Comments on: Educational Hacking? http://www.computerdefense.org/2007/09/educational-hacking/ Sharing my thoughts with the world. Mon, 26 Jul 2010 03:10:24 -0400 http://wordpress.org/?v=2.8.5 hourly 1 By: princess of antiquity http://www.computerdefense.org/2007/09/educational-hacking/comment-page-1/#comment-28869 princess of antiquity Mon, 01 Oct 2007 09:36:43 +0000 http://www.computerdefense.org/?p=391#comment-28869 Personally, I don't believe that it is essential or even needed to do this kind of experiments. I still think that it is still better to learn how to design a good security rather than protecting it by blocking known attacks. We don't need to know all of them, because at the rate they are growing, we'll never finish. Instead, I think that we just have to assume that its there. 'Coz if its not meant to be hackable, then, it shouldn't be. But, hey, what do I know, I'm just a student. ^_^ Personally, I don’t believe that it is essential or even needed to do this kind of experiments. I still think that it is still better to learn how to design a good security rather than protecting it by blocking known attacks. We don’t need to know all of them, because at the rate they are growing, we’ll never finish. Instead, I think that we just have to assume that its there. ‘Coz if its not meant to be hackable, then, it shouldn’t be.

But, hey, what do I know, I’m just a student. ^_^

]]> By: JaceTheAce http://www.computerdefense.org/2007/09/educational-hacking/comment-page-1/#comment-28357 JaceTheAce Wed, 26 Sep 2007 22:30:02 +0000 http://www.computerdefense.org/?p=391#comment-28357 I"ve seen this alot lately - the subject and the practicing of. The coverage shows the anxiousness society has with public open malicious development. i just spent the past days at large conference and even the Presenters of the study session were displaying and encouraging 'engaging' the malware situation deeper: like so. Unfortunately no obvious answer yet with the fine balance between Tool and Instigator. They'll just have to do like you said, test these each individually in court with a nonpartisan Judge. I believe the pressure of the sincerity people have for this subject maintains honesty well enough for the time being. It becomes blatantly obvious if people take their Home-Malicious tools though and release the self controlling and self-deciding destroyer on its own. i Find i learn and take in new programs/coding the best when i can get my hands on the source code- then run it and debug, then go back, change some values, objects. Later - prolly inject/change/add/modify the program to learn more again. To bad for this subject the program - is malicious related. I”ve seen this alot lately – the subject and the practicing of. The coverage shows the anxiousness society has with public open malicious development.
i just spent the past days at large conference and even the Presenters of the study session were displaying and encouraging ‘engaging’ the malware situation deeper: like so.
Unfortunately no obvious answer yet with the fine balance between Tool and Instigator. They’ll just have to do like you said, test these each individually in court with a nonpartisan Judge.
I believe the pressure of the sincerity people have for this subject maintains honesty well enough for the time being.
It becomes blatantly obvious if people take their Home-Malicious tools though and release the self controlling and self-deciding destroyer on its own.

i Find i learn and take in new programs/coding the best when i can get my hands on the source code- then run it and debug, then go back, change some values, objects. Later – prolly inject/change/add/modify the program to learn more again.
To bad for this subject the program – is malicious related.

]]> By: kurt wismer http://www.computerdefense.org/2007/09/educational-hacking/comment-page-1/#comment-27959 kurt wismer Sun, 23 Sep 2007 22:03:10 +0000 http://www.computerdefense.org/?p=391#comment-27959 "You create the virus via point and click… picking specific vulnerabilities, actions and packing processes. Afterwards you run the virus and attempt to work backwards to the initial settings you chose. You watch it’s actions with a debugger and a sniffer. I would say this is definitely educational and there’s a good chance many people in InfoSec did this sort of thing when they were first playing with security." indeed, i'm sure many in infosec and even outside of infosec did this sort of thing... i believe sarah gordon covered this set in her paper "the generic virus writer II"... 3 guesses why that set warranted mention and the first 2 don't count... if you must experiment with viruses, experiment with ones that already exist, not ones you make... “You create the virus via point and click… picking specific vulnerabilities, actions and packing processes. Afterwards you run the virus and attempt to work backwards to the initial settings you chose. You watch it’s actions with a debugger and a sniffer. I would say this is definitely educational and there’s a good chance many people in InfoSec did this sort of thing when they were first playing with security.”

indeed, i’m sure many in infosec and even outside of infosec did this sort of thing… i believe sarah gordon covered this set in her paper “the generic virus writer II”… 3 guesses why that set warranted mention and the first 2 don’t count…

if you must experiment with viruses, experiment with ones that already exist, not ones you make…

]]>