Slashdot Mirror
School Teaches 'Ethical Hacking'
Yardboy writes "A Yahoo! News/Reuters story discusses students in Los Angeles paying $4,000 to attend 'Hacker College' and become 'Certified Ethical Hackers'. Apparently: 'Instructors race through topics like symmetric versus asymmetric key cryptography (symmetric is faster), war dialing (hackers will always call late at night) and well-known TCP ports and services (be wary of any activity on Port 0)', and the president of the college: says 'What we attempt to do in our classes is teach how the hackers think.' Hmmm, perhaps 'Certified Script Kiddie' would be a more accurate designation."
Better watch out, article submitter! Me and my friends are totally gonna DDOS you now!!!!
And I think I speak for all the CISSPs in the room when I say . . .
hahahahahaha!
Thanks, I'll take self-study and put the four grand down on an M3. Sellout? You betcha. *grin*
trustedworlds.net - gaming, security, and the gunk that lives in between
what operates on port zero?
The name of the certificate is new, but the concepts are not novel.
We went through an entire class about computer ethics. We had to to get a Computer Science degree. And since it was an actual Computer Science degree, we learned all about security and machine language and what have you... basically everyting you would learn in this course.
This program seams like a stripped down version of computer science for people who are only interested in security related work.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
ICMP
First day. 2day kidZ, w3 LeRN 2 HaX0R t3H g00d w^y...w00t. OMG. RTFB.
"It'll destroy you if you try to make it mean anything to anyone but yourself." - Henry Rollins
What they don't tell you until the PhD course is that it's always late at night somewhere.
Sounds like they are social engineering people out of $4,000.
One way is that we have more "white hats" out there to help secure networks and make other businesses better.
The second way is that we will have more script kiddies out and about to cause trouble to everyone on the Internet and other networks.
I just hope that the school is going to do the right thing when it comes to this touch-ee subject.
Friends help you move...
REAL Friends help you move dead bodies... ^_^
Am I missing something? Lots of companies are doing this.. for example: InterfaceTT CEH Information
Now we have SCHOOLS that teach that "hacking" means breaking into computer systems
I wonder how long before they offer the qualification of "Certified Pointy Haired Boss"?
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
I remember when the CEH first came out. They may work as a simple start, but they shouldn't be considered a stoping point to learning.
A really sucky "school"..
You teach ethics, not "hacking ethics". Sounds like a money grab for gullible script kiddies.
I shoudlve thought of it first.
Sporting long sideburns, a bushy goatee and black baseball cap, instructor Ralph Echemendia has a class...
He wears a black hat, and we're expected to believe that he's teaching ethical hacking? It's a cover! He's building an army! TERRORISTS!!!
do not read this line twice.
Wake me up when they offer Ethical Racketeering, Ethical Pimping, and Ethical Congressional Campaigning.
I think comptia already offers the ScriptKiddie+ certification
I'm offering 5 dollars to help a poor Microsoft programmer attend this school, where he will learn how hackers think in order to stop them. Maybe if we all contribute to the pool, we'll have easier lives.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
4r3 7h3y c3r71f13d 1n 1337sp34k? j00 c4n't b3 4 h4x0r w17h0u7 1337sp34k. ;-)
Do you like German cars?
This is an outrage to all of us who toiled for years to become script kiddies and received no formal documentation of our accomplishments.
I do security
So now they are going to have a listing of all of these script kiddies' addresses. Now we know where they live, just match up the IP to the address to the name.
...of self knowledge and recognized accomplishment amongst your peers that only MCSEs have enjoyed up to now.
The problem with teaching Comp Sci, let alone "hacking," is the methodology in which the teachers teach. The only way I ever learned any type of programming was when someone said, "Go build an application that simulates RSA cryptography." 12 C++ files later I learned more then I did in 2 years of "intro" classes. The same goes for this as well, these kids wont get much more out of these classes then learning to use some scripts or demon dial or whatever.
They should get a project that entitles building some sort of application which can be relseased to the Open Source community.
Wow, war dialing, early 90s, wow.
GroupShares Inc. - A Free Online Investment Community.
-------
artlu.net
Learning how to defend against getting hacked by learning how to hack is nothing novel. It sounds like a great idea on the surface, because it gives you the tools to probe your own weaknesses the way your attackers will. But you're always going to have to keep up with the latest methods, scripts, etc. IMO, A net admin who isn't at least a hobbyist hacker probably won't get much from a hacking bootcamp except a false sense of security.
