Is there an academic rationale for teaching students the tricks of computer hackers? Security experts have been sparring over that question for a couple of years, since John Aycock, an assistant professor of computer science at the University of Calgary, started a controversial course called "Computer Viruses and Malware."
In his course, Mr. Aycock made a common-sense precaution: He required students to practice their hacking and virus-writing skills only on a closed network run in a campus lab. But a new, similar class at a different institution doesn’t even take that simple step, according to a blog run by the SANS Institute, an organization that promotes computer security.
The institute declined to specify which college, or which professor, is offering the course. But, the blog argues, the course syllabus explicity called for students to test the vulnerability of computer networks without notifying the networks’ owners:
Student is to perform a remote security evaluation of one or more computer systems. The evaluation should be conducted over the Internet, using tools available in the public domain.
The assignment has been partially rescinded, according to the blog. But the incident has revived debate among security analysts, many of whom argue that this exercise in computer reconnaissance is immoral, if not illegal. (Internet Storm Center)
