Why would any parents welcome the opportunity to send their kids to a school for hackers? Who in their right mind would be happy to learn that their kid had created a program enabling thousands and thousands of unsuspecting computers to be carriers of web garbage? Or worse yet, what if one of your child's assignments at the hacker school is to hack into a secure site, download some sensitive data, and then present it to the teacher as homework?
Can you envision some misguided web denizen enthusiastically instructing your kids how to write software designed to inflict mayhem on the Internet? Most definitely, there are far too many shady practitioners engaged in this unscrupulous and, very often, illegal activity for us to encourage our youth to participate in such corrupt learning.
But wait. Hacker Highschool (HHS) is no such place. It doesn t teach your kids how to become hackers the disruptive or unlawful kind. In fact, the lessons offered by HHS are designed to make students more knowledgeable about how to safely use Internet resources. As stated on their website, kids and teens don't have the knowledge to defend themselves against fraud, identity theft, privacy leaks, and other attacks on the Internet. HHS hopes to provide that education.
The HHS program was developed by the Institute for Security and Open Methodologies (ISECOM), a nonprofit, open-source research group that focuses on security awareness. HHS lessons deal with topics such as web and e-mail security and privacy, malware, digital forensics, and attack analysis. The 11 lessons and workbooks are available free on the HHS website.
As might be expected, each lesson starts with a discussion of a particular topic or group of topics followed by two or three student exercises. For example, Lesson 10: Web Security and Privacy opens with a discussion of the fundamentals of web security followed by a short description of how the web really works. Other topics presented in this lesson include web vulnerabilities, scripting languages, and common web application problems.
Some of the exercises are pretty straightforward. One of the questions asks if a student can access the school database that contains examination scores of all students. Another question addresses how access may be controlled and how will unauthorized attempts to enter the database be detected and reported. Other exercises may be more involved such as asking the student to open a favorite interactive website and then try to identify if it has security mechanisms that conform to any of the risk assessment value classifications.
There is a teacher certification program for those wishing to offer instruction to school-age children. It is critical, as stated on the HHS website, that teachers understand the materials because the content may be new to many and because of the possibility of misuse by the students. Candidates who pass the certification exam will have shown competency to set up and teach the HHS program.
HHS is relatively new most of the course materials were developed in December 2004. Obviously, no one can predict how effective it may become. However, we certainly need to make sure our kids are aware of all the pit-falls and dangers they may encounter as they travel on the Internet. HHS could be one step in the right direction.
Visit www.hackerhighschool.org and check it out for yourself.