- Greg
Start a happiness pandemic
Anything with root privileges, assuming something else hasn't binded (bound?) to the port.
...although $4000 sounds a little steep. Most hackers are probably self trained, as in $0. Every corporate network better have someone involved in its design and maintainance that has some knowledge of hacking though, or else it will be a sitting duck. I had a professor that was a consultant who hacked companies to discover thier vulnerabilities. Obviously nothing malicious, and he told them about everything he gained access to and fixed it. Sounds like one hell of a fun job.
Recent graduates of the 'Hacker College' realize that their diploma is virtually worthless in the real world and come to realize that they were just socially enginered out of $4000 dollars.
Do they get a white hat with the certificate?
is never good or evil. If the students are atttending for the right reasons, then this will help them understand the basics of how script kiddies work. And what do the current stats tell us about most attacks? That they are unsophisticated and are run by people who have little deep knowledge of systems. So this course wil (theoretically) allow them to better protect against the majority of attacks. If the students are attending for the wrong reasons, then they spent $4k for what a day or two of googling and reading would have gotten them. BFD.
Always value the individual over the system. --Bruce Lee "I don't need a Sig - I have a custom 191" - me
more of an course to help corporate types to be better aware of and combat cracking (note usage of correct word here) techniques. Your typical 'script kiddie' ain'ta gonna blow $4000 on a course on cracking; he's gonna hang out on IRC and cracking/warez sites to try and mooch some free advice and 'proggies'.
IMO, a network admin ought to all ready know the tricks of the trade and keep him/herself up to date on the tech. But I guess this course probably does provide a good service to some... seen waaaaay to many fresh IT grads who may have aced all their classes but still manage to get out in the real world without really knowing how it all works.
I haven't read it yet, but I'm rather skeptical. It seems like $4000 dollars and a few weeks in the classroom teaches you how to run sploits you download from packetstorm. It doesn't make you suddenly become skeptical of everything a vendor tells you, or make it become a habit to run a sniffer with watchtemp when you install software on your test lan. It doesn't make you enjoy reading bugtraq.
There's a heck of a lot more to "hacking" than what they can teach you....think "lifestyle"
"Weapons should be hardy rather than decorative" - Miyamoto Musashi
I think that goes for OS's too
Anyone who is smart enough to hack, is smart enough (save for those with mental problems) to realize the difference between right and wrong.
Anyone who wants to take an ethics class obviously has some ethics (what you think someone lacking morales will be taking an ethics class to hope improving himself)???
What they should offer is a class that teaches non-techies what is a hacker - so they learn that not all hackers are evil people bent on ruling the world (not there is anything inherently wrong with this..I mean if I ran the world, it would be a much better place - for you and me....well more me, but it's all good)
I mod down so you can mod up. Your welcome.
$4,000 seems a bit expensive. I'm not seeing the true benefit of having a "Certified Hacker Certificate"? I think the days of getting a job out of highschool because you took a hacking course are over (if they ever existed in the first place).
Right now the University of Cincinnati is about $8,000 for a year. And I thought that was expensive.
Seems trendy to me...I just don't see hacker courses having much of a true impact on security.
But kudos to whoever is making money off the idea. Wish I would have thought of it.
Better than Flickr - Manage, Share, Archive
If you're wondering when the word "hacker" came to mean something sinister, the answer is 1987.
As far as I can tell, it was the the US media that got that ball rolling when they were trying to investigate the 1987 "Internet Worm" released by Robert Morris Jr. The Worm caught the news media off-balance because 1) they did not know what this "internet" thing was 2) there was no terminology for this kind of crime.
Remember, this was before the World Wide Web (which some of you may not realize is a layer ON TOP OF the Internet, not the same thing), and the news only knew that the military had been connecting computers for research, but even that information was kind of sketchy if you weren't in the thick of it.
So, they asked around and got some experts on the phone and the word that kept coming up was "hacker". Well, the reporters in question didn't realize that a "hacker" was a fairly old term used by the MIT Tech Model Railroad club and later spread around the word as term for a "productive enthusiast". They just knew that Morris the Younger was a "hacker who broke into thousands of computers", and that was news!
We've all tried to stop that land-slide ever since because those of us who called ourselves hackers pre-87 are not too thrilled with the perversion of the word's meaning, but at this point it has become clear that it's simply going to be a matter of dialect. In certain circles the word has one meaning and in the rest of society (not just English-speaking society) it has a very different one... oh well.
