Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34

Thread: Ethical Hacking!

  1. #1

    Thumbs up Ethical Hacking!

    THIS ARTICLE WAS WRITTEN BY:RATTLESNAKE

    I read this article and know of ethical hackers on AO so this ones for you.
    Those newbies that wanna hack here is an avenue you may wanna travel.

    You can't deny the many advantages of the Internet such as ecommerce, collaborative computing, new avenues for advertising and information distribution and definitively e-mail. All the great innovation had their disadvantages, and also the internet has a darker side. criminal hackers, crackers, malicious hackers, however you want to call them all: Governments and companies all over the Internet world are afraid that one of these will break into their Web server, read their e-mail and implant software that will secretly spread the organization's top secret data to the open Internet. However, no company can compete in today's marketing competition without offering services over the internet or at least having a website. It is a matter of fact that a web presence has become essential part of modern organizations. This discrepancy leads directly to the ethical hacker, who provides the most realistic security test for any system: A real attack.






    --------------------------------------------------------------------------------

    Ethical Hackers and Crackers - who are they?
    The term "hacker" has a dual usage in the computer industry today. Originally, the term was defined as:

    HACKER noun 1. A person who enjoys learning the details of computer
    systems and how to stretch their capabilities--as opposed to most
    users of computers, who prefer to learn only the minimum amount
    necessary. 2. One who programs enthusiastically or who enjoys
    programming rather than just theorizing about programming.

    This complimentary description led to the verb form "hacking" that describes the rapid development of extraordinary new programs or the reverse engineering and altering of already existing software to make the code better, more efficient. Thus, in the original sense of the word, Hackers change the world by hacking away at things. They value rough consensus and smooth code.

    Now governments and companies with electronic concerns want to be able to take advantage of the Internet for electronic commerce and advertising - but they have issues regarding the increasing danger of being "hacked". Not enough, the potential customers of these services are worried about maintaining control of personal information that varies from credit card numbers to social security numbers and home addresses. Approaching the issues step by step, organizations figured out that independent security professionals that attempt to break into their computer systems would be the best way to evaluate the intruder threat to their interests. These hackers would employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information. Instead, they would check the system's security completely and report back to the owners with the vulnerabilities they found and instructions for how to remedy them. this means that there is a pre-determined goal and the test has the knowledge and consent of the owner of the system. Such tests can be done either by internal or external people. If external people are hired then they are so-called authorised ethical hackers. There will be legal contracts to tie down the work and provide the trust between management and the hired penetration testers. Lateron, we will discuss the methods an ethical hacker employs referring to such a "hired hacker". However, there are also other forms of ethical hacking:

    Self-proclaimed Ethical Hacking:


    If you call yourself an ethical hacker, you don't have to be hired by microsoft to deface their new test page for test purposes, but you could rather find any (rather important) security holes and report back to the system administrator volunteeringly and without any intent to make profit. This category of self-proclaimed ethical crackers are out to make a point. This can be to highlight some security problems in a product/service or just to educate the victim so that she can secure her system properly. They are simply doing their "victims" a favour. If some weakness is discovered in a service offered by a bank, for instance, they will be doing the bank a favour by informing and giving them a chance to rectify the vulnerability.
    "Like a modern day Robin Hood, ethical Hackers take from the info-rich and give to the info-poor."

