Slashdot Mirror
Certified Ethical Hacker via Self Study
ddonzal writes "In his latest column for EH-Net, wireless hacking guru, Dan Hoffman, offers up his experience of attaining the CEH credential (Certified Ethical Hacker). Great read with fantastic advice for budding ethical hackers out there."
"Certified" ethical hacker sounds to me as bulletproof as Suk Imperial Conditioning..
The article, or perhaps the course, neglects to mention anything about the "ethical" side of things. It's all well and good to say you're a "Certified Ethical Hacker", but if noone has quizzed you on the ethics of hacking then how could an employer be sure you actually are one?
;)
In fact, even if you were questioned about the ethics of hacking, you might lie. An unethical person would.
So it's just a fancy but ultimately meaningless name then. "Certified Hacker" would suffice.
But do you really need the word "Certified" on a certificate? Isn't that redundant? It's obvious you're certified if you're brandishing a certificate.
So you could just as well put "Hacker" instead.
I don't think many employers want to employ a hacker. They're criminals!
I don't think I'll be taking this course.
http://twitter.com/onion2k
This is cool, I have unfortunately been put off attending university because of prices and not knowing if I could be commited enough, I have instead turned to self study, lots of great books available and also http://ocw.mit.edu/ is absolutely awesome.
Is to not become certified at it, on the grounds that it circumscribes your ethics.
There is a delusion regarding ethics that an unethical person cannot pretend to be ethical effectively, that is, when given a question about ethics, they might want to lie, but then they wouldn't know what lie is the "ethical" choice. Most research into ethics is tainted by this ad the notion that there is only one true way of ethics.
i ls+of+truth+and+love
In fact, many people are clueless to the fact that the Team Rocket motto starts out with a statement of ethics that Jessie and James stick to, to thier detriment as they comment on.
Prepare for trouble
To protect the world from devastation
To unite all peoples within our nation
To denounce the evils of truth and love
To extend our reach to the stars above
Surrender now, or prepare to fight
It describes an ethical value system.
http://www.google.com/search?q=%22denounce+the+ev
You could just as well create a course of "ethical business". Yeah, sure, you could teach the ethics of business. Whether people apply it or not is up to them. Not something that's under your control.
Don't get me wrong, teaching information is by default never wrong. Knowledge is power. Information is necessary to keep up the fight against the black hats. To abuse the quote from a different group, if information is outlawed, only outlaws will have it.
But I doubt that you can teach or even "certify" ethics. You have them, or your don't.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Why become a certified hacker? Just get your white hat notarized.
Dude's a twink. He praises CEH, then picks it apart, saying how it lacks and what it lacks (Which apparently is quite a bit after reading the article), hell, I wouldn't take that course if someone paid me now that I've read his review. His next review that I read talks about wifi encryption at a hotspot like a coffehouse, and how HACKERS can STEAL your information from SECURE websites. There are three problems:
1) Hackers? These script kiddies run 5-6 programs, and the programs grab the traffic while playing the role of MITM. How is that a Hacker? ANYONE could run those damn programs without the slightest clue as to how they work.
2) Stealing? You're giving your damn information to them because you're a freaking moron! D'uh, my huge international bank doesn't have a completely valid certificate? Well, I trust them anyway, especially with my gold platinum diamond super duper credit card account with no limit.
3) Finally, the website itself should have measures in place for people to avoid problems like this. The bottom of the article even makes mention of how a website can help avoid these problems. If the website doesn't, it's not as secure as it should be for all of its less knowledgeable audience.
Mod this as you want, or hell, don't mod it, but don't say this guy's two articles that I've read are worth a grain of salt.
Therefore, Quake is more for people that do not exist, QED
By the way, Poetry.com doesn't handle off-site links or even typed in urls.
I am starting to put poetry and poetry related topics at http://hackwrench2.blogspot.com/
SANS offers a number of its track (including the "Incidents Handling" track which is close to CEH) as self study with GIAC certifciation. You either can do plain "self study" where you get the books, or they offer an "@Home" program where you attend classes online.
I've already had one visit by the MiB and don't care to see a repeat performance. But I do think it's safe for me to observe that the more people who understand how weaponized Anthrax actually works, the more secure we are against Anthrax attacks in the future. Just like flight 93, once the passengers were aware of what was actually happening, they brought the flight down and most likely saved hundreds if not thousands of lives. If people had not been brainwashed into just sitting back and letting hijackers get away with whatever they wanted, at worst we would have had 4 flight 93's instead of one flight 93, the loss of hundreds of lives at the Pentagon and the loss of thousands of lives at the twin towers.
The difference in results is entirely explicable in terms of knowledge. The people on board flight 93, through cell phone communications, knew had had happened to the other flights. In a world where there are groups that have used Anthrax in the US, I say that if more people understood how it works and how it is made, then it is not only less likely to have such an impact as it did in October of 2001, but also people will be better suited to help investigators because they know how and what must be done to make the Anthrax.
