[ISN] This Bug Man Is a Pest

From: InfoSec News <alerts_at_private>
Date: Wed, 6 Aug 2008 04:02:24 -0500 (CDT)
http://www.newsweek.com/id/150465

By Adam B. Kushner
NEWSWEEK
Aug 2, 2008
In the Aug 11, 2008 issue

In a windowless underground computer lab in California, young men are 
busy cooking up viruses, spam and other plagues of the computer age.  
Grant Joy runs a program that surreptitiously records every keystroke on 
his machine, including user names, passwords, and credit-card numbers. 
And Thomas Fynan floods a bulletin board with huge messages from fake 
users. Yet Joy and Fynan aren't hackers—they're students in a 
computer-security class at Sonoma State University. And their professor, 
George Ledin, has showed them how to penetrate even the best antivirus 
software.

The companies that make their living fighting viruses aren't happy about 
what's going on in Ledin's classroom. He has been likened to A.Q. Khan, 
the Pakistani scientist who sold nuclear technology to North Korea. 
Managers at some computer-security companies have even vowed not to hire 
Ledin's students. The computer establishment's scorn may be hyperbolic, 
but it's understandable. "Malware"—the all-purpose moniker for malicious 
computer code—is spreading at an exponential rate. A few years ago, 
security experts tracked about 5,000 new viruses every year. By the end 
of this year, they expect to see triple that number every week, with 
most designed for identity theft or spam, says George Kurtz, a senior 
vice president at antivirus software maker McAfee. "You've got a whole 
business model built up around malware,"  he says.

Ledin insists that his students mean no harm, and can't cause any 
because they work in the computer equivalent of biohazard suits:  
closed networks from which viruses can't escape. Rather, he's trying to 
teach students to think like hackers so they can devise antidotes.  
"Unlike biological viruses, computer viruses are written by a 
programmer. We want to get into the mindset: how do people learn how to 
do this?" says Ledin, who was born to Russian parents in Venezuela and 
trained as a biologist before coming to the United States and getting 
into computer science. "You can't really have a defense plan if you 
don't know what the other guy's offense is," says Lincoln Peters, a 
former Ledin student who now consults for a government defense agency.

[...]


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Wed Aug 06 2008 - 02:02:24 PDT

This archive was generated by hypermail 2.2.0 : Wed Aug 06 2008 - 02:05:21 PDT