Learning Strategies

One of my tenth-graders gleefully tells me about a CS professor at the University of Wisconsin who held a contest in which he challenged others to “hack” into his Mac, and someone did so in 30 minutes.

At least that was this student’s claim.

But he got the story slightly wrong. The truth was, well, ever-so-slightly different. The person who “broke in” already had an account on the machine, so he just used his regular username and password.

Oh.

Here’s what really happened:

A university systems engineer who presented a "hack-my-Mac" contest closed down his own challenge on Tuesday, saying that even after 4,000 log-in attempts and two denial-of-service attacks, his Mac mini remained untouched... Schroeder said the system drew attention and lots of traffic, with 4,000 attempts logged. The Mac withstood two denial-of-service attacks, brute-force SSH dictionary attacks, numerous Web exploit scripts, and uncounted probes by scanning tools.

So what’s the important point of this story? The minor point is that Mac OS X is far more secure than Windows. But the major point is that a really smart and well-educated high-school student could get the story so wrong. Apparently he naively believed an unsubstantiated and inaccurate report that this guy (who already had a password) had “hacked into” a Mac. Now of course my student wanted to believe the false report, just as I wanted to disbelieve it. I told him (and his class) afterwards that they need to be skeptical of accounts that make implausible claims: extraordinary claims require extraordinary evidence, or at least some evidence!

The moral is to be skeptical of what you read.

Related issues on yesterday’s episode of Numb3rs — more thoughts later on this subject, along with remarks about the Skeptical Inquirer magazine.

Labels: teaching and learning