On April 1st (Teaching on a fool’s day, quite awesome) I took up my friend Sara on an offer, teach the students of her school how to be safe online. St Joe’s is a small parochial school in Dorchester, MA of ~ <80 students.

Teaching people how to be safe online is not an easy task.

Problem: Catch the students’ attention spans long enough for them to learn something
Solution: Use proof by induction, show them a hack in a safe environment to open their eyes.

My Lesson Plan :
Verified all the students have or had an IM account at some point. Then I loaded up aim on one machine, sent an IM to a remote machine and packet sniffed the message. The looks on their faces were in a word: Classic.
This peaked their interest as I described that there is no such thing as 100% security on the internet.

Next I used a piece of software known Bad Store to show them how having a login and password to a site doesn’t mean your secure. Hooray MySQL injection.

Finally I finished it off with a talk on the importance of good passwords and password strengths. I consider these two topics similar but not the same. using a password like p455w0rd (strong but not good) and mynameisjohn (good as it is memorable but not necessarily strong). Of course the obvious question from them is why isn’t my (the students’ password) good enough? My question posed to them was well that depends is it one of the following: Favorite team, parents, siblings, followed by 0-9 or their birth year. After I said this many of the students began lowering their faces as they realized what applied to them. Unexpectedly before the end of my talk some students began guessing eachother’s passwords. Good times

Best part of all this: I heard the next day that many of the students had gone home and updated their accounts:) Good Habits start early!

Woohoo!

~Fred
UPDATE: St. Joe’s may want me to come back for their next school year, apparently I had an impact:) (I even taught some of the faculty a thing or to)