Slashdot Mirror
Certified Ethical Hacker via Self Study
ddonzal writes "In his latest column for EH-Net, wireless hacking guru, Dan Hoffman, offers up his experience of attaining the CEH credential (Certified Ethical Hacker). Great read with fantastic advice for budding ethical hackers out there."
"Certified" ethical hacker sounds to me as bulletproof as Suk Imperial Conditioning..
The article, or perhaps the course, neglects to mention anything about the "ethical" side of things. It's all well and good to say you're a "Certified Ethical Hacker", but if noone has quizzed you on the ethics of hacking then how could an employer be sure you actually are one?
;)
In fact, even if you were questioned about the ethics of hacking, you might lie. An unethical person would.
So it's just a fancy but ultimately meaningless name then. "Certified Hacker" would suffice.
But do you really need the word "Certified" on a certificate? Isn't that redundant? It's obvious you're certified if you're brandishing a certificate.
So you could just as well put "Hacker" instead.
I don't think many employers want to employ a hacker. They're criminals!
I don't think I'll be taking this course.
http://twitter.com/onion2k
You could just as well create a course of "ethical business". Yeah, sure, you could teach the ethics of business. Whether people apply it or not is up to them. Not something that's under your control.
Don't get me wrong, teaching information is by default never wrong. Knowledge is power. Information is necessary to keep up the fight against the black hats. To abuse the quote from a different group, if information is outlawed, only outlaws will have it.
But I doubt that you can teach or even "certify" ethics. You have them, or your don't.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Ethical behavior is much like flocking behavior, in that it is a baseline to ensure everyone cooperates towards common goals. This implies that the individual shares those goals, and to a much greater extend, the individual is afraid of being abandoned. If, in any given moment, their goals are divergent, ethical behavior is unrequired in that moment and could even be detrimental. Even flocking birds have intellect and consciousness, so why do they always follow each other ? Fear takes over.
English: if I want to be a nice little grain-fed short-sighted lemming like everyone else, or more likely I'm afraid of being left out, then I will play by the "ethical rules", because that's the path to reaching my goal. If, on the other hand, I have a greater vision that does NOT converge with the mass majority, ethics can become a burden and even trap me in a corner.
So these white hat "security analysts" are being ethical because they need a job to fund their WoW habit. The attackers, are being unethical because they want botnets to empower their cyberterrorism for highly profitable extortion. Same difference, not very stimulating through.
Here's a much more dramatic example: health care. If X-pharma-racket is producing a drug that relieves the suffering of AIDS patients, and markets it at a somewhat reasonable price, they are considered ethical.
If Y-psycho-lab is finding a 100% cure for AIDS, but needs to chop up a dozen AIDS victims to further their research, it is considered UNethical, despite the great advances the research would offer. They're doing good, but they have to do a little bit of "bad" in order to achieve that goal.
Ethics may be instinctive and obvious, but that doesn't mean honest people are unable to break those fundamental laws. Hell, I'd kill a handful of people if it meant saving millions, but I wouldn't spread computer viruses for money.. go figure!
-Billco, Fnarg.com