Create an Account
username: password:
 
  MemeStreams Logo

Student suspended for bypassing network security - News

search

k
Picture of k
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

k's topics
Arts
  Literature
   Fiction
   Non-Fiction
   Sci-Fi/Fantasy Literature
  Movies
  Music
   Pop
   Electronic Music
   Rap & Hip Hop
   Indie Rock
   Jazz
   Punk
   Vocalist
  Photography
  TV
Business
  Tech Industry
  Management
  Markets & Investing
Games
  Video Games
   PC Video Games
Health and Wellness
  Fitness
  Medicine
  Nutrition
  Weight Loss
Home and Garden
  Cooking
  Holidays
  Parenting
Miscellaneous
  Humor
Current Events
  War on Terrorism
  Elections
Recreation
  Cars and Trucks
  Martial Arts
  Camping and Hiking
  Travel
Local Information
  United States
   Atlanta
Science
  Astronomy
  Biology
  Chemistry
  Environment
  Geology
  History
  Math
  Medicine
  Nano Tech
  Physics
Society
  Activism
  Crime
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
   Intellectual Property
  Media
   Blogging
  Military
  Philosophy
  Relationships
  Religion
Sports
  Football
  Skiing & Snowboarding
Technology
  Biotechnology
  Computers
   Computer Security
   Cyber-Culture
   PC Hardware
   Human Computer Interaction
   Knowledge Management
   Computer Networking
   Computing Platforms
    Macintosh
    Linux
    Microsoft Windows
   Software Development
    Open Source Development
    Perl Programming
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Student suspended for bypassing network security - News
Topic: Technology 12:41 pm EDT, Apr 30, 2007

The University of Portland handed a one-year suspension to engineering major and Air Force ROTC member Michael Maass after he wrote a computer program designed to replace and improve Cisco Clean Access (CCA).

Maass noticed flaws in CCA that would allow it to be bypassed in "antivirus and operating system check." Essentially, a program could be written that fooled CCA into thinking it was receiving correct information identifying a computer's operating system and antivirus as current and up to date.

According to Information Services Director Bryon Fessler, a fundamental purpose of CCA is that it "evaluates whether computers are compliant with security policies (i.e., specific antivirus software, operating system updates, patches, etc.)."

In the design of his computer program, Maass looked at the functions CCA provides and identified vulnerabilities where it could be bypassed. He wrote a program that emulated the same functions as CCA and eliminated some security issues.

He says that the method he chose is "one of six that I came up with."

Maass says his intent was not malicious. Rather, the sophomore says he was examining vulnerabilities so that they could be fixed.

"I was planning on going to Cisco with the vulnerability this summer," Maass says.

[ On it's face, this is definitely the university's response, for better or for worse... it doesn't look like Cisco had any hand in it. Plus, handing his software around might not have been the best idea in the world.

Nonetheless, Cisco shares some responsibility, together with a lot of other companies, for setting the tone that security research is dangerous and that doing it outside of their strict and private rules should be met with sanctions. I think the whole idea that security problems can be responded to by silencing their discovery is the fault of a lot of people and it's a damn shame.

Student suspended for bypassing network security - News



 
 
Powered By Industrial Memetics
RSS2.0