Slashdot Mirror
Certified Ethical Hacker via Self Study
ddonzal writes "In his latest column for EH-Net, wireless hacking guru, Dan Hoffman, offers up his experience of attaining the CEH credential (Certified Ethical Hacker). Great read with fantastic advice for budding ethical hackers out there."
Ethics are not always absolute. Whether an action is ethical or not can depend on context, personal beliefs and so on. You can debate ethics as part of a course of education, or as regards a particular area of life.
For instance, you might say it is unethical to hack someone's computer without their knowledge. But if the ethical hacker in question works for a law enforcement agency, and is performing the hack legally with all the relevant oversight in order to gain evidence of or to prevent an illegal act, then you could argue whether it's ethical or not.
You were more correct at the start of your post when you said whether people apply their skills ethically or not is up to them. That's the real issue here - just doing a course in ethical hacking means that the person presumably has knowledge of the ethics issues involved. It doesn't tell you a thing about what they personally believe, or will do with their new-found hacking skill...
Game dev and music blog
Ethical behavior is much like flocking behavior, in that it is a baseline to ensure everyone cooperates towards common goals. This implies that the individual shares those goals, and to a much greater extend, the individual is afraid of being abandoned. If, in any given moment, their goals are divergent, ethical behavior is unrequired in that moment and could even be detrimental. Even flocking birds have intellect and consciousness, so why do they always follow each other ? Fear takes over.
English: if I want to be a nice little grain-fed short-sighted lemming like everyone else, or more likely I'm afraid of being left out, then I will play by the "ethical rules", because that's the path to reaching my goal. If, on the other hand, I have a greater vision that does NOT converge with the mass majority, ethics can become a burden and even trap me in a corner.
So these white hat "security analysts" are being ethical because they need a job to fund their WoW habit. The attackers, are being unethical because they want botnets to empower their cyberterrorism for highly profitable extortion. Same difference, not very stimulating through.
Here's a much more dramatic example: health care. If X-pharma-racket is producing a drug that relieves the suffering of AIDS patients, and markets it at a somewhat reasonable price, they are considered ethical.
If Y-psycho-lab is finding a 100% cure for AIDS, but needs to chop up a dozen AIDS victims to further their research, it is considered UNethical, despite the great advances the research would offer. They're doing good, but they have to do a little bit of "bad" in order to achieve that goal.
Ethics may be instinctive and obvious, but that doesn't mean honest people are unable to break those fundamental laws. Hell, I'd kill a handful of people if it meant saving millions, but I wouldn't spread computer viruses for money.. go figure!
-Billco, Fnarg.com
- Background Check - For the CISSP, you actually need to prove that you have experience in the various security domains and a form needs to be signed by either another CISSP or an officer in the company for which you work, in order to actually get the certification. I believe EC-Council should also implement a more formal means to verify the integrity of the individuals seeking the CEH.
Yeah, I guess I'll bring it up here, but what the hell? How do you get into the security field if you can't get the certification the field requires? Anyone know a CISSP in the Missouri area who can sign a letter for me? I just want to take the freaking test.
Your sig(k) has been stolen. There is a puff of smoke!
Not a single mention so far in all the comments.....
have we moved on?