    Hacking for a Cause (Hacktivism):


    These are crackers with a social or political agenda. Their aim is to put across some message and gain publicity. The victims are usually governments or large corporations or groups whose activities are viewed by them as being "wrong" or "bad". Whether these activities do more harm than good is debatable. So for example, if a hacktivist were to gain access to the identities of members of a child pornography group by cracking their server, is he doing society a favour? (Out of the three categories described, ethical hacking is normally associated with hired ethical hackers evaluating a system, as described at first. Thus, from here on, we assume that ethical hacking refers to such penetration testers.)
    To be an ethical hacker, what skills would you need? Obviously, you have to be an adepted computer expert, like any hacker. This means: programming, profound skills concerning computer and networking issues (oh yeah, you just fund the best place on the web to learn that ) and of course, detailed knowledge about potential target systems such as Windows NT, Windows 2000, Unix and Unix-based systems and their security. These base skills also include knowledge about the hardware and software provided by the more popular computer and networking hardware vendors. Note that an additional specialization in security is not always necessary, as strong skills in the other areas imply a very good understanding of how the security on various systems is maintained. This sort of management skills is necessary for the actual vulnerability testing and also for the report that has to be handed out to the sys admin lateron. These are the very basic skills of any computer expert, and hackers have to be a bit more than that sometimes. As a hacker you need an immense patience and the capability of continous concentration. Unlike the way someone breaks into a computer in the movies, the work that ethical hackers do demands a lot of time and persistence: A typical evaluation may require several days, perhaps even weeks of analysis and the actual testing itself. When an ethical hacker encounters a system with which they are unfamiliar, he will most likely spend a lot of time to learn everything about the system and try to find its weaknesses. Finally, keeping up with the ever-changing world of computer and network security requires continuous education and review. As another important "skill" I would add creativity. A hacker is not the kind of person who learns according to the learning standarts. Neither he works according to strict rules. Hackers are individuals who think "out of the box" (quote from a blacksun IRC chat session with RaveN). I like this description pretty much. During this chat session, somebody said that the man or woman who invented the wheel was a hacker. This is the very point, discover new facts and innovate new methods.

    However, all the skills I mentioned are also essential skills of the criminal hacker. Those are known to be extremely patient and willing to monitor systems for days or weeks while waiting for an opportunity to intrude it, as well as they are extremely creative when searching for vulnerabilities. This is not as strange as you might think. Just as in sports or warfare, knowledge of the skills and techniques of your opponent is vital to your success. In fact, the very slight difference between an ethical and a criminal hacker is only their mentality. I will try to explain this unbiased, because terms like "bad" and "good" are subjective and do not really fit here. An ethical hacker is the sort of hacker that believes in freedom of information, that believes in improving the world by "debugging" it. An ethical hacker will use different methods than the criminal hacker - he will never act destructive but always constructive. He wants to repair a system, to fix every single error. An ethical hacker is convinced that he can change something my means of constructively using his skills. He is relieable and trustworthy since he might discover information about the client that should remain secret. In many cases, this information, if published, could lead to real intruders breaking into the systems, obviously.
    In contrast to that, a criminal hacker acts destructive. He breaks into a system to steal information and probably spread secret data to the net. He might also sell it for his own profit or just delete everything. I would also assign defacements to the cracker-typical actions because they can fast become a heavy problem for organizations that provide services via Internet. A defacement is always a destructive work because it shows that an error has not been fixed but exploited for whatever reason. Besides that, a defacement does not afford any important skills and is not considered hacking. Crackers and criminal hackers act like that either for the thrill of it and to show all their friends how skilled they are (script kiddies) or because they think this could make others realize their security issues. I consider this a bad excuse for acting violent, since the system administrator could be informed about security problems more conveniently by sending him an email, I guess. There might be other reasons ... however, I don't know much about the criminal hacking community and their big aims.

    There are many types of crackers in the world but basically they can be broadly classified into the categories described below.


