An anonymous reader writes: This story is a few days old however despite its dramatic claims, seems to have gotten very little attention. A Sydney Security Expert claims to have taught a class of 35 students to hack into 200 Large Australian websites belonging to Organisations on the Business Review Weekly top 200 list or large Government Departments. Mr Ajoy Ghosh who teaches at a Sydney University and has spoken at the Auscert security conference on computer law claims remarkable success with "over 50 percent of the systems being compromised within 12 hours, to the extent that content could be altered".
The thrust of the story is to point out Australian websites poor relative security. Is this conclusion an accurate one from the experiences of the slashdot community ? And what is the legal status of these types of penetration tests ? How far are students and teachers allowed to go in the name of research and education. If not illegal it would seem to me highly unethical to expose real world vulnarilities that would allow students to alter data if they so chose.