Date: Fri Dec  9 21:27:33 2005
From: michael.holstein at csuohio.edu (Michael Holstein)
Subject: McAfee VirusScan vs Metasploit Framework v2.x

> Hmm,  when I was working at a state run institute, we had a policy of
> letting the students do things that helped them learn. What better way
> to learn about the importance of error handling than exploiting what
> happens when you dont learn about them?

(extracted) :

All Users of University Computing Resources must:

2) Use only those computing resources that they are authorized to use 
and use them only in the manner and to the extent authorized. Ability to 
access computing resources does not, by itself, imply authorization to 
do so. Users are responsible for ascertaining what authorizations are 
necessary and for obtaining them before proceeding. Accounts and 
passwords may not, under any circumstances, be shared with, or used by, 
persons other than those to whom they have been assigned by the university.
	
> Just let them mess around on a private network you say?

Classes where hacking topics do exactly that. Unfortunately the law does 
not provide an exception for "educational hacking". Doesn't matter if 
you were just "testing" a buffer overflow on somebody else's computer 
(without permission, outside a lab, etc) -- or you were trying to change 
your test score. Illegal access is exactly that -- illegal.

> You cant reproduce the internet (except inet2 =P). Also, if a school
> squashes creativity, or hampers research (in what ever form they may
> take) you will not be able to compete in the educational arena.

Telling students they can't hack into stuff they don't own doesn't 
squash creativity -- it enforces the law.

~Mike.

Powered by blists - more mailing lists