The world needs more hall-of-famer quarterbacks, and they're recruiting 5yr old peewee footballers.
For you apologists out there, keep in mind that I myself would only charge $2000, and you'd be at least twice as non-lame as these jokes.
And paid for it with credit card numbers I stole from various hotmail accounts.
the script kiddies are all going to be outsourced to a 3rd world country soon anyway... oh wait!
Hey, I think this is a great idea. I think that every hacker should get the certified ethical hacker badge.
BTW, I will be selling the answers to the certified ethical hacker exam on my site for selling answers to the MCSE exams and other equally important certificates.
Woah. If the course is lectured by Angelina Jolie, I'll cough up my 4KUSD in about 3 seconds flat ;)
and with my post being 'dumb answer', i am also correct. your answer was smarter :-]
(BTW, doesn't this "Economic Times" look like a pretty shameless rip of the Financial Times? I wonder if their print edition is salmon-colored.)
What I'm listening to now on Pandora...
"from the honorary-mitnick-doctorate dept."
... the article title states 'Ethical Hacking' ...
Strange
KARMA TAG! You're it.
my favorite line...
"We teach students how to hack and how to code and here are the students applying what they've learned against us," he said.
"Texas"...well..."I've never seen that movie"...exactly!
the correct term is Hactivists. sheesh.
Man creates computer, internet.
Intelligent, misunderstood youths discover internet, realize they've been lied to, strung along, generally mistreated. Youths show the guts and brains to learn without teachers.
Feds discover internet, realize there are children smarter and more skilled than them, throw beauracratic temper-tantrum, track down said kids (well, some of 'em) and bust them, refuse leniency.
Feds realize this "internet thingy" is more important than they though, and worse, there are kids in other countries who not only have mad skillz, but also actively hate america. Feds shit bricks.
Gov't, realizing it has cut off it's left testicle, tries to fill the gap with "Ethical hackers", ie, tries to create what it had in the first place.
Jeezus F Kryst on a surfboard, why didn't you just train the @#(*&^*(@# hackers in ethics in the first place? You can't teach curiosity, autodidactism or problem solving.
Nature laughs, goes back to being inscrutable.
Way to go.
"A witty saying proves nothing." ~Voltaire
"d'Oh!" ~Homer
Certified script kiddie for sure.
I mean the real certified ethical hacker degree exists for a long while and it's called computer science.
A fool and its gold...
This is true 'ethical' hacking. And you don't even have to go to school to learn it. Well never mind, you have to go to school...
NMG
Is it worth $4,000? Depends what you're looking for. If you're trying to train up new secteam personnel, it might be a good buy. At the same time, experienced security researchers will find it a solid but not frontier-pushing class, so I wouldn't recommend it to anyone who, say, posts to BugTraq. As well, a lot of specialized platform knowledge also gets passed by, so this doesn't obviate the need to do significant research on your particular installations.
Comment removed based on user account deletion
Script kiddies don't need to know why symmetrical encryption is faster... they just need to know how to subscribe to Bugraq.
To break in and steal the source code for Duke Nukem Forever ?
symmetric versus asymmetric key cryptography (symmetric is faster)
That's like saying "sleeping vs driving (sleeping is faster)". Two different things used for two very different purposes...
Instructors race through topics like symmetric versus asymmetric key cryptography (symmetric is faster)
If the extent of what they teach you about symmetric and asymmetric encryption is that symmetric is faster, then you should be demanding your money back. Saying that symmetric is faster is neither a useful comparison, nor even neccesarily true.
Link to the official h4x0r1n6 t00|, handed out only for those who have received their degrees.
0f1c14| H4x0r1n6 t00|
:p
Old news :(
Honestly please stop posting this crap. Not only is it old news, but its really alot of poo poo. Try reading Phrack or other underground zines. There are tons of entry level zines and zines that are for more advanced users (phrack). Save yourself $4000 and do it from the confort of your own home. If you want to know how hackers think, try speding some time on undernet. You get the feeling real quick :)
This is not a flame.
Hrrm... I usually just sign my name.
My company sends me to pretty much any security course I want to learn a thing or two and to keep up with the trends. I'm a CISSP and if you've already gotten that far, the CEH is really really basic. You are far better off spending your money on a SANS conference and prepare for a GIAC cert.
