August 11th, 2004, 02:51 AM
Training Ethical Hackers: Training the Enemy?
I was doing some ego surfing recently to see who has been linking to my site and found an interesting article titled “Training Ethical Hackers: Training the Enemy?” at http://www.infosecwriters.com/texts....display&id=185
Here is the part that got my attention:
Is making such tutorials a bad thing ethically? I don’t personally think so, but what are your thoughts?
However, there are free and portable resources on the Internet as well. Websites such as IronGeek.com  provide free videos that lead the viewer through step-by-step attacks. Almost anyone who can watch a video can perform these attacks with the added convenience of rewinding and viewing them over and over if needed or even downloading them. This format also allows for easy distribution of this knowledge even if the viewer speaks a different language, a simple monkey-see, monkey-do situation.
August 11th, 2004, 03:34 AM
I believe that your purpose is to educate and if someone uses the knowledge gained to commit a crime, it is not your concern.
Now if you were to make a video tut of say cracking a program, without even any mention of being able to secure the program, then "I' would say that it would not be a very good idea. But to make a tut that show how to hack into a system that the password is lost for. And for the owner or tech of the system, then that would be all right.
Damn, I know what I am trying to say, but it is not coming out right.....I hope you can read between the lines and devine my meaning.
I guess I am saying it mostly depends on your intentions when you create the tutorial, not the content. Kind of a real grey area I know. I do believe in the free and open sharing of information and learning, even if there are some people who will miss use the same information.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
August 11th, 2004, 03:44 AM
i agree with moxnix .. your educating them, which is a great thing. If they chose to use it in the wrong way its their problem. Like the army, it trains killers (in some parts).. thats fine if they turn bad thats not fine
August 11th, 2004, 03:48 AM
Whats the big deal? Hacking exposed does the same thing, has a DVD, and uses the same marketing tactics... it grabs people into a subject and shows minor little things... it shows what a attack is and where to find tools/examples. None of these classes, books, & (ect) will ever actually teach you anything in detail. Everything can be googled.... But no one is willing to really give a good how-to on actually reverse engineering software and find future problems, show you how to make programs to exploit these flaws, & blah blah blah. They do this to keep people comeing back.
(Edited) I can't beleave your actually compairing this to training killers. Most people would rather compair it to vandalism instead but even then there is virtually no such thing as physical damage to computers... so really I don't even consider most so called computer related "crimes" to be real crimes. It's only the idiotic losers out there who are currently freaking out in a panic as we speak, who end up hurting their own computers in the end. To me It's only a crime intil fraud is tossed into the mix.
August 11th, 2004, 04:36 AM
Unfortionately, many people don't care if you were just educating someone. Many times, especially in today's world void of a sense of responsibility for one's own actions, the educator is the one that gets busted, and not the abuser.
Also, the article mentioned videos, where are they on your site?
August 11th, 2004, 09:47 AM
August 11th, 2004, 11:07 AM
Irongeek, it's not necessarily your place to setup the ethics of those that visit. When it comes down to it anything taught in the IT environment can be used for "good" and "evil". If someone is taught how to create network sockets and then builds their own trojans, which they send out to the world, did the teacher do the wrong thing by teaching them? No.
I teach two courses: an intro security course and advanced security course. In the intro course I deliberately get students to learn how to break into systems. It serves a few purposes: gets the desire out of their systems, makes them realize it's not a simple click (although the social engineering can make it easy sometimes) and makes them realize how important it is to secure things down. Added to this is the requirement to document every step they did when they attempted to break in (some are more successful than others). This gets them oriented towards the concept of security auditing, which becomes a big part of the advanced course. There they build a secure network and have to defend against other groups in the class.
Personally I wouldn't be too worried about it and flattered they mentioned you. The closing paragraphs certainly sum it up appropriately:
What you provide teaches people what they need to be aware and worried about. Be proud that you are reaching that many people and perhaps preventing an attack in the process because you made someone go... "hrmmmmm".
The benefits of training ethical hackers far out weigh the risks associated with it. Skoudis explains why he wrote a book on hacking: “Let’s face it – the malicious attackers have all the information they need to do all kinds of nasty things. If they don’t have the information now, they can get it easily enough on the Internet though a variety of Web sites, mailing lists, and newsgroups devoted to hacking. Experienced hackers often selectively share information with new attackers to get them started. Indeed, the communication channels in the computer underground among attackers are often far better than the communication among computer professionals. This book is one way to help make things more even.”
August 12th, 2004, 07:40 PM
if he posts one more link to his site im going to barf!
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
August 12th, 2004, 09:14 PM
AvatharTri asked where they were, so I figured I'd tell him. Not trying to link whore.
August 13th, 2004, 07:08 PM
Yes, I did request that he made yet another link to his site. Thank you iron geek.