    Script-kiddie: In this group are mainly the people with either little technical know-how and/or people who do not want to invest the time in researching and developing vulnerabilities and exploits. They rely mainly on publicised semi-automated scripts or programs exploiting known vulnerabilities, hence the name "script-kiddie". They have low skills and low resources. However, they can be just as effective if the target system has not been patched against the automated scripts that they deploy.
    Small group of competent crackers: These people usually have good skills and technical knowledge but low-to-medium resources. They either operate alone or in small groups and like to address people in their group not by their real names but by so-called aliases or handles with exotic sounding names. Because they have good technical skills, they can discover intricate weaknesses or develop small bugs into big security holes. These groups do have some degree of organisation and they keep in contact with one another using underground IRC channels and private websites. Many of them are motivated by egoistical exploits rather than monetary or material gains and so many of these groups do seek publicity.
    Highly motivated crackers: These people have medium to good skills and have access to resources in terms of equipment and funds. They are well organised and are motivated mainly by financial and material gains. Invariably some of them can have ties with organised crime. They try to keep a low profile so as not to attract too much attention.

    Also those computer experts who are (potential) Ethical Hackers can be classified into categories:


    Former black hats: These are reformed crackers. They should know the business since they have first-hand experience in it. However, many organisations do not trust them and are afraid they can divulge the information gained from the test to other black hats.
    White hats: These are independent security consultants working either individually or as a group. They profess to have knowledge of and are supposed to be up-to-date with black hat activities. In fact, I consider these people the "real" ethical hackers, those who act according to ethical hacking ideals because they always believed in them.
    Consulting firms: Many of the major ICT consulting services nowadays have a security service which could act like an ethical hacker. These firms have good credentials and and impressive resumes of their professional staff. However, this category might include former black hats, and eventually also script kiddies and crackers who do what they do only for their own profit.

    Note: The terms white and black hats are also used frequently by the popular press. Black hats essentially refer to the bad guys, those people who break into computer systems to do harm. White hats obviously refer to the so-called good guys - but I would like to introduce another term, "Grey Hats". These are the people who study security vulnerabilities in systems and publicise them because they believe in full disclosure. So they are neither black nor white hats, they just provide the information and it is up to you to decide what you want to do with it, either beef up your own defences or exploit other people's defences based on the information.


    --------------------------------------------------------------------------------

    What do ethical hackers do?
    In one early ethical hack, the United States Air Force conducted a "security evaluation" of the Multics operating systems for "potential use as a two-level (secret/top secret) system." Their evaluation found that while Multics was "significantly better than other conventional systems" it also had "vulnerabilities in hardware security, software security, and procedural security" that could be uncovered with "a relatively low level of effort." The authors performed the tests due to "a guideline of realism", so that their results would actually represent the kinds of access that an intruder could really achieve. The performed tests were simple information-gathering exercises, others were outright attacks upon the system that might damage its integrity. Obviously, their audience wanted to know both results. There are further unclassified reports that describe ethical hacking activities within the U.S. military, I couldn't find any more relieable and detailed reports though.

    With the internet of today, used by millions of private citizens and not any longer only of the military establishment, computer- and network vulnerability became important issues for everyone else. This became clear at first by the work of Farmer and Venema that was originally posted to Usenet in December of 1993. They discussed publicly, perhaps for the first time, this idea of using the techniques of the hacker to assess the security of a system. They paved the way for the ethical Hackers of today, who (still) perform their analysis of a system by means of the following three main points:

    What can an intruder see on the target systems?
    What can an intruder do with that information?
    Does anyone at the target notice the intruder's attempts or successes?
    All three points are quite comprehensible, I suppose. If the ethical hacker was hired by a company or even the government, he will first start to gather information about what he / she is actually supposed to do. This means some paperwork and a discussion with the system administrator, built up like an interview containing these three main questions:
    What are you trying to protect?
    What are you trying to protect against?
    How much time, effort, and money are you willing to expend to obtain adequate protection?

    A surprising number of clients have difficulty precisely answering the first question: a medical center might say "our patient information," an engineering firm might answer "our new product designs," and a Web retailer might answer "our customer database". The answers to (1) should contain more than just a list of information assets on the organization's computer.

    All of these answers fall short, since they only describe targets in a general way. The client usually has to be guided to succinctly describe all of the critical information assets for which loss could adversely affect the organization or its clients. These assets should also include secondary information sources, such as employee names and addresses (which are privacy and safety risks), computer and network information (which could provide assistance to an intruder), and other organizations with which this organization collaborates (which provide alternate paths into the target systems through a possibly less secure partner's system).