You can teach kids how to use a gun, but you cannot make them mature over night. That's why it's better off NOT teaching kids how to use a gun. I don't care if they are A students, kids are kids, they do stupid things. Even if they have an IQ of 1000, it's no different.
Shouldn't this article be in `Its Funny Laugh'?
(1) Do as I say, not as I do.
(2) Do it to someone else, not to me.
(3) You learned this from someone else, not from me.
-kgj
-kgj
Well, actually it was a UK course teaching the same curriculum, it seems.
Shortly afterward, the fucker got fired for gross misconduct, and hacked our company's servers using backdoors that he'd personally set up. So no, I'm not too impressed by people teaching this.....
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
Though as it was already pointed out, this is an excellent example of social engineering. They ought to give kickbacks to Mitnik for every fool who enrolls in the class.
Chris Knight is my hero.
75% of the graduating class is under house arrest for hacking back into the schools' cc merchant account servers and getting their $4000 back. The other 25% also stole back their money, but couldn't be traced, and are presumed at large.
stuff |
Err...the confusion of degree and diploma is probably caused by me using the words incorrectly. I am not a native speaker of English, but haven't spoken my native language (Dutch) seriously for so long that I wouldn't know how to name these things correctly in that, either.
I might have been better off if I had done more investigation, indeed, but there are a couple of issues that complicate things. The college I attended gave me a BA degree, and few of the courses I took were CS courses (they didn't really offer any). On this basis, many universities won't even accept me, unless I do a bachelor first. However, I already know much of what I need to know, so a CS bachelor would probably bore me to death and cause me to drop out because of that.
The university I am in offers plenty of interesting courses in CS and EE (which I personally don't like to do, but my girlfriend likes it a lot), and has good facilities, and accepted me without requiring me to do take a bachelor program first. Also, I was hoping that since a lot of open-source projects have a major distribution hub here in Enschede there might be some interesting activity going on. I haven't really found that yet, but then, I've been too busy to look for it.
Please correct me if I got my facts wrong.
You WILL NOT learn hacking, even in the context that they're teaching (subverting the security of computer systems), in a class. You may learn about all kinds of tools; and about steps and techniques to attempt to break into computers, but the real work is not in a classroom. I still believe this after taking SANS Track 4; which was excellent training, but did not drop me back on the street with the ability to be pen tester extraordinaire. It's like the commercial says: you get good with practice. I think that's part of the reasoning behind SANS's practical papers for their certifications - so you research, and PRACTICE, and learn things by doing. Now, let me add yet another disclaimer to my posts - practicing does not mean going out and writing malicious code and breaking into sites. Practice means taking your own little air-gapped network and exploring every aspect of the art that you have time and aptitude to learn. Real hacking, the essence, and I'm not trying to start a definition war here; is trying everything you can and learning everything you can - for good or for evil now; but you get the point.
I think with the interesting people, their lives can't possibly be wrapped up into a nice little package.
Hmmm, perhaps 'certified arrogant ass' is more fitting for the submitter/editor.
I've dabbled the last couple years in computer security and rolled a lot of exploits. (I've read every damn book, article and theories, everything from the "smashing the stack for fun and profit" to the latest O'Reilly Secure C & C++ Programming Cookbook).
I don't parade around as an ass and try to make others feel lesser than themselves just because I've written shellcode to 'sploit a couple bigger name products.
Perhaps the real reason for this class is simply to collect a large mass of 1337 Do0d5 in once place for their eventual "disposal"
--Shhhh....don't tell anyone.
"Me fail English, that's unpossible." --Ralphie
The course seems pretty expensive and probably not exactly ideal, but it's a bit more than just script-kiddiesm. Unless, of course, the tests look like this:
Q: You are the IT manager of an online business. The owner is pleased to announce that the business has enjoyed rapid growth, and has asked you to prepare an outline of system upgrades and estimated costs to deal with an estimated 8,000 daily visitors consuming approximately 320KB, with the number of visitors doubling every six months. What are your main concerns likely to be? (circle all that apply)
a) Cost of expanded bandwidth utilization
b) Maintenance issues associated with a medium-sized server farm, as well as software concerns regarding your web application and load balancing
c) Continued self-hosting via the corporate T1 line vs. co-location
d) wtf ???? ummm just run linux+apache d00d !!!!!
