Re: learning ethical hacking

From: Anirudhya Mitra (quartz_blue_at_HotPOP.com)
Date: 09/24/04

  • Next message: Gautam R. Singh: "Fwd: nc help needed."
    To: <gillettdavid@fhda.edu>
    Date: Fri, 24 Sep 2004 03:56:31 +0530
    
    

    Great Gillett! What ever you have written seems to be very realistic to me.
    I am also a computer security enthusiast but I don't want to be
    script-kiddie. But when it comes to learning the technology, it seems that
    there is no end of learning, and frankly, that's why i sometimes get
    confused and fraustrated.
    Is there any roadmap that a beginner can follow?

    ----- Original Message -----
    From: "David Gillett" <gillettdavid@fhda.edu>
    To: "'Shawn Duffy'" <shawnduffy@gmail.com>; "'Nick Falcon'"
    <nickbird793@hotmail.com>
    Cc: <tech.louie@verizon.net>; <karora@opsource.net>; "'D K'"
    <dwarkeeper@gmail.com>; "'linux user'" <linuxteam@gmail.com>;
    <security-basics@securityfocus.com>
    Sent: Thursday, September 16, 2004 12:20 AM
    Subject: RE: learning ethical hacking

    > > -----Original Message-----
    > > From: Shawn Duffy [mailto:shawnduffy@gmail.com]
    > >
    > > What many people fail to recognize is that if you get into this in an
    > > effort to "learn how to hack", you're not going to get very far. This
    > > isn't about learning how to compromise systems, per se, it is about
    > > learning the technology behind it all. If you simply want to know how
    > > to "hack", you may end up being no better than a script kiddy... If
    > > you want to really succeed and differentiate yourself from the
    > > kiddies, learn the technology. When you learn the technology, you
    > > will learn how it works and how to break it.
    >
    > I've seen an awful lot of exploit descriptions from folks who very
    > clearly had no idea how the system/technology being exploited was
    > designed to work, kind of the "let's see what happens if we press
    > this button" school of system exploration. That's bad for anybody
    > who aspires to be a White Hat (ethical), because it risks breaking
    > things unintentionally. And it's bad for Black Hats because it tends
    > to leave a fairly obvious trail of failed attempts....
    >
    > On the flip side, though, well-built products are supposed to be
    > thoroughly tested by folks who DO understand the design, before their
    > released into the world. Experience suggests that the ignorant (I'm
    > not being derogatory here, just factual) approach pretty regularly
    > uncovers flaws in areas that were incorrectly or incompletely specified
    > in the design. The vulnerability is triggered by doing something that
    > nobody who understood the design would ever think to do!
    >
    > I would say that your goal should be to achieve a deep, expert
    > understanding of the systems whose security you want to study -- but
    > it may be counterproductive to put off starting to study until you have
    > achieved that level of understanding.
    >
    > Dave Gillett
    >
    >
    >
    > --------------------------------------------------------------------------
    -
    > Computer Forensics Training at the InfoSec Institute. All of our class
    sizes
    > are guaranteed to be 12 students or less to facilitate one-on-one
    > interaction with one of our expert instructors. Gain the in-demand skills
    of
    > a certified computer examiner, learn to recover trace data left behind by
    > fraud, theft, and cybercrime perpetrators. Discover the source of computer
    > crime and abuse so that it never happens again.
    >
    > http://www.infosecinstitute.com/courses/computer_forensics_training.html
    > --------------------------------------------------------------------------

    --
    >
    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.759 / Virus Database: 508 - Release Date: 9/9/2004
    

  • Next message: Gautam R. Singh: "Fwd: nc help needed."