Facebook Helps Give Hacking a Good Name Again 52
Hugh Pickens writes "Ira Winkler says whenever he sees another 'cyberchallenge' getting play in the press, he think our priorities are screwed up. 'People seem to think that organizing teams of people to hack into systems is a way to bring together the best computer talent to square off against each other,' writes Winkler. 'I look at it as a waste of that talent.' That's why Winkler supports Facebook's latest Hacker Cup, which has become one of the few tests of creative computer talent. Facebook is using the original definition of 'hacker,' referring not to someone who breaks into computer systems, but rather to an individual who 'enjoys exploring the details of programmable systems and how to stretch their capabilities.' Facebook's contest consists of successive sets of increasingly difficult algorithmic problems. Scoring will be based on how accurately and quickly the programmers complete the puzzles. 'Meanwhile, the media effectively lionize groups like Anonymous by breathlessly reporting on their latest hacks,' writes Winkler. 'What we really should be doing is not to reward a handful of students to find problems, but to train all students, and inevitably the profession, to integrate security into their efforts from the start.'"
We've done this before. (Score:5, Insightful)
We've done this before -> the best h@x0r$ aren't the people beating their chests, sporting security credentials, hanging out at DefCom, taking down websites, or playing '5 minutes in heaven' with the 3-letter agency people. And they typically aren't the people who have an entire bookshelf devoted to books that actually mention hacking / cracking in the title. The dangerous people are the ones who have the dog-eared copy of Fundamentals of UNIX Programming sitting on their desk; they aren't using the hack of the week, or someone else's 0-day to compromise a system -> they know how the system actually works, all of its strengths and weaknesses. It's like the difference between some poor slob who bought a gun and keeps it in the front part of his jeans, and a trained Marine with his trusty hunting rifle.
Programmers themselves can be scored in several different categories, and it often takes a weird grouping off them to pull off anything outstanding. Knowledge of computing, theory of computing, theory of application, pragmatic programming, knowledge of the programming language / linguistics, mathematics, advanced problem solving, advanced research, imaginary problem solving, and lore of computing. I may have missed a few. Good luck getting all 10s in every category.
Security, by the way, is taught; it's simply not emphasized to the exclusion of other subjects. Most CS students know where the security holes, the major ones, can occur when it comes to programming. However, it's simply not cost-effective to chase down every last security issue (it could take years to release a product).
Re:We've done this before. (Score:2, Insightful)
I call BS. Most CS students DO NOT know where the "major ones" are. It is thought processes like this that lead to compromised systems in the first place.
As for the "cost-effective" argument, tell that to HBGary, or Sony, or any one of the hundreds of businesses that no longer exist. Tell that to the businesses that won't exist 2 years from now, and will never even know why. The really good compromises aren't detected, or if they are, are interpreted as minor ones.