Re: Network Hacking

From: Privacy, please (no.spam@wanted.here)
Date: 02/23/03 

From: "Privacy, please" <no.spam@wanted.here>
Date: Sat, 22 Feb 2003 23:41:13 -0500

"Kevin Davisł" <zkevindavisz@cfl.rr.com> wrote in message
news:p5cg5vcs865hd1a8c1ik5ghul1gjs21hdh@4ax.com...

> >> Wrong. If the teacher's assignment includes activities that the sys
> >> admin should be apprised of, they should be apprised of it.
> >
> >I never said otherwise.
>
> You implied it. So let's clear this up front:
>
> Do you feel that the professor acted improperly by instructing his
> students to hack the University network without first getting approval
> from the afffected entities?

Without first getting approval, yes.

> If permission for such activities were sought and denied, do you
> believe that the professor would be within his rights to proceed with
> the activities anyways?

No, but I would hope that the prof would appeal.

> >This is the same convoluted logic that had others claiming that students
> >searching for vulnerabilities on their school's network was the same
thing
> >as grand theft auto and armed robbery.
>
> (Note the absence of agreeing that it is inappropriate for this
> professor to engage in unannounced hacking)

I have repeatedly said that the professor should have coordinated with the
network admin.

> >I don't think there is anything wrong with that. I also don't see a
problem
> >with electrical engineering students looking for shorts in the wiring
>
> That's just great. Having unexperienced engineers examine for
> "shorts" in the wiring. What happens when they, themselves create a
> short and bring down the power in the CS building? This is just a
> boneheaded idea. Sure, let them get experience, but ONLY within a
> controlled environment.

Under the supervision of the instructor. Should med students never be
allowed to stitch a wound until after their internships?

> > It is a school.
>
> Which needs it's power, network, etc for other things than for
> inexperienced students to bring it down while playing with it.

You _really_ have little faith in schools and students, don't you?

> >The sys admin's security job is dictated by any and all attempts, past
> >present and future to infiltrate the network. Doesn't matter if it is a
> >dedicated hacker from some european hacking gang or a six year old
randomly
> >pushing buttons.
>
> He doesn't need the extra work load of finding and tracking down
> student hackers directed by some idiotic professor. The sys admin's
> time in doing so should be charged against the professor's expenses.

Why?

{snip}

> Which Universities are underfunded? Certainly not all Universities
> are.

If you ask them they are...

> >All I am saying is that I hope that teacher has tenure. This would have
> >been a pretty stupid reason to lose a job.
>
> No, it wouldn't. Organizations like Universities and Corporations
> consider their networks vital to their existence nowadays.

And hire inexperienced, unqualified administrators to safeguard them?