In-Reply-To: <[EMAIL PROTECTED]>
Andy,
>Now with a limited intellect such as mine it doesn't
take a great deal to
>impress, but it lead me to think what other bright
ideas there are out there
>to teach by stealth and have a laugh. Exploit and
Vulnerability Snap or
>Defaced Site Monopoly?
I'm not entirely clear on how memorizing release or
discovery dates of viruses, or knowing who defaced a
web site and when "teaches security".
>I'm a great believer in passion driving people towards
security, this seems
>to be improving as the wages for security
professionals drop, though I'm
>still waiting for the next "big bang" band wagon to
entice the financially
>driven amongst us away from what I love.
Wages for security professionals dropping?
Hhhmm...perhaps on your side of the lake. Over here, I
see it going through a cycle and in several cases,
where jobs are available, the salaries seem to be on
the rise.
Also, what is this that you see "improving"? I've read
this a couple of times, and I don't really see what
you're getting at.
> But let's face it reading books is
>a little boring and Capture the Flag takes quite a few
resources.
>
Maybe you're reading the wrong books, Andy, and putting
a little too much into Capture the Flag. There are
plenty of ways to teach security concepts.
When I teach my IR course, I "compromise" the systems
in the course in a variety of ways. In most cases, I
install a "trojan" via a batch file (usually some
configuration of netcat), but I've also set up
fakegina.dll, load a keylogger, etc. When the students
return from a break, I give them a clue as to how
they've been compromised and ask them to find it. The
goal of exercises like this isn't to see who can find
the "trojan" first, but to look at the methodology each
uses to try and discover the "trojan".
>PS are there any good database security courses that
run in the US, we seem
>to have captured the market in the UK and I've been
asked this very question
>by an individual that doesn't want to come to this
side of the pond..
Sounds like you got email from a real lazy person, Andy.
Harlan
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