Q: You are a consultant, hired to evaluate the security and efficiency of a small business's server configuration. Your employer, inexperienced with both the technology itself as well as online business in general, has hinted to you that he's not certain how competent his system administrator Simon is. In evaluating the systems, you discover that Simon has misappropriated the server budget to upgrade his desktop system to play Unreal Tournament 2k4, and has left the actual servers themselves equipped with 386s and faulty hard disks. As you were confronting him about this in the server room, he excused himself from the room to fetch "documentation" while his young and pimply-faced apprentice tripped the halon fire extinguishers. What should your reaction be?
a) Immediately contact the police.
b) Inform the manager, and urge him to speak with the apprentice's parents about a possible intervention.
c) Return a favorable report after realizing that you have become tangled with things far larger than you, and never interfere with those servers again.
d) whats a halon fire
Q: A company has suffered a break-in. Not having a security professional on-hand, they have turned to you as a forensics consultant to help them assess the damage, identify the point of origin, and take appropriate response measures. What will your first action be?
a) Request a list of all servers on the network with their operating systems, as well as servers and version numbers.
b) Unplug the servers.
c) Inquire if there is any way an employee could have accessed the servers.
d) Ask your friends on EFNet if they did it.
yet another cert! c'mon guys, you know you love cert-creep!
ed
1in0x 4 h0m0s
So they're teaching skills. That's not ethics. "Ethical" hacking, if there is such a thing, requires action, not just a skill set. So the ethical part is how you use your skills.
to become a true l33t hax0r:
Rule #1: Soviet Russia does NOT hack you
Rule #2: Windows hackers are referred as "llamas", therefor, do it more!
Rule #3: DDoS attacks are also referred as "trainee's training"
Rule #4: Hacking an O/S which makes part of 1% of the market makes you an l33t3r h@x0r.
Rule #5: If you get caught, you blame it on the guy who doesn't speak english. Ah Zutroy.
wtf? ethical and wardialing in the same paragraph?
how do you ethically wardial?
This is true 'ethical' hacking. And you don't even have to go to school to learn it. Well never mind, you have to go to school...
NMG
after the Sept. 11, 2001, attacks on the World Trade Center and the Pentagon, the company expanded its focus to information security courses.
That makes no sense. I could see them expanding in the wake of some vicious worm or virus, but they might as well take their inspiration from Chechnya. It makes it seem like they are in the business to trade on fear-of-hackers rather than to provide real security. Not that that's a bad marketing angle, but just one I'd have moral issues using.
HIV Crosses Species Barrier... into Muppets
...The idea has been covered here before. Of course, this time around students are paying a lot more ($4000) so I guess that part is new ;-)
7Hi5 c3r7iFi35 7H@7 U g07Z p@5$3D @Ll 7h3 rEqUiReD c0uR535 f0r H@ck3r c0lL3G3. U @R3 N0W 31337.
It's a perfectly cromulent word.
I bet their training video will be the movie Hackers.
Red Bull gave me wings and I flew into the ceiling fan.
> You know, it's only been within the last few years that I've heard any significant usage of the word "cracker" with regards to computer security.
It usually means dumbass white motherfucker where I'm from.
The dangers of knowledge trigger emotional distress in human beings.
Actually there is a need in the business world for ethical hacking. I know companies that do ethical hacks against sites that host their products every time they offer a new product to the public via the web. Having a working knowledge of cryptography and knowing how to apply it when trying to hack into a site and/or database is beyond a pimple-faced 15 year old sitting on daddy's computer tweaking existing virus code.
The $4k is just a security deposit. The graduating students hack into the schools accounts and steal the $4k back once they get their diploma.
HA! I just wasted some of your bandwidth with a frivolous sig!
The same goes true for hacking. I don't know of anyone who would drop $4000 on a one week course in hacking. There are plenty of sites out there solely to teach this to a new generation of 1337 kod3 k1dd135.
Does the teacher delve into the reasons why most Windows systems are compromised? Are the first two days dealing with using strong passwords? Day three kernel patching. Do they teach how to write shell code? To they teach a course on ASM so the student may reverse software to find flaws? Do they teach about buffer overflows and injecting code into the buffer?
The point bieng a piece of paper doesn't mean a thing. Can these people now implement what they have learned? Can they use SQL Injection? How can you cram all that in a week?
BTW for $4000 a week do you get a hummer with that?
I am Bennett Haselton! I am Bennett Haselton!
