[unisog] Story in today's ICS handler's diary

Phil Benchoff benchoff at vt.edu
Tue Feb 28 21:37:55 GMT 2006

I don't see a thing in the assignment that says the students should
assume they are authorized to select some random machine.  It says:

  "Student is to perform a remote security evaluation of one or more
   computer systems. The evaluation should be conducted over the Internet,
   using tools available in the public domain."

While it may have been smart to say "Be sure you have authorization
from the system's owner," that shouldn't be necessary.  The very first
session of security classes here includes a lecture on the AUP. Students
in the security class are also told that they will not get away with
"I didn't know any better" excuses on the application of the technologies
discussed in the class.  I'd expect similar warnings at other schools as

I don't recall ever being told that I must obtain the textbook for a class
through legal means.  I never assumed that meant I should go to the
bookstore and help myself.


> On Feb 28, 2006, at 3:01 PM, Andy Johnston wrote:
> > There's an odd story in today's diary at the ISC:  http:// 
> > isc.sans.org/diary.php?date=2006-02-28
> >
> > Seems some professor has assigned his class a project consisting of  
> > picking a target on the internet, pen-testing it, and providing the  
> > professor with a full report.
> >
> > Keep your IDSs warmed up.
> >
> >
> > - Andy Johnston
> >
> > -- 
> > * Andy Johnston (andy at umbc.edu)      *                               *

More information about the unisog mailing list