I recently watched this video at boingboing.net and though I just found it amusing at the time, it has become my number one party anecdote – especially for people in their finals. The guys who talk basically taught a course where the final assignment was to write down way to many numbers to remember (it required them to provide the first 100 digits of pi) and you had to cheat to get it done. I love the creative, sneaky methods students came up with (examples starting 4:11). It also teaches us a lot about circumventing system security.
“Every day security professionals face off against adversaries who do not play by the rules. However, at every turn in life we are taught to never… ever… cheat. Traditional information security education and training programs further compound the problem by forcing students to behave in a flawlessly ethical manner else face expulsion and castigation. In our work we have been teaching people to cheat. As the Kobayashi Maru taught us, it is only by stepping outside the rules of the game that we can truly succeed against no-win scenarios, and today much of information security is a no-win scenario. This talk will cover how to foster creativity and cultivate an adversary mindset through carefully structured classroom cheating exercises. We.ll cover dozens of techniques and show you the best of our students. work from writing answers on ceiling tiles to engraving answers on a watch to creating a false book cover for Little Brother X. We.ll also cover the underlying security principles, lessons, and countermeasures that we learned in the process. You.ll leave the talk with a better appreciation for the importance of cheating.
James Caroland is a Navy Information Warfare Officer, member of the US Cyber Command, and an adjunct Associate Professor in University of Maryland University College.s Cybersecurity Program..
Greg Conti is Director of West Point’s Cyber Security Research Center. He is the author of Security Data Visualization (No Starch Press) and Googling Security (Addison- Wesley) as well as over 40 articles and papers covering online privacy, usable security, security data visualization, and cyber warfare. His work can be found at http://www.gregconti.com.”