RE: [ISN] This computer security column is banned in Canada

From: InfoSec News (isnat_private)
Date: Mon Jun 02 2003 - 23:19:34 PDT

  • Next message: InfoSec News: "[ISN] Microsoft to introduce security certifications"

    Forwarded from: Steve Manzuik <steveat_private>
    Cc: robat_private
    
    I am not associated with, nor do I speak for the University of Calgary.
     
    > This column is banned in Canada 
    > http://Vmyths.com/rant.cfm?id=598&page=4
    
    I am a Canadian, living in Calgary -- and I got this article.  Does
    that mean I am in some sort of trouble?
    
    > Academic achievement takes on a whole new meaning here: the more
    > malicious your code, the better grade you'll get.
    
    That is hardly the case.  More like, the better your understanding of
    malicious code and malware the better grade you will get.
    
    > Anyone who went to college knows an underpaid, overworked teaching
    > assistant normally supervises all lab assignments.  However, the
    > professor of "Malicious Computing 101" insists he will supervise the
    > students during scheduled class times.  A student will automatically
    > flunk the course if a virus gets loose and tries to destroy the
    > world (like the ILoveYou virus did in 2000).
    
    It is my understanding from talking to the University that the hands
    on portion of the course will be conducted in a lab environment that
    is closely controlled.  In fact, it was my understanding that the lab
    is not even connected to the Internet.  Obviously this doesn't
    completely prevent malicious code from leaving but it will at least
    prevent accidents.
    
    > Frankly, this doesn't make any sense.  I mean, shouldn't you get an
    > A+ if you annihilate the Internet during Finals Week?
    
    Come on Rob, as a FUD buster yourself you should know better than to
    make statements like this.  Besides, who said the annihilation of the
    Internet would be a bad thing?
     
    > infamous "Mafiaboy" who -- according to legend -- very nearly
    > destroyed e-commerce in February 2000.
     
    So lets get this straight.  You, Mr. Rosenberger have made a career of
    exposing FUD.  You have taken FUDsters like Russ Cooper to task and
    for that most of us applaud you.  But then I read your multiple
    articles on vmyths.com about the UofC course on Malware and have to
    wonder why you yourself would result to quoting clear FUD just to make
    your point.
    
    > According to one published report, "RCMP and FBI officials have
    > estimated that Mafiaboy caused $1.7 billion in [global] damage."  
    > (Canadian dollars, I'll bet.)
    
    You know as well as I and everyone else does that this number is
    grossly exaggerated.  Corporate America (and Canada for that matter)
    needs to blame something for their years of mismanagement and loss of
    stockholder value. So why not some punk kid from Eastern Canada.
    
    > Suffice it to say the kid single-handedly terrorized the Internet --
    > if you believe the media and all of the fearmongers who rode on
    > Mafiaboy's coattails.  I won't bore you with the technical aspects
    > of his diabolically ingenious teenage exploits; visit Mafiaboy.com
    > if you need a refresher.
    
    Mafiaboy was nothing more than a patsy.  He ran a tool, that he didn't
    even write, and that he didn't even understand.  His so called rein of
    terror was nothing more than an accident performed by some stupid kid
    who obviously was lacking parental guidance.
    
    > Only in the computer security world can you keep your name out of
    > the newspapers even after you plead guilty to a $1.7 billion crime.  
    > Mike Calce is as famously unknown as Murray Langston.
    
    Actually, only in Canada.  You can thank our broken Young Offenders
    Act for that.
    
    > OKAY, ENOUGH ABOUT the Mafiaboy mystique.  Let's get back to my
    > simple philosophical question.  Will the University of Calgary let
    > Mike Calce take their virus-writing course if he fulfills all of the
    > normal academic requirements for it?
    
    Sure, why not -- but something tells me that this clown wouldn't make
    the cut.  Or he can be refused for ethical reasons -- which would more
    than likely be the case.
    
    > the University of Calgary teach a declared Al Qaeda sympathizer how
    > to write malicious software if he/she meets all normal academic
    > requirements?  What if, say, our hypothetical student is a
    > natural-born Canadian with no criminal record? Would the University
    > of Calgary forbid someone to take the course based solely on the
    > student's declared political sympathies?
    
    Why should they? If they are in good academic standing then there is
    no reason that they should be kept from taking this course.  If you
    seriously think that the malicious people of the world need a
    University course on malware to learn how to do this stuff then you
    are sadly mistaken.
    
    Lets take your lunacy a step further.  We all know that terrorists
    like to use car bombs right?  So shouldn't we be careful of whom we
    issue drivers licenses too?  I mean how can you let those "other
    races" get a drivers licenses as it could lead to the physical
    destruction of lives.
    
    This is stupid and is security through obscurity.
     
    > If the university forbids it, would they let the declared Al Qaeda
    > sympathizer sign up for a SCADA Software 101 course instead?
    
    You don't need a course to hack the hundreds of insecure SCADA systems
    in Canada that's for sure.
    
    > Let's face sarcasm/reality here, folks.  If one self-taught Canadian
    > high school student could single-handedly almost destroy e-commerce,
    > just imagine what a horde of sheepskin Canadians could do!  If the
    > University of Calgary lets anybody attend their virus-writing
    > course, then we may someday find ourselves facing a horde of
    > Canadian 21st century glue-sniffing cybersluts with homicidal minds
    > and handheld PDAs.
    
    
    Again, more FUD Rob.  Don't tell me TruSecure purchases your little
    web site too?  Any idiot can spend a couple hours on the Internet and
    learn how to write a virus and more.  So perhaps allowing us malicious
    Canadian's to, as you put it, annihilate the Internet thanks to the
    UofC is a good thing.
    
    One must learn the nature of what he wishes to defend against.  This
    is why learning about malicious code at such a level is valuable.  I
    mean, worst case scenario the UofC will turn out some actual
    knowledable PROFESSIONALS to compete on the job market with all the
    FUD slinging and generally clueless con-insultants we see today.  
    Wouldn't that be an injustice......
    
    Regards;
    
    
    
    Steve Manzuik
    Chief Technical Officer
    Entrench Technologies Inc.
    (403)663-1337 - office
    (403)589-4430 - cellular
    steveat_private
    
    ===============================
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Jun 03 2003 - 01:23:59 PDT