[Cialug] HacKidCon

Josh More MoreJ at alliancetechnologies.net
Tue Apr 27 18:46:41 CDT 2010 

Paul (and anyone else who cares, I guess),

I was thinking of younger kids than high school age.  I think that high schoolers are sufficiently aware of technology that Linux is natively interesting.  However, Linux is also easy enough to install these days that there's really not much appeal to the traditional "install day", we've done for SFD.  So far as the "opportunities closer to home" goes, I was thinking about the group hosting our own HacKidCon (or abbreviated form thereof)... so it would be local.  Personally, I think we have to do SOMETHING.  We're a pretty good group with pretty good skills.  I don't understand why we always have such a poor turnout when it comes to doing SFD and the like.  Since we have a lot of members with kids, I was hopeful that someone would think that this is a worthwhile idea.  (Maybe we could host it at the Science Center?)

So far as the "just missed it" goes, I must say... this keeps happening.  I know that IA State does regular Cyber Defense contests, but the information as to how to get involved never really seems to make it to me (or us).  I find this odd, as I'm involved in both Infragard and ISSA, and was involved in a Capture the Flag event once... but was never contacted again.  You'd think that if the groups welcomed assistance, they'd contact the security groups and individuals.  \

I suspect that there is a "town/gown" issue going on here.  If you are involved with these groups (as you seem to be) can you find out what lists I have to get on (or RSS feeds, whatever), so I can know ahead of time?

Thanks,

-Josh More, CISSP, GIAC-GSLC, GIAC-GCIH, RHCE, NCLP
morej at alliancetechnologies.net
515-245-7701

________________________________________
From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Paul Gray [gray at cs.uni.edu]
Sent: Tuesday, April 27, 2010 18:28
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] HacKidCon

On 04/27/2010 06:04 PM, Josh More wrote:
> So there is a movement in the security community to do something like this: http://www.hackid.org/
>
> We've talked about trying to get a kid-friendly Linux day going sometime... well, these guys are building a model, albeit in the security space.
>
> Is there general interest in the group to do something like this?  Possibly for SFD?
>
> Personally, I think it's a neat idea, but some of you who actually have kids might want to weigh in here.  ;)

You missed a great "kid" security event that was held in Ames (ISU) last weekend
-- IT Adventures Cyber Defense Competition (if you can call high school students
"kids").

Students ("Blue" Teams) were charged with keeping systems and services up
throughout the day for their users ("Green" team), while keeping out the hackers
("Red" Team).

The scenario differs each year, but the teams were given a Ubuntu 6.06 server
with existing web content that had about 50 backdoors, ranging from php
passthu() and system() calls obscured in their content to planted c99.php shells
and setuid vim binaries.

No root mysql password, webmin running externally on port 8080, no root password
required for root ssh access, cron jobs running that wipe root's .bash_history,
anonymous uploads to directories that would run php scripts, planted setuid
binaries on the system that would run with NOPASSWD for www-data, etc. The web
server that they were given to administrate was a mess - and rules prevent teams
from wiping the OS or upgrading it to a newer distribution.

They also had to support mail, scp-based fileserver, and a pfSense firewall.

This year there were 19 teams registered in the Cyber Defense event.  I mentored
NUHS' teams.  We spent two week's worth of lunchtime and after-school meetings
preparing for the onslaught.  (Every team had just two weeks to lock these
systems up tight and configure usable services.)

My point is this: If you're looking to get involved with kids and interests in
security, there are opportunities close to home, too.

[There was a separate gaming component to the IT-Adventures gathering,
too...similar to the gaming component of hackid.com]

--
Paul Gray                                         -o)
314 East Gym, Dept. of Computer Science           /\\
University of Northern Iowa                      _\_V
  Message void if penguin violated ...  Don't mess with the penguin
  No one says, "Hey, I can't read that ASCII attachment ya sent me."
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list