    A complete answer to (2) specifies more than just the loss of the things listed in answer to (1). There are also the issues of system availability, wherein a denial-of-service attack could cost the client actual revenue and customer loss because systems were unavailable. We heard of the DoS attacks in February of 2000 that were launched against eBay, Yahoo!, E-TRADE, CNN, and other popular Web sites. During the attacks, customers were unable to reach these Web sites, resulting in heavy losses for these companies.

    Some clients are under the mistaken impression that their Web site would not be a target. In fact, defacing can cause heavy problems for a popular company, too. In the first place, web services like Yahoo! will suffer from such defacements most - but also a normal web presence of any company becomes an embrassing issue when the neat homepage gets replaced by some scriptkiddies stammering about how 31337 he/she is. The goal of these kiddies is simple: Do something spectacular and then make sure that all of your pals know that you did it. Another rebuttal is that many of them simply do not care who the target actually is or represents; they deface websites because they can, or better: because they can use the tools. For example, Web administrators at UNICEF (United Nations Children's Fund) might very well have thought that noone would attack them. However, in January of 1998, their page was defaced.

    Answers to the third question are complicated by the fact that computer and network security costs come in three forms. First there are the real monetary costs incurred when obtaining security consulting, hiring personnel, and deploying hardware and software to support security needs. Second, there is the cost of usability: the more secure a system is, the more difficult it can be to make it easy to use and update. The difficulty can take the form of obscure password selection rules, strict system configuration rules, and limited remote access. Third, there is the cost of computer and network performance. The more time a computer or network spends on security needs, such as strong cryptography and detailed system activity logging, the less time it has to work on user problems. Due to Moore's Law, this problem might be solved soon.

    Once you got the aswers you need, a security evaluation plan is being worked out. Main points are:

    Which system shall be tested?
    How shall it be tested?
    Are there any testing limitations?
    Now an ethical hacker actually performs potentially illegal operations while evaluating the system, and thus he needs a "get out of jail free card" (This expression is often used, actually) to protect himself against prosecution. Client and ethical hacker together write a contractual agreement that guarantees this. The agreement also includes the network addresses or modem telephone numbers of the systems to be evaluated. Precision on this point is of high importance since a minor mistake could lead to the "evaluation" of the wrong system at the client's installation or, in the worst case, the "evaluation" of some other organization's system. So guys, make sure you get the right adresses to keep away from trouble ... however, the fact that these adresses are mentioned within the agreement give you somewhat of a trump-card if anything actually goes wrong.

    Once the target systems are identified, the agreement must describe how they should be tested. The best evaluation is done under a "no-holds-barred" approach. This means that the ethical hacker can try anything he or she can think of to attempt to gain access to or disrupt the target system. While this is the most realistic and useful, some clients balk at this level of testing. Clients have several reasons for this: They don't want to risk loss of data or any other damage, for example. However, it should be pointed out to such clients that these very reasons are precisely why a "no-holds-barred" approach should be employed. An intruder will not be playing by the client's rules. If the systems are that important to the organization's well-being, they should be tested as thoroughly as possible. In either case, the client should be made fully aware of the risks of the evaluations. These risks include alarmed staff and unintentional system crashes, degraded network or system performance, denial of service, and log-file size explosions. A good solution might be to perform the tests during the weekend, since the sys admin might want to avoid affecting systems and networks during regular working hours. Of course, this falsifies the simulation of an attack as well, but it's rather acceptable since many s'kiddies and also more dangerous intruders perform their attacks outside of the local regular working hours

    Certain clients will tell you to stop the evaluation immediately as soon as any security hole has been found. They are commonly intending to save money, prevent further damage or prevent you from gaining information about the organization. This is, of course, a pretty half-heartedly approach to the whole issue, and you should tell them so. They would obviously get the wrong impression that only the one security hole exists that has been found and that fixing this one will make their system secure. Thus, keep in mind that many people are still rather naive cncerning computers, discuss everything in detail before you actually star.

