RE: This computer security column is banned in Canada

[InfoSec News <isn () c4i org>]

Forwarded from: Steve Manzuik <steve () entrenchtech com>
Cc: rob () vmyths com

I am not associated with, nor do I speak for the University of Calgary.
 
> This column is banned in Canada 
> http://Vmyths.com/rant.cfm?id=598&page=4

I am a Canadian, living in Calgary -- and I got this article.  Does
that mean I am in some sort of trouble?

> Academic achievement takes on a whole new meaning here: the more
> malicious your code, the better grade you'll get.

That is hardly the case.  More like, the better your understanding of
malicious code and malware the better grade you will get.

> Anyone who went to college knows an underpaid, overworked teaching
> assistant normally supervises all lab assignments.  However, the
> professor of "Malicious Computing 101" insists he will supervise the
> students during scheduled class times.  A student will automatically
> flunk the course if a virus gets loose and tries to destroy the
> world (like the ILoveYou virus did in 2000).

It is my understanding from talking to the University that the hands
on portion of the course will be conducted in a lab environment that
is closely controlled.  In fact, it was my understanding that the lab
is not even connected to the Internet.  Obviously this doesn't
completely prevent malicious code from leaving but it will at least
prevent accidents.

> Frankly, this doesn't make any sense.  I mean, shouldn't you get an
> A+ if you annihilate the Internet during Finals Week?

Come on Rob, as a FUD buster yourself you should know better than to
make statements like this.  Besides, who said the annihilation of the
Internet would be a bad thing?
 
> infamous "Mafiaboy" who -- according to legend -- very nearly
> destroyed e-commerce in February 2000.
 
So lets get this straight.  You, Mr. Rosenberger have made a career of
exposing FUD.  You have taken FUDsters like Russ Cooper to task and
for that most of us applaud you.  But then I read your multiple
articles on vmyths.com about the UofC course on Malware and have to
wonder why you yourself would result to quoting clear FUD just to make
your point.

> According to one published report, "RCMP and FBI officials have
> estimated that Mafiaboy caused $1.7 billion in [global] damage."  
> (Canadian dollars, I'll bet.)

You know as well as I and everyone else does that this number is
grossly exaggerated.  Corporate America (and Canada for that matter)
needs to blame something for their years of mismanagement and loss of
stockholder value. So why not some punk kid from Eastern Canada.

> Suffice it to say the kid single-handedly terrorized the Internet --
> if you believe the media and all of the fearmongers who rode on
> Mafiaboy's coattails.  I won't bore you with the technical aspects
> of his diabolically ingenious teenage exploits; visit Mafiaboy.com
> if you need a refresher.

Mafiaboy was nothing more than a patsy.  He ran a tool, that he didn't
even write, and that he didn't even understand.  His so called rein of
terror was nothing more than an accident performed by some stupid kid
who obviously was lacking parental guidance.

> Only in the computer security world can you keep your name out of
> the newspapers even after you plead guilty to a $1.7 billion crime.  
> Mike Calce is as famously unknown as Murray Langston.

Actually, only in Canada.  You can thank our broken Young Offenders
Act for that.

> OKAY, ENOUGH ABOUT the Mafiaboy mystique.  Let's get back to my
> simple philosophical question.  Will the University of Calgary let
> Mike Calce take their virus-writing course if he fulfills all of the
> normal academic requirements for it?

Sure, why not -- but something tells me that this clown wouldn't make
the cut.  Or he can be refused for ethical reasons -- which would more
than likely be the case.

> the University of Calgary teach a declared Al Qaeda sympathizer how
> to write malicious software if he/she meets all normal academic
> requirements?  What if, say, our hypothetical student is a
> natural-born Canadian with no criminal record? Would the University
> of Calgary forbid someone to take the course based solely on the
> student's declared political sympathies?

Why should they? If they are in good academic standing then there is
no reason that they should be kept from taking this course.  If you
seriously think that the malicious people of the world need a
University course on malware to learn how to do this stuff then you
are sadly mistaken.

Lets take your lunacy a step further.  We all know that terrorists
like to use car bombs right?  So shouldn't we be careful of whom we
issue drivers licenses too?  I mean how can you let those "other
races" get a drivers licenses as it could lead to the physical
destruction of lives.

This is stupid and is security through obscurity.
 
> If the university forbids it, would they let the declared Al Qaeda
> sympathizer sign up for a SCADA Software 101 course instead?

You don't need a course to hack the hundreds of insecure SCADA systems
in Canada that's for sure.

> Let's face sarcasm/reality here, folks.  If one self-taught Canadian
> high school student could single-handedly almost destroy e-commerce,
> just imagine what a horde of sheepskin Canadians could do!  If the
> University of Calgary lets anybody attend their virus-writing
> course, then we may someday find ourselves facing a horde of
> Canadian 21st century glue-sniffing cybersluts with homicidal minds
> and handheld PDAs.


Again, more FUD Rob.  Don't tell me TruSecure purchases your little
web site too?  Any idiot can spend a couple hours on the Internet and
learn how to write a virus and more.  So perhaps allowing us malicious
Canadian's to, as you put it, annihilate the Internet thanks to the
UofC is a good thing.

One must learn the nature of what he wishes to defend against.  This
is why learning about malicious code at such a level is valuable.  I
mean, worst case scenario the UofC will turn out some actual
knowledable PROFESSIONALS to compete on the job market with all the
FUD slinging and generally clueless con-insultants we see today.  
Wouldn't that be an injustice......

Regards;



Steve Manzuik
Chief Technical Officer
Entrench Technologies Inc.
(403)663-1337 - office
(403)589-4430 - cellular
steve () entrenchtech com

===============================



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.