The same guys who push the MCSE courses on the radio have, for the past year, been advertising "You can become a cyber-cop!". I think it is computer learning network. They basically guarantee that you'll learn everything you need to know to work in the security field by taking their 10 week course.
Good point. Didn't realize I came of so haughty sounding. FWIW, I Am Not "Elite".
"A witty saying proves nothing." ~Voltaire
"d'Oh!" ~Homer
I gravitated towards ISECOM's OPST/OPSA classes because they fill a role I felt was missing in the security class space. Many non-vendor specific security classes have a very narrow tools based focus. While I agree that knowing how to use your tools in a test is important, I feel knowing why and when to use them is far more important. Knowing the politics involved in testing, going over internationally accepted testing practices, and reviewing regional and national legal regulations are just as much part of the job. These things are not merely important, but are required to be successful in your role as a security tester. In addition to the intensely technical aspects of the testing process, this is what the OPST represents; the "professional" side of security testing. Also, the ISECOM classes teach from ISECOM's Open Source Security Testing Methodology Manual (OSSTMM) which provides a much needed methodical framework to bring a scientific method style to the chaotic world of security testing.
The CEH class represents the other kind of class. One that is "flashy", "fun", "exciting", but not overly useful to the serious professional. While I have a lot of respect for Clément (one of the instructors for Intense School), I have very little respect for any organization that markets "hacker" classes. This includes the so-called ethical hacking, applied hacking, exposed hacking, grandmother hacking, squirrel hacking, super-duper 3y3 4m 31337 hacking, or any other fancy way of saying "Learn how to think and act like the bad guys".
While choosing where to spend your time and money, consider the community you are aligning with. If you look at ISACA, SANS, ISC2, ISECOM, etc.. they all have a true dedication to security and the betterment of the global information security community. Contrast the value of being affiliated (via education/certification) with any of those organizations over a piece of paper and a cd of toys.
"10 out of 10 Terrorists agree - Anybody but Bush in 2004"
Which is a bit of a dumb sig. He's the best recruiting sergeant that Al-Quiada ever had. I read one analysis that said that the A-Q are desperate to commit an "atrocity" on US soil during the elections in order to gift the election to Bush, and keep him in power.
works best if you try during the 13:00 - 14:00 hour, the entire place is either AT LUNCH, or comatose from the 4 martini lunch. During the noon hour the entire place is likely to be on the net making bandwidth too precious. After hours calls attract too much attention these days.
"Instructors race through topics"
I thought hacking was only fast in the movies.
Ya know, I used to hate it when people would bitch about subimitting a story and getting rejected...then a few hours later it gets posted from someone else.
Well, now I understand. I submitted this story earlier this morning. WTF? To everyone else who has been hosed on and rejected... I now feel your pain.
*tear*
-Mark
Dovie'andi se tovya sagain.
He was held without bail and without charges before all the cool muslim kids started doing it.
I was always under the impression that (at least in the US) the difference was that a university had graduate programs and a college didn't. I went to Sewanee and we were told that it is considered a university because if offers a graduate degree in theology, while other schools in the area, such as Davidson College, were colleges because they had no graduate programs. It's the difference between being able to give Bachelors and Masters degrees.
Anyone else heard this version?
Never underestimate the power of human stupidity -RAH
now that is an interesting question. of course, given the attitude of the test designer, that might actually be redundant. :>
ed
The security testing world actually has a pretty good methodology behind it now.
Check out the Open Source Security Testing Methodology Manual (OSSTMM) from the Institute for Security and Open Methodologies (ISECOM)
hmmm i wonder what the school's called
maybe "0wnz U"?
Script kiddie preschool: $500
Script kiddie kindergarden-middleschool: $1000
Script kiddie highschool: $2500
Script kiddie juco: $3000
Script kiddie U: $4k
Cost of being the scapegoat for when your company gets hit hard by other script kiddies when the boss asks you "But I thought you where certified to deal with this?" as your escorted out of the building: priceless.
that she was a hacker who worked for big businesses. She said it was so easy 'hacking' because they left the passwords on post-it notes on the screens (no shit) Throughout the whole year, I would get yelled at by her for 'being wrong' or 'arguing with her', whenever SHE was wrong. She told me that if I turned off a computer while it was on, it would mess up the BIOS and that my family would have to pay the school two thousand dollars to have a DELL Pentium 4 with CRT monitor to be fixed. God I hated her.
'What we attempt to do in our classes is teach how the hackers think.' Hmmm, perhaps 'Certified Script Kiddie' would be a more accurate designation.
