Thursday the 24th was a very straightforward day as we were bringing most of the coursework to a close and moving into the evaluation phase – not just for the students but for the course itself. We started with a tutorial on security, where we went through a range of issues and looked into the most commonly occurring problems, as recorded by the Computer Emergency Response Team (CERT) webpage. A lot of the problems we get are caused by:
- Programmers not checking what users type into their programs.
- Programmers not properly limiting what programs send to each other.
- “Back door” exploits where hard-coded usernames and passwords are left in.
We had a chance to discuss white hat and black hat hacking – patching a bug will get you a small cheque and a shout out, reporting an exploit to a criminal syndicate can make you rich. (And hunted or dead, for that matter.) It’s an interesting area – ethically and academically.
I’d asked the students, on Tuesday, to pick an area of security to talk about for 5-10 minutes and this proved to be a really interesting activity, taking longer than the hour I’d allotted for it. Topics included the Stuxnet Worm, and you can imagine we got a lot of interesting discussion out of this one, mobile device problems, the RTM Work from 1988, Botnets, Cross-site scripting issues, and the Heartbleed bug. (Compulsory XKCD comic here.)
I like asking the students to go out and find things because, by presenting it to each other, we get infectious enthusiasm and we have people applying their knowledge to reinforce what we’ve learned in class.
Then, for the final hour, we sat down and discussed the course itself. The students are still free to put in anonymous reports on things they don’t feel comfortable discussing with me, but I wanted to get a feel for what we should be improving. Overall, the course has been a great success and, teaching-wise, it’s gone pretty well. We have to smooth out some administration issues on our side but we already knew that and we’re starting the planning process for the next time in the next week.
It’s really great for me to get a sense that the students both enjoyed the course and learned from the course. As we always say, engaging isn’t always effective, but in this case it appears that it has been and, so far, the results I’ve seen reflect that we’ve achieved a great deal in a short time.
Only one day left, which is mostly a final talk from me, some “thank you”s and a dinner. Then we all start our flights home.
Only two more updates for this trip to come – the final Friday and my overall reflections. Hang in there, I’m nearly done!