Hi all,

I am busy revising a security course I am going to present in the near future. I am looking for a real eye opener on this course. You know, something that will make the guys sit up in their seats and thing "what the hell ...."

I want them to really see why security is important. Many administrators prefer to not think about security, as if the problem will just then go away.

I know there is a thin line between teaching a security course and teaching a cracker course. I do not want these guys to become crackers but on the other hand one needs to think like one to stop one.

Your ideas will be great.

Thanks.

Do a clean install of XP right in front of them, go to a "dodgy" web site, and then show them how fast an unprotected computer can get infected with malware?

There was an article a few months back about a test of how long it took for an unprotected Windows box to get cracked once it was placed on the net. If I remember correctly the time was minutes, not hours. And this was with no user activity, just a plain install of XP with no firewalls or antivirus and then connected to the net.

With those kinds of times, you might be able to do a live "demo" right in front of them.

And if you need it done quicker, log onto a scriptkiddie IRC channel and say "You're all lame, I bet you can't touch my computer!"

Less than the time to get the patch