RE: learning ethical hacking

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 09/15/04

  • Next message: Locher Thomas: "SPF-Records"
    To: "'Shawn Duffy'" <shawnduffy@gmail.com>, "'Nick Falcon'" <nickbird793@hotmail.com>
    Date: Wed, 15 Sep 2004 11:50:55 -0700
    
    

    > -----Original Message-----
    > From: Shawn Duffy [mailto:shawnduffy@gmail.com]
    >
    > What many people fail to recognize is that if you get into this in an
    > effort to "learn how to hack", you're not going to get very far. This
    > isn't about learning how to compromise systems, per se, it is about
    > learning the technology behind it all. If you simply want to know how
    > to "hack", you may end up being no better than a script kiddy... If
    > you want to really succeed and differentiate yourself from the
    > kiddies, learn the technology. When you learn the technology, you
    > will learn how it works and how to break it.

      I've seen an awful lot of exploit descriptions from folks who very
    clearly had no idea how the system/technology being exploited was
    designed to work, kind of the "let's see what happens if we press
    this button" school of system exploration. That's bad for anybody
    who aspires to be a White Hat (ethical), because it risks breaking
    things unintentionally. And it's bad for Black Hats because it tends
    to leave a fairly obvious trail of failed attempts....

      On the flip side, though, well-built products are supposed to be
    thoroughly tested by folks who DO understand the design, before their
    released into the world. Experience suggests that the ignorant (I'm
    not being derogatory here, just factual) approach pretty regularly
    uncovers flaws in areas that were incorrectly or incompletely specified
    in the design. The vulnerability is triggered by doing something that
    nobody who understood the design would ever think to do!

      I would say that your goal should be to achieve a deep, expert
    understanding of the systems whose security you want to study -- but
    it may be counterproductive to put off starting to study until you have
    achieved that level of understanding.

    Dave Gillett

    ---------------------------------------------------------------------------
    Computer Forensics Training at the InfoSec Institute. All of our class sizes
    are guaranteed to be 12 students or less to facilitate one-on-one
    interaction with one of our expert instructors. Gain the in-demand skills of
    a certified computer examiner, learn to recover trace data left behind by
    fraud, theft, and cybercrime perpetrators. Discover the source of computer
    crime and abuse so that it never happens again.

    http://www.infosecinstitute.com/courses/computer_forensics_training.html
    ----------------------------------------------------------------------------


  • Next message: Locher Thomas: "SPF-Records"

    Relevant Pages

    • Re: learning ethical hacking
      ... there is no end of learning, and frankly, that's why i sometimes get ... >> learning the technology behind it all. ... > thoroughly tested by folks who DO understand the design, ... > a certified computer examiner, learn to recover trace data left behind by ...
      (Security-Basics)
    • Re: Curtnetrons Dont Do Parity
      ... the core learning module. ... The most simple of these I've suggested would be pulse ... The point of this learning technology ... It's pulse conserving design is there for a reason, ...
      (comp.ai.philosophy)
    • Re: Required - A usability Guru - where do I find one?
      ... reasonably assume a high level of prior knowledge and understanding ... usability expert can bring an open mind to the site, ... The technology you use is irrelevant to a usability study. ... some of the other design mantras - all that matters is usability from ...
      (uk.net.web.authoring)
    • Re: How to design test case for VAX System
      ... I am new to this technology ... I have to design test for Vax System,what are the object i should go ... should start by learning enough about what you're doing to be ...
      (comp.os.vms)
    • Re: For Sale 2014 Collection All Solutions Manuals & Test Banks are Here !!!!
      ... The Web Warrior Guide to Web Design Technologies, 1st Edition, Gosselin.Sklar.Slaybaugh.Guthrie.Soe.Lopez, Instructor Manual & Solutions Manual ... Since 1300, 9th Edition, Kagan.Ozment.Turner, Test Bank ... Understanding Persons, 5th Edition, Cloninger, Instructor Manual ... Tomorrow's Technology and You_Complete, 8th Edition, Beekman, Instructor Manual ...
      (sci.psychology.theory)