    The client should also provide contacts within the organization who can respond to calls from the ethical hackers if a system or network appears to have been adversely affected by the evaluation or if an extremely dangerous vulnerability is found that should be immediately corrected.

    Furthermore, make sure that the client is not expecting a last-minute job from you. Certain security holes that can be eventually found cannot be fixed within one week. If the sys admin delays the evaluation of his system until a few days or weeks before his computers need to go online, no ethical hacker can provide a really complete evaluation or implement the corrections for potentially immense security problems. This might take more time than is available and may introduce new system problems, and the hacker himself will be blamed for that. Keep away from last-minute jobs.

    Before we start to discuss the ethical hack itself, one more tip. Tell the system administrator not to tell anyone within the organization about the hack that is due to be dealt with. If everybody thinks that they are working like they always do, you will also be working under normal conditions. You will be able to evaluate the system's security like it is present under normal conditions. In contrast to this situation, you would eventually goverrate the system's security extremely if everyone knows that someone is going to break into the system.


    --------------------------------------------------------------------------------

    The Hack
    Note that the hack poses some risk to the client referring to a criminal hacker monitoring the transmissions of the ethical hacker. This would mean that this criminal gets all the information needed to perform a dangerous attack. Every single vulnerability that you discover would be exploited by the guy, and depending on how insecure the system is (It hadn't been tested this way yet), this could lead to immense problems. The best approach to this dilemma is to maintain several addresses around the Internet from which the ethical hacker's transmissions will emanate, and to switch origin addresses often. Create logs and check them carefully. In extreme cases, you could deploy additional intrusion monitoring software at the target to ensure that everything is coming only from the ethical hacker's machine[s]. However, this would most prbably require the cooperation of the client's ISP.

    The line between criminal hacking and computer virus writing is becoming increasingly blurred. When requested by the client, the ethical hacker can perform testing to determine the client's vulnerability to e-mail or Web-based virus vectors. However, it is far better for the client to deploy strong antivirus software, keep it up to date, and have a clear and simple policy in place for the reporting of incidents.

    The progress of the system evaluation consists of the following parts. I hope you didn't expect that I give you a list of possible attacks and how to launch them, that's not what this article is about.

    Remote network. This test simulates the intruder launching an attack across the Internet. The primary defenses that must be defeated here are border firewalls, filtering routers, and Web servers.
    Remote dial-up network. This test simulates the intruder launching an attack against the client's modem pools. The primary defenses that must be defeated here are user authentication schemes. These kinds of tests should be coordinated with the local telephone company.
    Local network. This test simulates an employee or other authorized person who has a legal connection to the organization's network. The primary defenses that must be defeated here are intranet firewalls, internal Web servers, server security measures, and e-mail systems.
    Stolen equipment. In this test, for example, the laptop computer of a key employee such as an upper-level manager or strategist, is taken by the client without warning and given to the ethical hackers. They examine the computer for passwords stored in dial-up software, corporate information assets, personnel information, and the like. Since many busy users will store their passwords on their machine, it is common for the ethical hackers to be able to use this laptop computer to dial into the corporate intranet with the owner's full privileges.
    Social engineering. This test evaluates the target organization's staff as to whether it would leak information to someone. A typical example of this would be an intruder calling the organization's computer help line and asking for the external telephone numbers of the modem pool. Defending against this kind of attack is the hardest, because people and personalities are involved. Most people are basically helpful, so it seems harmless to tell someone who appears to be lost where the computer room is located, or to let someone into the building who "forgot" his or her badge. The only defense against this is to raise security awareness.
    Physical entry. This test acts out a physical penetration of the organization's building. Special arrangements must be made for this, since security guards or police could become involved if the ethical hackers fail to avoid detection. Once inside the building, it is important that the tester not be detected. One technique is for the tester to carry a document with the target company's logo on it. Such a document could be found by digging through trash cans before the ethical hack or by casually picking up a document from a trash can or desk once the tester is inside. The primary defenses here are a strong security policy, security guards, access controls and monitoring, and security awareness.
    Each of these kinds of testing can be performed from three perspectives: as a total outsider, a "semi-outsider," or a valid user.
    A total outsider has very limited knowledge about the target systems. The only information used is available through public sources on the Internet. This test represents the most commonly perceived threat. A well-defended system should not allow this kind of intruder to do anything ... obviously.
    A semi-outsider has limited access to one or more of the organization's computers or networks. This tests scenarios such as a bank allowing its depositors to use special software and a modem to access information about their accounts. A well-defended system should only allow this kind of intruder to access his or her own account information.
    A valid user has valid access to at least some of the organization's computers and networks. This tests whether or not insiders with some access can extend that access beyond what has been prescribed. A well-defended system should allow an insider to access only the areas and resources that the system administrator has assigned to the insider. However, this threat is hard to control, as you can certainly imagine.