Except then it would be "What we attempt to do in our classes is teach how the script kiddies think." And putting the words "think" and "script kiddie" next to each other like that creates a paradox. Impossible to comprehend, much less teach.
Punctanym: alternate spelling of words using punctuation or numerals in place of some or all of its letters; see 'leet'
Just because I have had 12 DUIIs in the last 5 years, committed 4 burglaries since January, and shoplifted countless packs of smokes does not guarantee that my car will be visiting your front yard late at night or that I think your new flat screen will look better in my living room... But maybe it gives a clue of possible trends in my lifestyle...
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
how about r00+?
can I use r00+?
As some one posted earlier RTFB!! I am quite interested in this topic, and I have been reading the books. An earlier post mentioned Ankit Fadia, but did not mention his book. "The unofficial guide to Ethical Hacking", has thus far been a pretty good read. He does not touch on WinXP, or 2003 server. Also he is not that up on the networking side (my forte), so ignore some of his IP Address/class information. I think his book is well written if a bit dated. I have read about 6 other books on the topic. The last time I programmed was Basic (dating myself aren't I?!!), and I also agree that if you don't program you shouldn't call yourself a hacker (Script Kiddie maybe, but not a Hacker). Kevin Mitnick's book "The Art of Deception" was also a pretty good read. One of the chapters is in essence the outline of a security class/policy for corporations. Reading Mitnick's book will force you to change undergarments, and at the same time become more aware of Social Engineering tactics. Also others have pointed out the plethora of information on the web. If you really want to remain anonymous I wouldn't be looking up this sort of info on the web (yep! I am paranoid.), but rather fork over some cash @ your local book store to remain as anonymous as possible. Not that I am looking to crack, but being associated with those words in a IS/IT job can be considered a career limiting decision.
BTW I am not an English major, so please ignore my poor grammar/punctuation/run on sentences/etc...
Some people are good at it. Most aren't. And the PHBs can't tell the difference.
so the job goes to the person more interested in tooting his horn and being spoon fed pre-digested drivel, than in learning and in doing the job well. I'm sick of working with idiots, and half of them are taking this class.
<tangent>
I only went for the CISSP because it seemed like it was the hardest to to get. 250 nit-picking questions over ten major areas in 4 hours. Then another CISSP has to say that you know what the hell you're doing or you took the test for nothing. But management can't tell the difference between that and an MSCPC (Micorsoft Certified Point and Clicker. (I was the first to use that acronym 2 years ago, don't you dare claim it for yourself.))
I still value my CISSP since it was difficult to get. But I'm sick of the InfoSec field since it's become a haven for Doogie Howzer with a CS degree and no idea about how to protect information.
I recently had an interview, in wihich I was told that my skills were right on, but my personality just wasn't a fit for the organization. Reading the above you probably get an idea of what they were talking about. I still don't. I don't know anone who is any good at this shit that fits in even halfway. Who cares about your quirks as long as you can function in society and keep the bad guys off the servers.
</tangent>
This class is just one more example of a solution in search of a problem.
Excuse me, but when was the last time you went to Defcon?
It must have been afew years, because the last two years it cost $75, and this year it is supposed to go up to $80.
Or do you know a secret that you are not sharing with the rest of us to save $20? =)
How about appending "pirate" to it - it seems to be all the rage these days. Computer Pirate, Network Pirate, LAN Pirate, etc. Plus for this school instead of a cap and gown you could get to wear a cool hat, eyepatch, and the valedictorian would get a parrot.
Slashdot, where armchair scientists get shouted down and armchair theologians get modded up.
....back up everything. Twice.
-Valiss
I wonder how they test ethics?
Holy shit.. they need to upgrade their curiculum.. unless of course they are practing the chapter "how to find tone for fun and profit while in the Matrix"
boycott slashdot February 10th - 17th check out: altSlashdot.org
10 out of 10 Terrorists agree - Anybody but Bush in 2004
Sorry, couldn't let that one go past.
