Slashdot Mirror
School Teaches 'Ethical Hacking'
Yardboy writes "A Yahoo! News/Reuters story discusses students in Los Angeles paying $4,000 to attend 'Hacker College' and become 'Certified Ethical Hackers'. Apparently: 'Instructors race through topics like symmetric versus asymmetric key cryptography (symmetric is faster), war dialing (hackers will always call late at night) and well-known TCP ports and services (be wary of any activity on Port 0)', and the president of the college: says 'What we attempt to do in our classes is teach how the hackers think.' Hmmm, perhaps 'Certified Script Kiddie' would be a more accurate designation."
what operates on port zero?
The name of the certificate is new, but the concepts are not novel.
We went through an entire class about computer ethics. We had to to get a Computer Science degree. And since it was an actual Computer Science degree, we learned all about security and machine language and what have you... basically everyting you would learn in this course.
This program seams like a stripped down version of computer science for people who are only interested in security related work.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
One way is that we have more "white hats" out there to help secure networks and make other businesses better.
The second way is that we will have more script kiddies out and about to cause trouble to everyone on the Internet and other networks.
I just hope that the school is going to do the right thing when it comes to this touch-ee subject.
Friends help you move...
REAL Friends help you move dead bodies... ^_^
I remember when the CEH first came out. They may work as a simple start, but they shouldn't be considered a stoping point to learning.
...although $4000 sounds a little steep. Most hackers are probably self trained, as in $0. Every corporate network better have someone involved in its design and maintainance that has some knowledge of hacking though, or else it will be a sitting duck. I had a professor that was a consultant who hacked companies to discover thier vulnerabilities. Obviously nothing malicious, and he told them about everything he gained access to and fixed it. Sounds like one hell of a fun job.
Out of the 5 people I personally know that have taken classes like this, 4 of them have continued on to go after their GIAC/CISSP certifications. If a class like this gets people started, I'm all for it. I just worry about the people that think something like this is all they need.
Anyone who is smart enough to hack, is smart enough (save for those with mental problems) to realize the difference between right and wrong.
Anyone who wants to take an ethics class obviously has some ethics (what you think someone lacking morales will be taking an ethics class to hope improving himself)???
What they should offer is a class that teaches non-techies what is a hacker - so they learn that not all hackers are evil people bent on ruling the world (not there is anything inherently wrong with this..I mean if I ran the world, it would be a much better place - for you and me....well more me, but it's all good)
I mod down so you can mod up. Your welcome.
But this isnt hacking!! THIS is hacking. What you're refereing to is cracking.
NMG
(BTW, doesn't this "Economic Times" look like a pretty shameless rip of the Financial Times? I wonder if their print edition is salmon-colored.)
What I'm listening to now on Pandora...
And one note on Mr Morris, who I actually respect a fair amount for his successful bid to bring computer security into the spotlight. I don't advocate writing worms or viruses (the so-called Internet Worm actually classified as both, depending on which attack vector it was using at the time), but in the case of Morris' program, his intent was a reasonable one, even if his actions were not. For that, he deserves a nod: he took a big fall in order to get us to stop pretending holes didn't exist, and CERT was formed as a direct response to his actions.
;-)
I know, he also cost us a huge amount of lost productivity, but can you imagine the chaos that someone who DID have malicious intentions would have caused just five years later?! We took that hit to productivity because there was a problem, and though people like Bob Page (who wrote one of the better papers on the worm, and was in charge of sysadmin at my school at the time) were not amused, I do think they were better off in the long term.
Now, if Morris' code hadn't had that fatal bug that caused it to replicate out of control.... heh
Is it worth $4,000? Depends what you're looking for.
From the writeup it sounds like it's mostly corporate/gov't/military types looking to get a look at The Enemy from the inside.
They're much better off taking one of the @stake classes. They don't pretend to teach you how to be a 'hacker', but how to secure your systems. They do show several (four or five) outdated scriptkiddy hacks, but mostly, the focus is making people aware of issues and giving them a toolkit to try and secure it.
/little/ more technical, but in their defense, we did spend 90% of the time actually doing lab exersizes, and I did take some good stuff away from it. My boss, who is our director of IT, went with me, and really loved it; His focus is not as security focused as mine, so I think a lot more of it was new to him. Anyway, at least you know you've got really good instructors, so if you are curious about a specific aspect of security, they can sit down and teach you about that, or if they don't know, they can get somone who does to answer it.
I wish it had been a
Also, it was pretty cool to have the guy who wrote The Sleuth Kit as an instructor. Needless to say, the forensics section was pretty interesting.
RandomAndInteresting.comdefending the world from stupidity since 1979
Sorry man, but the word is used to mean malicious computer access as well. Words take on the meaning that the majority use them for.
Well, actually it was a UK course teaching the same curriculum, it seems.
Shortly afterward, the fucker got fired for gross misconduct, and hacked our company's servers using backdoors that he'd personally set up. So no, I'm not too impressed by people teaching this.....
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
So they're teaching skills. That's not ethics. "Ethical" hacking, if there is such a thing, requires action, not just a skill set. So the ethical part is how you use your skills.
but it's not. we had a "security professional" at work go through this program. what he came out with was more basic that what you could get by reading any "hacking exposed" book.
I asked him during lunch about how his new security measures on the network were working....
he mentioned a bunch of things until I interrupted with... "so you sweep the building on a regular basis for keyloggers? how about devices on the network that you were not notified of? Is that HP laserjet 4400 at 10.165.1.223 REALLY a printer?
He glossed over and said, "keyloggers are not an issue as users cant install their own software..."
at that point I realized that my company is utterly doomed in regards with computer security.
Do not look at laser with remaining good eye.
You also probably don't have any trouble reading this either, doesn't mean u read l33t sp34k!
frist and lsat ltteer is at the rghit pclae. The rset can be a
toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do
not raed ervey lteter by it slef but the wrod as a wlohe.
I agree with the "foot in the door" thing.
I'm in college right now, and taking a class on Apache. My progessor is teaching a class full of us to run X-Windows in Linux as root. Because "its easier."
These people will be running your servers someday everyone. Clearly a college degree is no guarantee that you'll know what you're doing.
once you go slack, you never go back