    The final report is a collection of all of the ethical hacker's discoveries made during the evaluation (duh). Vulnerabilities that were found to exist are explained and avoidance procedures specified. Don't give them a list with the vulnerabilities, everything has to be explained to increase the systems security permanently. If the ethical hacker's activities were noticed at all, the response of the client's staff is described and eventually, suggestions for improvements are made. If social engineering testing exposed problems, offer advice on how to raise awareness. The report must include specific advice on how to close the vulnerabilities and keep them closed.

    The actual delivery of the report is also a sensitive issue. If vulnerabilities were found, the report could be extremely dangerous if it fell into the wrong hands. A competitor might use it for corporate espionage, a cracker might use it to break into the client's computers. The final report is typically delivered directly to an officer of the client organization in hard-copy form. The ethical hackers would have an ongoing responsibility to ensure the safety of any information they retain, so in most cases all information related to the work is destroyed at the end of the contract.

    Now here are some last words on that, they should be any ethical hacker's last words, in fact. The system, no matter how detailed it has been tested and fixed, can never be completely secure. Systems are upgraded and changed frequently, for as usual. New vulnerabilities can be found and even the best hacker might have missed a hole. Just make sure that people stop thinking in terms that only include the two expressions "secure" and "not secure". Between "secure" and "not secure" there are many other stages of security. A system can only be relatively secure, in the end.


    --------------------------------------------------------------------------------

    Final Words
    Ethical Hacking is a large topic. The way a typical, ethical hacker works is perhaps much, but not difficult to describe. It's simply a bunch of facts put together to infor you. The most interesting part of this topic is the question about the mentality and the ethics of hackers. A clear definition of the ethical hacker is difficult to find. I already said that the difference between different sorts of computer experts is just a matter of mentality and the results of their actions. But who defines what is ethical and what is not? If I believe somebody to be unethical, am I ethical if I damage his system? Do you see yourself as an ethical hacker? Or do you want to give a pro-cracking statement?



    --------------------------------------------------------------------------------

    Appendix A: Moores Law
    In 1965, Intel cofounder Gordon Moore was preparing a speech and made a memorable observation. When he started to graph data about the growth in memory chip performance, he realized there was a striking trend. Each new chip contained roughly twice as much capacity as its predecessor, and each chip was released within 18-24 months of the previous chip. In subsequent years, the pace slowed down a bit, but data density has doubled approximately every 18 months, and this is the current definition of Moore's Law.

    WHITE HATS, ENJOY
    My only fear in death is comming back reincarnated.

