On Tue, Sep 29, 2009 at 11:08:01AM -0400, blanchard_mich...@emc.com wrote: > How can any antivirus vendor condone such activity, let alone teach > a course in it???? What has the world come to? Don't they remember > the whole outcry against the University of Calgary when they wanted to > teach a course that involved creation of new viruses?
Yes, that was most unfortunate and shortsighted -- the outcry, I mean. It's foolish to pretend that "we", FSVO "we" meaning "the good guys", are the only ones with the ability to understand malware and abuse and intrusion et.al., and to teach those skills. Other people have the same or better level of understanding, and are increasing their expertise on a daily basis by applying their skills and developing new ones. They're also teaching others, directly or indirectly. So it would be rather conceited of us to presume that if we don't teach anybody, that nobody's being taught. This kind of studied ignorance has consequences: in one of my areas of expertise (anti-spam research), I very often find that people constructing defenses have little, if any, knowledge of contemporary attack methods and thus wind up deploying pre-defeated mechanisms, sometimes at considerable expense. To confront the enemy, it's necessary to know the enemy -- and the enemy's strategies and tactics. Refusing to learn these guarantees defeat. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.