Re: ACM

[Florian Weimer <fw () deneb enyo de>]

> We argue that practical experiences with real security failures should
> be a central part of university degree level education.

Do you use your university network for research in this area?

As far as I know, your university has an active security team, that's
why I'm asking.  Usually, it's not possible to investigate the
interesting things you discover in detail because of pressure from
day-to-day business.  When I worked in a similar environment, I often
wished I could share some of my discoveries with people who had the
time and knowledge to pursue them further.  The people I was working
with faced the same problem, of course.

> Furthermore, our main claim is that the quality of data security
> professionals with university degree can only be improved if
> \emph{offensive} aspects like writing exploits or network sniffing
> are integrated into the curriculum.

Network sniffing is offensive?  What's next? strace and debuggers too?

By the way, blocking sites such as these *is* offensive:

  http://citylegacy.com/
  http://conceptorg.com/
  http://foreignlanguagecourses.com/
  http://generalsealants.com/
  http://hpaphotographers.com/
  http://kinggroup.com/
  http://kspb.org/
  http://saintmichaelschurch.org/
  http://scopereport.com/

Actually, doing this properly would be an interesting research
project. 8-)
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave