Neil's News

Black and White

9 February 2009

Every year I give a lecture about Internet security to a local high school computer science class. Introducing an exciting new topic to kids is always a lot of fun. Previously I've given the lecture at Lisgar Collegiate and Virtual Ventures in Ottawa. This year I gave it at the Galileo Academy in San Francisco.

As always I opened with the challenge of finding a content hijacking exploit on a public website. This was the first time that nobody was able to find an "unexpected result" (actually, one kid did execute an HTML injection, but did so literally by mashing his fists on the keyboard and got a '<' character by chance). Normally it only takes one or two minutes before they start going nuts with HTML injection, after which I move on to JavaScript injection and SQL injection. But not this time; in future I need to have a contingency plan for stepping back to something simpler.

Later I divided the class into two groups, white-hat hackers and black-hat hackers to pit them against each other. This routine split got uncomfortable when I noticed that the class seating was already roughly split with the whites on one side and the blacks on the other. Things got a little awkward when I had to explain that black-hatters were the bad guys and white-hatters were the good guys.

I definitely need to revise this lesson plan if I'm going to try it again in this country.

Update: Whatever these students lacked in their previous schools, at least they are in the right place now. Their current CS teacher, Mr Chun, is the coolest, most knowledgeable high school teacher I've ever met. Here's a photo he took of one of his students injecting a picture of Santa Claus on Scholastic's insecure website.

Photo of the week: A police officer keeping watch over the Scientologists and their anonymous foes.

< Previous | Next >

Legal yada yada: My views do not necessarily represent those of my employer or my goldfish.