The terrorists are very likely to want Bush in the Oval Office. House of Bush, House of Saud details the business relationships between the Bush family and the Bin Laden family, as well as the ruling Saudi family. Bush's military record was enough to label him a "deserter" by Michael Moore. To whit, the White House released a censored version of Bush's military record. What was censored? Curiously, it was one name: that of James R. Bath. We know this because copies of the GW Bush Military record from 2000 still show his name. It was censored post 9/11 due to the fact that James Bath was a buddy of GW's from the military. After the military, Bath went into the Aviation business and his first business deal was to sell an airplane to Osama's brother. This is all a matter of public record. Since the early 70s, the Bin Laden's (second wealthiest family in Saudi Arabia) continued to funnel money to Bath, who in turn funded several failed oil business of GW's. GW was great at drilling empty wholes that didn't provide any oil. When GHW Bush (first president Bush) was in Office the Carlyle group invested a TON of money into what would turn out to be ANOTHER failed oil business captained by Baby Bush. Several Bin Ladens sat on the board of Carlyle. Since then, Saudi oil money has funneled roughly 1.5 BILLION dollars per year to Bush, their family and friends. If you're being paid $400,000 dollars a year to server the American people and another group is paying you $1.5 billion (with a "b") per year, whose interests do you think you would represent?
The only problem is that Saudi has a public face and a private face. The Prince is the public face, and his brother is the minister of the interior who fosters the furtherance of their wahabist culture. They (the Wahabis) run the schools and religious instruction of the youth in that country. As early as 3rd or 4th grade, children's textbooks start to refer to America and the West as "The Great Satan". The Princes' brother is funneling money to those people that run the schools.
In the time since Iraq had been invaded AL Qaeda has grown in size, power and organization. America's military structure is still geared towards a cold war way of thinking. Al Qaeda has been able to morph into a true Information Age culture, using the web, cellphones and other technologies to conduct their horrors. The real focus of the "War on Terror" needs to be on Afganistan and the Wahabi's in Saudi. While we have few qualms invading Afganistan, there is simply NO WAY a Texas Oil Man who sits on the throne America Tis going to jeapordize America's relationshiop with the Saudi's. Whose total investments per year represent roughly 7% of the total American economy. No way. The war in Iraq is nothing more than a distraction on what SHOULD be the war on terror. Don't fool yourself.
Quod scripsi, scripsi.
Ed Koch (democrat mayor of New York City from 1978 to 1989) might agree there is a need for "Ethical Film Makers"
Franklin Roosevelt (president of usa during ww2) might agree there is a need for "Ethical Film Makers"
I believe Juanita
*searches on google*: hacking computers
5 matches down = "How to become a hacker"
Ok class. To start things off, lets ask ourselves the question "What is a Hacker?"...
College also teaches you communication skills. If your post is any indication of how you handle written communication, then that may be the one thing holding you back.
I went to college, and paid off all my student loans within 5 years of graduating. It helps that I had a scholarship.
Having been in the field a while now, including being involved in the hiring process, I can say that candidates with college degrees are given much higher priority than candidates without. That doesn't mean that a college degree is required, but those with college degrees definitely get offered a higher starting salary at every company I've worked for.
- One was the VP over IT until they realized he lacked a BS degree. Suddenly, pay cut and a new boss. Six months later, he was doing the same work as before, with less pay, and his boss was getting a fat check for
.. well, for doing nothing much. - Another took night classes for 12 years (add in kids and work and his was a seriously cramped lifestyle) because of getting burned that way.
- Another brilliant one has hit his head on a promotion ceiling twice. Both times, it's made him bitter enough to leave the company and move on. Both times, his new job started at 90% of the old job's paycheck, let him climb a while, and then stagnated. I hope this time he'll have better luck...
- At the same time, I know programmers with english and teaching and political science degrees. Techies don't diss 'em, if they're competent. And employers don't discriminate that finely, usually. They just notice the degree.
- Don't just take my examples. Ask around in the 45-and-older crowd, and see how many war stories you hear.
It's unfair. It's foolish. And it's real. You can make a good living without a degree. But you'll often make a better living with a degree.I'm a Certified Unethical Hacker. Maybe I'll put that on my resume and see if anyone catches it. Sure it's a lie... but what do you expect? I'm unethical. Says so right there on the certification.
If you have 15 chumps paying 4,000 apiece for "hacker" training, you get Intense School quality.
If you have 400 chumps paying 2,500 apiece for "hacker" training, you get $ans quality.
Both are lame imho.
Can't be redundant, because he's the first guy who made the analogy with the CISSP.
I thought it was very funny. It's like going "you guys who paid for a red-hat cert! i think I speek for all the mandrake-certified guys whan I say... ha ha ha".
Insightful? What, that there's more than one certification organization conning people out of their money?