Slashdot Mirror

← Back to Stories (view on slashdot.org)

Certified Ethical Hacker via Self Study

Posted by ryuzaki0 on from the keep-that-hat-nice-and-white dept.

ddonzal writes "In his latest column for EH-Net, wireless hacking guru, Dan Hoffman, offers up his experience of attaining the CEH credential (Certified Ethical Hacker). Great read with fantastic advice for budding ethical hackers out there."

12 of 63 comments (clear)

  1. BS by GrAfFiT · · Score: 3, Funny

    "Certified" ethical hacker sounds to me as bulletproof as Suk Imperial Conditioning..

  2. No mention of ethics. by onion2k · · Score: 5, Funny

    The article, or perhaps the course, neglects to mention anything about the "ethical" side of things. It's all well and good to say you're a "Certified Ethical Hacker", but if noone has quizzed you on the ethics of hacking then how could an employer be sure you actually are one?

    In fact, even if you were questioned about the ethics of hacking, you might lie. An unethical person would.

    So it's just a fancy but ultimately meaningless name then. "Certified Hacker" would suffice.

    But do you really need the word "Certified" on a certificate? Isn't that redundant? It's obvious you're certified if you're brandishing a certificate.

    So you could just as well put "Hacker" instead.

    I don't think many employers want to employ a hacker. They're criminals!

    I don't think I'll be taking this course. ;)

    --
    http://twitter.com/onion2k
  3. The first rule of ethical hacking... by hackwrench · · Score: 2, Funny

    Is to not become certified at it, on the grounds that it circumscribes your ethics.

  4. The illusion of ethics... by hackwrench · · Score: 2, Funny

    There is a delusion regarding ethics that an unethical person cannot pretend to be ethical effectively, that is, when given a question about ethics, they might want to lie, but then they wouldn't know what lie is the "ethical" choice. Most research into ethics is tainted by this ad the notion that there is only one true way of ethics.

    In fact, many people are clueless to the fact that the Team Rocket motto starts out with a statement of ethics that Jessie and James stick to, to thier detriment as they comment on.

    Prepare for trouble
    To protect the world from devastation
    To unite all peoples within our nation
    To denounce the evils of truth and love
    To extend our reach to the stars above
    Surrender now, or prepare to fight

    It describes an ethical value system.

    http://www.google.com/search?q=%22denounce+the+evi ls+of+truth+and+love

    1. Re:The illusion of ethics... by SpectreHiro · · Score: 2

      Every now and again, I'm silly enough to think I've seen just about everything - then a post like yours comes along. It's really not every day that I run across someone using Pokemon to describe ethical concepts... to adults.

      Only on slashdot.......

      --
      You can't win, Darth. If you mod me down, I shall become more powerful than you could possibly imagine.
    2. Re:The illusion of ethics... by ShakaUVM · · Score: 2, Interesting

      >>There is a delusion regarding ethics that an unethical person cannot pretend to be ethical
      >>effectively, that is, when given a question about ethics, they might want to lie, but then
      >>they wouldn't know what lie is the "ethical" choice.

      Probably a result of reading too much classical Greek philosophy. Socrates and Plato considered ethical truths to be self-evident, and as self-evident as other truths. As in, if someone explains to you the meaning of right action, your consciousness will become illuminated... akin to the process you go through when you read a beautiful mathematical proof for the first time. (There's no question that it's not true, you simply hadn't realized it before.) Etc., Etc. Socrates held it contradictory that someone could be a lover of knowledge and still commit evil (since evils hurt oneself, and nobody acting in one's self interest would intelligently want to hurt himself).

      Of course, we can recognize now that people can quite easily not only choose unethical behavior, but also can reasonably emulate ethical behavior. An open source Quake Mod project I headed was "infiltrated" by a person who inserted cheat codes into his submissions so that he could be a dick and 0wn people inside of the game world. This was someone I had a reasonably large conversation with, etc.

      Oh well. Quake is more manly than Pokemon in any event. =)

    3. Re:The illusion of ethics... by billcopc · · Score: 3, Insightful

      Ethical behavior is much like flocking behavior, in that it is a baseline to ensure everyone cooperates towards common goals. This implies that the individual shares those goals, and to a much greater extend, the individual is afraid of being abandoned. If, in any given moment, their goals are divergent, ethical behavior is unrequired in that moment and could even be detrimental. Even flocking birds have intellect and consciousness, so why do they always follow each other ? Fear takes over.

      English: if I want to be a nice little grain-fed short-sighted lemming like everyone else, or more likely I'm afraid of being left out, then I will play by the "ethical rules", because that's the path to reaching my goal. If, on the other hand, I have a greater vision that does NOT converge with the mass majority, ethics can become a burden and even trap me in a corner.

