and get rid of these so called "bad [internet] neighborhoods" or even better throw money at them to help make them better. A much better solution to this problem is to create a successful user awareness program that would teach users how to recognize these "bad neighborhoods" (I've done that very thing when I taught 6th grade computers).
Virtual Network Design - It isn't a bad idea, but poorly implemented. How often does the common Joe Smith need to type DNS entries and TCP/IP addresses, other than when they are http://www..com? When my parents were trying to set up a home network the hardware manufacturers provide excellent, easy to use documentation and tools. The better solution would be design a common, graphical interfacing for all hardware connections (which could extend beyond networking possibly and show users what cords go where and why).
Bonfire - What if what students are doing is wrong? It sounds alot to me like somebody created a dynamic box linked to an properly updated FAQ page. Do you really want to try and show a user how I perform common tasks (the most complicated and customized method is best for me)? If you really want to show off data mining skills try teaching users how much data can be collected about them by using publicly availible information. I've had extremely good responses at my college by simply doing research and learning what I could about a total stranger on campus then using them as an example in a data privacy lecture (be sure to tell them you are not a stalker, but somebody else could be).
People with this much education don't have to compete in a silly competition for $50k a year! Tech jobs are plentiful and a PhD will put these people making much more a year than this.
This whole thing sounds alot like a technology version of American Inventor.
"You may not know you are under attack, who is attacking . . . or how." Strategic Information Warfare, A New Face of War, Roger C. Mollander, Andrew S. Riddle, Peter A. Wilson, (RAND) 1996.
"You may not know what is real" Ibid.
I actually moved to the Philippines to conserve expenses and maximize the amount of investment cap I have to put into projects. I couldn't live on that here , much less in the US.
... laughable. Just plain laughable.
$50k buys you a few months for a small team. I know this because I have been to 4 countries recruiting them.
Nevermind your start up and legal expenses. I'm sorry folks, but true innovation is just too damn expensive to be done domestically. $50k and a plane ticket to Malaysia I'd have believed it.
Think about your start up costs, and the amount of 'plums' you have to make available to even attract researchers, or people who are seriously interested in development. Do you want grad students who want something to do? Or do you want people who want to become part of a project and see it through?
Everyone sees the latest headlines here, Novell making DC management tools, OpenBSD having issues and facing financial doom, etc. I (and others) anticipated needs and took steps *years* ago to start developing solutions. Nice to see big business catch on but to us its yesterday's news.
You need 2 people to just keep up on emerging technology (like Xen) so that when you release, you have included the best that you can find. $50k
Go ask Qlusters how much OpenQRM cost to develop. Then ask them where the bulk of the R$D (yes, $ not &) took place. But when Novell does it, its news.
This gets my 'sensational-waste-of-quality-airspace' award for the month. Not that anyone cares. But I've spent a few hundred K of my own money and we're still not done what we set out to do. Its not lack of management, Its keeping up with big business regurgitating stuff that's already done as 'emerging' technology - so that your efforts are received as innovation and not copy cat. The companies supposedly propelling innovation are actually just stomping (and squatting) on it.
$50k, go get 5 high priced hookers. Have a blast. You'll look back on it as money well spent later, otherwise you may need to be treated for anxiety disorder.
I'm pretty sure they do. These days you hand them a dollar and they give you that 'wtf?' look. Like hey buddy, what the hell am I gonna do with $1? One guy asked me for $5 for pizza. Living under a bridge or in a dumpster and you need $5 for pizza.... riiiight.
You're nothing; like me.
But I bet the smell of your Mom's pancakes gets you out of the basement for a short while.
Dad?
In "American Idol for security geeks," Microsoft is William Hung.
I got it for $0.08 once.
Let me set some misconceptions right. I'm disheartened to note that present day journalism is still very much a grapevine. The author of the original article added a bit of sensationalism by comparing a scholarly competition to "American Idol" probably to get the attention of the reader. I can level with that. But it goes downhill from there. In the case of my project TALC, everything other than the name is pretty much off target. TALC combines Awareness, using techniques like Ambient displays; Learning, using appropriate metaphors and other non-invasive means and Control that lets the user take appropriate action to mitigate the threat. From a security perspective, I believe TALC adds value in terms of bringing awareness to existing tools like HijackThis, Nessus, National Vulnerability Database (NIST) etc., educating users of their security actions/in-actions and a few more in an effort to harden the home user security. These are hard problems and we intend to tackle them with innovative ideas. For those interested in the nitty-gritty details checkout the original proposal at http://www-static.cc.gatech.edu/grads/k/kandha/doc /TALC.pdf
The project has undergone a lot of changes since then but it gives a fair idea of where we are heading. In the end, like they say, "Any press is good press!"
As for the discussion about the funding, some of the slashdoters have already put it in the right context. To quote Bob Dylan,
These comments are my own personal opinion"A man is a success if he gets up in the morning and gets to bed at night, and in between he does what he wants to do"
We are doing this for the challenge involved in tackling hard research problems and in our case to extend security to a grass root level in a usable manner. The fact that we get a stipend and a tuition waiver comes at a distant third.
> At 69 cents for the 'good' Ramen (Maruchian), $50K would buy 72463 grad student meals. That's enough to feed 66 grad students 3 meals a day for a year!!! SO--YES.
Thank you for giving me a vision of Sally Struthers fundraising for the "Save the Grad Students" foundation.
[Cue picture of slovenly grad students, so tired they're falling over.]
Sally: See what squalor these poor students live in! Unable to have decent food, clothing or shelter, these students wander the halls like zombies. But! For only $0.69 per day, YOU can feed one poor graduate student!