    \"Would I ever sh*t you?\"
    \"Of course not you are my favorite turd.\"--E5C4P3

  2. #2
    sweet...lol.. that was well needed i think... but i think hacking today has a new face. not quite white or black, not even grey, more like invisible hackiners... the new breed... people (not unlike me) wiling to do what it takes to get what they want) whole new legions of programmers and security buffs it can be an ethical hack to shut down pedophilia site or to cracking a new plugin for you graphics software . bottom line the net should be free , if you want to sell it send it to walmart.....internet is what it a mass advertising space but if you want mass profits then stay away because there are people that think .. the higher the price of the software the sweeter the crack. and yes it will be given out..lol...whith free net in mind.that so called crack down on warez was a joke ive seen an increase spawn just from that headline soon hopefully people and business will learn the power of open source programming and then comes much more secure programing and info transfer. its a shame that hackers are labeled as bad. its not possible. the ultimate oxymoron.. scripts kiddies are lame(bad) they cause all they neg. attention but hackers white or black all work for increase in technology...for even a cracker wil tell you " if you try the program and use it, then buy it" which is a motto i live buy online.. everyone shpould donate to their favorite free programs

  3. #3
    Junior Member
    Join Date
    Jan 2008
    Posts
    7
    I kind of have a basic knowledge on Comp languages and whatnot that everyone has told me to learn to become a White hat that is like my goal but i really can't tell what to keep doing or learning...

    any pointers, advice since u guys seem to know a bit....??? thanks

  4. #4
    Junior Member
    Join Date
    Jan 2008
    Posts
    7
    I kind of have a basic knowledge on Comp languages and whatnot that everyone has told me to learn to become a White hat that is like my goal but i really can't tell what to keep doing or learning...

    any pointers, advice since u guys seem to know a bit....??? thanks

  5. #5
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    The moral of this thread: get an education!

  6. #6
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268
    lol agreed...
    Ghost879 there is not a set list to learn, it is all about what you want out of what you learn. What languages do you have basic knowledge in? I would advise in learning one language, become proficient in it, then move to the next...

    I read somewhere that you have to "read until your eyes bleed"
    (tutorials, newsletters, anything and everything that pertains to computers)

    that should keep you busy!

  7. #7
    'Twas a great explanation. I may have to refer back to this.
    ALWAYS wear protective eyegear.

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    1. This thread was started in early 2002. You might want to find something more current?

    2. Programming is relatively unimportant. I would guess that at least 95% of vulnerabilities are in the design and testing, not the coding.

    3. Learn systems analysis and systems design.

    4. Learn networks.

    5. Learn operating systems.

    6. Learn applications.

    7. Learn security modelling and best practices.

    When you visit a client the first thing you want to see is if they have a security model and policies to support it.

    Next you want to see if they are being adhered to.

    Forget about "hats" and forget about "hackers"............ that terminology is obsolete.

    Today you have "cyber criminals", "security consultants", "security analysts" and "security auditors"

  9. #9
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268
    Forget about "hats" and forget about "hackers"............ that terminology is obsolete.

    Today you have "cyber criminals", "security consultants", "security analysts" and "security auditors"
    well put, maybe we could get the media to recognize this...

  10. #10
    Member Alec Empire's Avatar
    Join Date
    Oct 2007
    Posts
    33
    Oh, for god's sake... how about picking up on a computer related hobby and just rolling with it!? Do it because you feel like it. Forget this nonsense about being something or making some kind of name for yourself in return. People who expect these sorts of things most likely never had a real interest in computers anyway.

    This day in age everyone has a computer. And everyone has done neat things with computers. The only difference is people who refer to themselves as the H-word have greater delusions of grandeur.

    I also beleave it has done nothing but degrade technological resources. For example, rather than talking about what it takes to be a internet beatnik... we could be talking about something technical instead.

    This is entirely why sites like this should stick with my idea of filtering the H-word and replacing it with funny phrases.

    http://antionline.com/showthread.php...466#post931466

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •