Re: learning ethical hacking

From: Anirudhya Mitra (quartz_blue_at_HotPOP.com)
Date: 09/24/04

  • Next message: Gautam R. Singh: "Fwd: nc help needed." 
    To: <gillettdavid@fhda.edu>
Date: Fri, 24 Sep 2004 03:56:31 +0530

    Great Gillett! What ever you have written seems to be very realistic to me.
    I am also a computer security enthusiast but I don't want to be
    script-kiddie. But when it comes to learning the technology, it seems that
    there is no end of learning, and frankly, that's why i sometimes get
    confused and fraustrated.
    Is there any roadmap that a beginner can follow?

    ----- Original Message -----
    From: "David Gillett" <gillettdavid@fhda.edu>
    To: "'Shawn Duffy'" <shawnduffy@gmail.com>; "'Nick Falcon'"
    <nickbird793@hotmail.com>
    Cc: <tech.louie@verizon.net>; <karora@opsource.net>; "'D K'"
    <dwarkeeper@gmail.com>; "'linux user'" <linuxteam@gmail.com>;
    <security-basics@securityfocus.com>
    Sent: Thursday, September 16, 2004 12:20 AM
    Subject: RE: learning ethical hacking

    > > -----Original Message-----
    > > From: Shawn Duffy [mailto:shawnduffy@gmail.com]
    > >
    > > What many people fail to recognize is that if you get into this in an
    > > effort to "learn how to hack", you're not going to get very far. This
    > > isn't about learning how to compromise systems, per se, it is about
    > > learning the technology behind it all. If you simply want to know how
    > > to "hack", you may end up being no better than a script kiddy... If
    > > you want to really succeed and differentiate yourself from the
    > > kiddies, learn the technology. When you learn the technology, you
    > > will learn how it works and how to break it.
    >
    > I've seen an awful lot of exploit descriptions from folks who very
    > clearly had no idea how the system/technology being exploited was
    > designed to work, kind of the "let's see what happens if we press
    > this button" school of system exploration. That's bad for anybody
    > who aspires to be a White Hat (ethical), because it risks breaking
    > things unintentionally. And it's bad for Black Hats because it tends
    > to leave a fairly obvious trail of failed attempts....
    >
    > On the flip side, though, well-built products are supposed to be
    > thoroughly tested by folks who DO understand the design, before their
    > released into the world. Experience suggests that the ignorant (I'm
    > not being derogatory here, just factual) approach pretty regularly
    > uncovers flaws in areas that were incorrectly or incompletely specified
    > in the design. The vulnerability is triggered by doing something that
    > nobody who understood the design would ever think to do!
    >
    > I would say that your goal should be to achieve a deep, expert
    > understanding of the systems whose security you want to study -- but
    > it may be counterproductive to put off starting to study until you have
    > achieved that level of understanding.
    >
    > Dave Gillett
    >
    >
    >
    > --------------------------------------------------------------------------
    -
    > Computer Forensics Training at the InfoSec Institute. All of our class
    sizes
    > are guaranteed to be 12 students or less to facilitate one-on-one
    > interaction with one of our expert instructors. Gain the in-demand skills
    of
    > a certified computer examiner, learn to recover trace data left behind by
    > fraud, theft, and cybercrime perpetrators. Discover the source of computer
    > crime and abuse so that it never happens again.
    >
    > http://www.infosecinstitute.com/courses/computer_forensics_training.html
    > -------------------------------------------------------------------------- 

    --
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.759 / Virus Database: 508 - Release Date: 9/9/2004
  • Next message: Gautam R. Singh: "Fwd: nc help needed."

    Relevant Pages

    • RE: learning ethical hacking
      ... > learning the technology behind it all. ... thoroughly tested by folks who DO understand the design, ... achieved that level of understanding. ...
      (Security-Basics)
    • Re: Curtnetrons Dont Do Parity
      ... the core learning module. ... The most simple of these I've suggested would be pulse ... The point of this learning technology ... It's pulse conserving design is there for a reason, ...
      (comp.ai.philosophy)
    • Re: How to design test case for VAX System
      ... I am new to this technology ... I have to design test for Vax System,what are the object i should go ... should start by learning enough about what you're doing to be ...
      (comp.os.vms)
    • Re: Nearly OT: VF16 harddisk source
      ... the design non-portable to the "new product". ... if I had opted to build my network speakers using "someone ... that board was based on standard technology of the day. ... to the G2 and could, then, support the G1 as needed. ...
      (rec.audio.pro)
    • Re:Urgent requirement for Java developers.
      ... Identifies key business and technology drivers that impact application ... and application design, coding and design standards, best practices, ... application of techniques and standards such as service-oriented ... Expert level on Java J2EEdevelopment knowledge (5+ years on J2EE ...
      (comp.lang.java.beans)