A society can not be vigilant about that of which it is ignorant.
You argued that doubted it is possible to ``teach or even "certify" ethics.'' But how would teaching ethics be any different than any other applied field? For example, you can teach the vast majority of people to understand musical theory, but then it is up to the individual to practice a particular instrument to proficiency. But even then, that proficiency can be measured. Ethics can be taught in the same way by teaching one or more ethical theories and then putting the students into situations that test their application of those theories. For example, Plato thought that young adults should go to drinking parties where they were tempted to drink to excess in order to learn self control. The difference between then and now is that he also argued that anyone who drank so much as to be drunk should be excessively ridiculed to shame them into learning self discipline.
I have to question just how familiar with the field of ethics you are. Most ethicists understand that there are multiple families of ethical theories. A brief introductory class to ethics will most likely introduce one to ethical theories based on individual virtue (think classical theories such as Aristotle), deontology (duty ethics epitomized by Kant), consequences of actions (such various forms of utilitarianism), and teleology (various materialist theories such as Marxism). Most research into the field involved not only trying to explain research in terms of a single theory, but also the facts at hand are explained better by that theory than by alternative theories.
- Background Check - For the CISSP, you actually need to prove that you have experience in the various security domains and a form needs to be signed by either another CISSP or an officer in the company for which you work, in order to actually get the certification. I believe EC-Council should also implement a more formal means to verify the integrity of the individuals seeking the CEH.
Yeah, I guess I'll bring it up here, but what the hell? How do you get into the security field if you can't get the certification the field requires? Anyone know a CISSP in the Missouri area who can sign a letter for me? I just want to take the freaking test.
Your sig(k) has been stolen. There is a puff of smoke!
Clearly none of them had certificates!
Just how many times did you watch "Fight Club", exactly?
Except Socrates considered to be no truths self-evident except that he did not know any truths. If we assume that the early Platonic dialogues are accurate portrayals of Socrates (which a significant minority of scholars would dispute) then we have a picture of Socrates as a man who did not know what virtue is or if it could be taught and went around critically questioning everyone who claimed that it could be known and taught in order to find out.
You might have a better case for Plato, but Platonic ethics stems from Platonic idealism. That is to say that his ethcis doesn't come from nowhere, but from a philosophical system built on top of other ideas. Plato thought that his first prinicples were self-evident, therefore, his ethical system was not self-evident, but evident. It's truth depends not on the observer being able to see the truth of the matter for itself, but in the observer being able to demonstrate the truth of the ethical system from other principles which can be seen to be true.
But then Aristotle came along and offered a completely different basis for virtue, even if it had many of the same conclusions. And again, Aristotle's ethics was a derivative of his metaphysics. IF you subscribe to Aristotelan metaphysics, THEN you arrive at Aristotle's version of virtue ethics.
The problem here, IMO, doesn't stem from Greek philosophy so much as the human tendency to think ``my way or the highway!'' The field of ethics, even in Greek antiquity, was all about critical self examination. The tendency to assume that there is only one correct ethical system, aside from begging the question, is entirely opposed to critical self examination.
Pick up any book on applied ethics, whether on the ethics of medicine or business practices or law or personal relationships, and the vast majority will acknowledge multiple ethical systems. Or you can attend any seminar on ethics for just about any industry and get the same results. If you attend a decent university, regardless of your major you will also have to take at least one course on ethics that discusses various ethical systems.
Like with anything, you have to start at or near the bottom and work your way up. The fundamental certifications like A+, Network+, Security+, CCNA, etc are where you build your core knowledge of the field. Later, you start getting into things like CEH, CISSP, etc. So, build your core knowledge first, and then start getting into the nitty gritty.
All your base are belong to Google.
Not a single mention so far in all the comments.....
have we moved on?
I took the Computer Hacking Forensics Investigator class from Haja Mohideen the author of the EC-Council books and he is from Singapore and his second (or third) language is English. I agree that the books are a little confusing however when taught by the author they make a lot of sense. Haja knows his stuff and I recommend taking any class taught by him. I am considering the self study guide for the Certified Ethical Hacker cert however I am going to focus on Security+ for now. It is very important that an organization offers hacking classes for security professionals. Consider how little one organization shares with another about their security practices. Now consider how the hacker community shares exploits. Like mentioned earlier by Opportunist (166417) "Knowledge is power" and I think Administrators and security specialists need as much information as possible.
Never Compromise
Second, the Republic is one of the later Socratic dialogues. It is almost universally acknowledged to be putting forth the views of Plato rather than Socrates. This is why much of its content (the infamous allegories of the cave and the ship, for example) stand in contradiction to much of what it thought the be genuine Socratic thought. For a better characterization of Socrates, stick to the early dialogues such as The Phaedo, the Apology or Euthypro.
I got half a paragraph into the article before heading over to bugzilla.mozilla.org and voting for bug 111373: don't allow animated site icons (favicons)