      So these white hat "security analysts" are being ethical because they need a job to fund their WoW habit. The attackers, are being unethical because they want botnets to empower their cyberterrorism for highly profitable extortion. Same difference, not very stimulating through.

      Here's a much more dramatic example: health care. If X-pharma-racket is producing a drug that relieves the suffering of AIDS patients, and markets it at a somewhat reasonable price, they are considered ethical.

      If Y-psycho-lab is finding a 100% cure for AIDS, but needs to chop up a dozen AIDS victims to further their research, it is considered UNethical, despite the great advances the research would offer. They're doing good, but they have to do a little bit of "bad" in order to achieve that goal.

      Ethics may be instinctive and obvious, but that doesn't mean honest people are unable to break those fundamental laws. Hell, I'd kill a handful of people if it meant saving millions, but I wouldn't spread computer viruses for money.. go figure!

      --
      -Billco, Fnarg.com
  5. The ethics of hacking by Opportunist · · Score: 4, Interesting

    You could just as well create a course of "ethical business". Yeah, sure, you could teach the ethics of business. Whether people apply it or not is up to them. Not something that's under your control.

    Don't get me wrong, teaching information is by default never wrong. Knowledge is power. Information is necessary to keep up the fight against the black hats. To abuse the quote from a different group, if information is outlawed, only outlaws will have it.

    But I doubt that you can teach or even "certify" ethics. You have them, or your don't.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:The ethics of hacking by MaestroSartori · · Score: 3, Insightful
      You have them, or your don't.


      Ethics are not always absolute. Whether an action is ethical or not can depend on context, personal beliefs and so on. You can debate ethics as part of a course of education, or as regards a particular area of life.

      For instance, you might say it is unethical to hack someone's computer without their knowledge. But if the ethical hacker in question works for a law enforcement agency, and is performing the hack legally with all the relevant oversight in order to gain evidence of or to prevent an illegal act, then you could argue whether it's ethical or not.

      You were more correct at the start of your post when you said whether people apply their skills ethically or not is up to them. That's the real issue here - just doing a course in ethical hacking means that the person presumably has knowledge of the ethics issues involved. It doesn't tell you a thing about what they personally believe, or will do with their new-found hacking skill...
      --
      Game dev and music blog
  6. CISSP by farker+haiku · · Score: 2, Insightful

    - Background Check - For the CISSP, you actually need to prove that you have experience in the various security domains and a form needs to be signed by either another CISSP or an officer in the company for which you work, in order to actually get the certification. I believe EC-Council should also implement a more formal means to verify the integrity of the individuals seeking the CEH.

    Yeah, I guess I'll bring it up here, but what the hell? How do you get into the security field if you can't get the certification the field requires? Anyone know a CISSP in the Missouri area who can sign a letter for me? I just want to take the freaking test.

    --
    Your sig(k) has been stolen. There is a puff of smoke!
  7. Maybe you should read Plato and Aristotle again by brokeninside · · Score: 2, Interesting
    ``Socrates and Plato considered ethical truths to be self-evident, and as self-evident as other truths''

    Except Socrates considered to be no truths self-evident except that he did not know any truths. If we assume that the early Platonic dialogues are accurate portrayals of Socrates (which a significant minority of scholars would dispute) then we have a picture of Socrates as a man who did not know what virtue is or if it could be taught and went around critically questioning everyone who claimed that it could be known and taught in order to find out.

    You might have a better case for Plato, but Platonic ethics stems from Platonic idealism. That is to say that his ethcis doesn't come from nowhere, but from a philosophical system built on top of other ideas. Plato thought that his first prinicples were self-evident, therefore, his ethical system was not self-evident, but evident. It's truth depends not on the observer being able to see the truth of the matter for itself, but in the observer being able to demonstrate the truth of the ethical system from other principles which can be seen to be true.

    But then Aristotle came along and offered a completely different basis for virtue, even if it had many of the same conclusions. And again, Aristotle's ethics was a derivative of his metaphysics. IF you subscribe to Aristotelan metaphysics, THEN you arrive at Aristotle's version of virtue ethics.

    The problem here, IMO, doesn't stem from Greek philosophy so much as the human tendency to think ``my way or the highway!'' The field of ethics, even in Greek antiquity, was all about critical self examination. The tendency to assume that there is only one correct ethical system, aside from begging the question, is entirely opposed to critical self examination.

  8. Re:It's ethical ___CRACKER___!!!!!!!! by adriantam · · Score: 2, Interesting

    Absolutely agree!
    Hacking is a scientific research and it is orthogonal to ethics. Only cracking, which is an activity, can be described as ethical or not.

    Seems the exam's organizer ain't knowing what hacking means....

    --
    http://www.ieaa.org/~adrian/