SANSFIRE pen testing fun

I'm writing these lines from Baltimore MD, where SANSFIRE conference has taken place. I was taking the SEC 542 Web App pen testing class with Kevin Johnson from Inguardians.com and the founder of the SAMURAI web application pen testing environment. It's a great class with a lot of experience being transferred from Kevin who is an excellent experienced security consultant. Learning the whole methodology and process of pen testing is really worth it. I've been doing pen testing for a while now, but this is like defining a process to follow. A guideline similar to the waterfall model used in software development for example.
At the end of the class there is a capture the flags contest, where all the students compete in teams to hack a list of web servers and capture three flags. It was really fun popping those boxes. Me and my team won the 1st place capturing all the three flags in less than 3 hours. Also one of the bugs exploited that I found myself that Kevin himself was not aware of and when we told him about it he was like "OMG! I'm gonna kill ya! DID I DO THAT?!".

It was an excellent overall experience although I was looking forward to more technical information. The transfer of knowledge was excellent, the exercises were to the point and realistic. And the competition at the end really summed it all up where we went through a full test with all it's phases.

Chinese Cyber Botnet Army

I was shocked to hear that china is planning to deploy a software, Green Dam Youth Escort, which is supposed to filter out pornographic and improper content. Certain parties were concerned about freedom of the community to reveal their opinions in political issues. However, I'm more concerned about something else..

Imagine that the whole Chinese population has deployed this government software. We're talking about billions of computers here!. What if the government decided to send requests from this software to a certain network. It's like building a "gigantic official botnet"!! I'm sure that they thought about that. That can be very handy in case of cyber warefare. It's actually like a secret cyber weapon that utilizes all the computers in china.

Anyway, weather this is going to be used in the way described or not, I think that's a good idea but it should be implemented in a different way. In times of warefare, governments can call for volunteers, like cyber soldiers. These volunteers won't have to do anything except deploy a software on their computers that is connected securly to the government via the internet . And the government then can control this giant botnet and make it act in an organized coherent fashion. It's the same idea as laser, laser is just light that is highly coherent. Also having a choice to volunteer, gives a good impression; giving people who are not convinced to just not participate as part of the democratic system and at the same time allowing people who are convinced with the government's political actions to volunteer.

I'm just dropping off some ideas i had. They're not organized yet so I highly appreciate your opinions