Student Suspended Attempting To Improve School Security

[Dubh Aingeal]

The University of Portland has handed a one-year suspension to an engineering major after he designed a program to bypass the Cisco Clean Access (CCA). According to the University of Portland's Vice President of Information Systems, the purpose of the CCA is to evaluate whether the computers are compliant with current security policies policies (i.e., anti-virus software, Windows Updates and Patches, etc.). Essentially the student wrote a program that could fool the CCA to think that the computers operating system and anti-virus were fully patched and up to date. 'In the design of his computer program, Maass looked at the functions CCA provides and identified vulnerabilities where it could be bypassed. He wrote a program that emulated the same functions as CCA and eliminated some security issues. He says that the method he chose is "one of six that I came up with." Maass says his intent was not malicious. Rather, the sophomore says he was examining vulnerabilities so that they could be fixed. "I was planning on going to Cisco with the vulnerability this summer," Maass says.

[BrassFusion]

i hope the publicity lands the kid a good job

[sinmantyx]

i hope the publicity lands the kid a good job

Yeah right: I was going to bring this up to you: really! I just thought I'd do it secretly for now.

...but yeah, he'll probably be head hunted.

[BrassFusion]

Yeah right: I was going to bring this up to you: really! I just thought I'd do it secretly for now.

...but yeah, he'll probably be head hunted.

how'd he get caught if he didn't admit to the project himself?

[sinmantyx]

how'd he get caught if he didn't admit to the project himself?

Who knows?

[BrassFusion]

i do!

[Troy Spiral (13)]

A lot of the guys that now work for Norton / McAfee / the DoD etc were "kids" programing viruses in the 80s and reading 2600 magazine. Some of whom would have never gotten jobs if they hadn't gotten busted. lol