Sweatshirt Weather!

After a long, icky, sweaty, sultry hot summer in D.C., we finally had some Seattle weather here today. It was cloudy and gray all day, and cool and breezy. Upper 60's. Just lovely. When I told the postal clerk to "Enjoy the weather!" she probably thought I was nuts. I could've jumped for joy when I stepped outside.

School is in session, and this semester is going to be another killer. I'm taking "Protection of Information Systems," which uses the ~1,200-page Shon Harris CISSP book. The amount of reading I have to do for that class surpasses even Ethics class from this summer. The class technically isn't a CISSP prep course, but I figure that, if I'm going to read so much of the book, I may as well do the whole chibang and take the CISSP exam when the course is over.

It's the kind of test you want to pass on the first try because it costs over $500 to take it.

Certified Information Systems Security Professional (CISSP) is one of the hardest certifications to acquire in the IT industy—also one of the most esteemed and valued by potential employers. I know a handful of people who've passed the 6-hour 250-question test. They're all very smart guys, but even they have told me how incredibly hard the test is. If my brain is still functioning after final exams, I'd like to sit for the test in December or January. We shall see.

I'm also taking a class that I know I'll enjoy, "Computer Law," better known as "Computer Crimes" by the teacher. This is the same teacher that I had for the criminal procedure class that I loved so much last spring. He's a DOJ prosecutor. He's tough, but we all love him.

So far we've been talking a lot about U.S.C. Title 18 Section 1030, otherwise known as the Computer Fraud and Abuse Act (CFAA), which has only been around since the mid-80's. By constitutional standards, it's a relatively young statute. I'm glad I recently read Cliff Stoll's book (The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage) about the first documented hacker attack because one of the cases we study in this class is the United States v Robert T. Morris case, and Cliff was one of the folks that help track down RTM, the creator of the first known Internet worm.

Mr. Morris, a graduate student, was convicted under the CFAA for his 1988 release of the worm, which brought down thousands of government Arpanet computers across the U.S. His primary defense was based on his claim that he had no intent to do damage; (and he was basically given a slap on the wrist and a $10,000 fine for his crimes). No intent? Really? That's strange becuase he went to great lengths to hide his tracks.

For example, he released the worm without authorization from MIT's network, not from the Cornell network where he was a student. In addition, he later released his "Oh-crap-what-have-I-done-here's-how-to-kill-the-worm" email from Harvard's computers where he'd formerly had an account, not from the Cornell network. Not only that, but he'd built a fail-safe into his worm ensuring its replication on at least every seventh computer it was passed to, knowing it would multiply at an exponential rate.

All of this stuff fascinates the heck out of me. I love reading about it. I never knew school could be so enjoyable. So this is what's it's like to work on a degree in a field I actually enjoy!

I can't wait for the day that I graduate and can get out there and do work that I enjoy. It's too bad that many of us run off to college at 17 or 18 years of age when we really have absolutely no clue what we want to be when we grow up. I was one of those, and I struggled with it for a good 18 years after that.

Why can't we have the kind of wisdom that comes with middle age when we sign up for college? And the kind of body in middle age that we had when we signed up for college? Just more of life's mysteries....