How to Hack Ethically?

I just received a link to one of my personal e-mails announcing an upcoming
seminar in my area titled: "How to Hack Ethically" It includes all software and training.

Link: www.ceplogic.com... (see video)

WTF????????????????????????

Related, this link is on their site:

reply to post by kinda kurious


I'm shocked you find this so surprising, hackers have always been typically broken down into three major categories: White, Black and Grey.

White hat hackers hack computer systems and then inform the owner of the discovered security holes with good intentions and hopefully the owners will patch the holes in their systems. The combination of the technical challenge and good intentions makes "them" do what they do.

Black hat hackers hack computer systems with malicious purposes and obviously will not inform the system owners.

Grey hat hackers are anything and everything in between.

You can be IT security qualified in Certified Ethical Hacking, not sure why you are too puzzled?

reply to post by Death_Kron


Well perhaps I'm just an excitable boy. Like Barney Fife. Maybe not everyone is as fluent in understanding as yourself. The video might serve to inspire those to use more caution while surfing on public wi-fi.

Seems that you could take the training under the auspices of being "ethical" then use your new skills in nefarious ways. I'm just saying that it requires self-imposed honor system. I'm not jumping to conspiracy which is why I dropped this nugget down here in chit-chat section.

reply to post by kinda kurious


Fair enough buddy, sorry for the slightly abrasive reply.

But yeah, your right in the sense that anyone could potentially learn these skills and use them in a negative manner but that same principle can probably be applied to many, many things although I do see what your getting at.

However, I hedge a bet that anyone wanting to learn said techniques with the intention of nefarious purposes wouldn't spend the money on such a course but would instead learn the information needed which is public on the world wide web if you know where to look.

reply to post by kinda kurious


That basically applies to any skill that can be abused. However as with all skills that are difficult to obtain the people acquiring them are tracked by whomever is a stakeholder in the game that the skill serves his purpose best.

Only difference is that a hacker can try to stay under the radar. A Nuclear physicist will have more difficulties to do so. Without Ethical hackers (Security consultants, pen testers etc) a lot of banks and governments would have (more ) issues with keeping their sh*t secure.

Just to add: the techniques demonstrated in the OP's video are nothing new and pretty easily implemented when you have a rough idea of how TCP/IP works.

Well, I'm confused by that video. In the end, the reporter said to ensure you were using https: but the examples in the video all showed that "s" security feature being stripped by the hacking program. So, 'erm....

reply to post by LadySkadi



Nice catch LS, does seem like a contradiction. Hopefully one of the gear heads can explain. I usually use my laptop when traveling at hotel's wifi. I suppose I might think twice in the future.

I did find this tidbit:

This kind of vulnerability has always existed with SSL because it is difficult to be certain about where the endpoints of communication lie. Rather than having a secure end-to-end connection between Amazon and you, there might be a secure connection between you and an attacker (who can read everything you do in the clear), and then a second secure connection between the attacker and Amazon.

www.sindark.com...

reply to post by kinda kurious

Intesting Power Point, helps to visually explain the SSL stripping:
www.obnosis.com/SSLstrip.ppt

haha how to hack ethicly ethical hackers make me want to vomit hackers dot com back in the day before revolution died from cancer was all about this bull# they used to run a group called EHAP ethical hackers against pedo's and they used to do all sorts of white hat stunts like releaseing 0day to the public I used to program for a group called ADM - w00w00 and gH so called "ethical hackers" are the reason tens of thousands of lines of my code where released to huge corperations copywrited then patched.

Ethical hacking ?
thats like making love with a condom in my opinion....

And another thing on this topic 99% of todays hackers are so called gurus with MSCE certs and can do a little networking in my day being the 90s - now hacking wasn't finding a NULL session on a computer or scanning multiple networks with trino to make distrobuted denial of service attacks which most people these days use for spam we would have to go through thousands of lines of source code find vulnerablilities in services then exploit them via off bye ones buffer over flows etc. other methods of hacking where session hijacking injection etc etc etc .
These self proclaimed "hackers" make me want to r00t half the morons claiming to be security experts to bad these days half passed me and i'm more consitrated on making money with my website.

reply to post by kinda kurious


Let's get this terminology straight here. I am a hacker. That means I hack into my own computer software in an effort to understand it better, and make it faster and more secure. I am not a Cracker. A "Cracker" cracks into other's personal, or corporate computer systems in an effort to steal or alter information, or to implant a Trojan.

reply to post by corestorm


All I got from this little rant of yours is that you're mad that hacking has changed over the years. Not exactly a great reason to be mad.

Originally posted by autowrench
reply to post by kinda kurious

 

Let's get this terminology straight here. I am a hacker. That means I hack into my own computer software in an effort to understand it better, and make it faster and more secure. I am not a Cracker. A "Cracker" cracks into other's personal, or corporate computer systems in an effort to steal or alter information, or to implant a Trojan.

Duly noted. And since we are setting the record straight.....I'm a slacker.

Originally posted by autowrench
reply to post by kinda kurious

 

Let's get this terminology straight here. I am a hacker. That means I hack into my own computer software in an effort to understand it better, and make it faster and more secure. I am not a Cracker. A "Cracker" cracks into other's personal, or corporate computer systems in an effort to steal or alter information, or to implant a Trojan.

Nope, that isn't correct.

The term "hacker" did originally mean someone who enjoyed experimenting or programming computer systems to make them faster or to add "additional" features or a more generic term for someone who was interested in computers a la "nerd".

As time has gone by, the term "cracker" was used to mean someone who hacks into computer systems with malicious intent although in todays world that definition is also slightly off the mark.

A hacker is a person who gains unauthorized access to a computer/s, the three shades of hacker can be described as white hat, black hat or gray hat where as a white hat hacker hacks solely with the intent of informing the system owners, a black hat does so for purely personal or malicious reasons and a grey hat lies somewhere in between the two.

The term cracker today usually refers to a black hat hacker or someone engaged with breaking copyright routines and does most of his work at low level coding.

The term "hacker" has lost it's original meaning and did so a long time ago, if you want to talk terminology then at least get it right

Edit to add: You also have the term "script kiddie" which usually refers to someone using a pre-compiled tool to compromise a well known exploit with level to almost no skill, metasploit guys aint hackers