Re: learning ethical hacking

["Anirudhya Mitra" <quartz_blue () HotPOP com>]

Great Gillett! What ever you have written seems to be very realistic to me.
I am also a computer security enthusiast but I don't want to be
script-kiddie. But when it comes to learning the technology, it seems that
there is no end of learning, and frankly, that's why i sometimes get
confused and fraustrated.
Is there any roadmap that a beginner can follow?

----- Original Message -----
From: "David Gillett" <gillettdavid () fhda edu>
To: "'Shawn Duffy'" <shawnduffy () gmail com>; "'Nick Falcon'"
<nickbird793 () hotmail com>
Cc: <tech.louie () verizon net>; <karora () opsource net>; "'D K'"
<dwarkeeper () gmail com>; "'linux user'" <linuxteam () gmail com>;
<security-basics () securityfocus com>
Sent: Thursday, September 16, 2004 12:20 AM
Subject: RE: learning ethical hacking


> > -----Original Message-----
> > From: Shawn Duffy [mailto:shawnduffy () gmail com]
> >
> > What many people fail to recognize is that if you get into this in an
> > effort to "learn how to hack", you're not going to get very far.  This
> > isn't about learning how to compromise systems, per se, it is about
> > learning the technology behind it all.  If you simply want to know how
> > to "hack", you may end up being no better than a script kiddy...  If
> > you want to really succeed and differentiate yourself from the
> > kiddies, learn the technology.  When you learn the technology, you
> > will learn how it works and how to break it.
>
>   I've seen an awful lot of exploit descriptions from folks who very
> clearly had no idea how the system/technology being exploited was
> designed to work, kind of the "let's see what happens if we press
> this button" school of system exploration.  That's bad for anybody
> who aspires to be a White Hat (ethical), because it risks breaking
> things unintentionally.  And it's bad for Black Hats because it tends
> to leave a fairly obvious trail of failed attempts....
>
>   On the flip side, though, well-built products are supposed to be
> thoroughly tested by folks who DO understand the design, before their
> released into the world.  Experience suggests that the ignorant (I'm
> not being derogatory here, just factual) approach pretty regularly
> uncovers flaws in areas that were incorrectly or incompletely specified
> in the design.  The vulnerability is triggered by doing something that
> nobody who understood the design would ever think to do!
>
>   I would say that your goal should be to achieve a deep, expert
> understanding of the systems whose security you want to study -- but
> it may be counterproductive to put off starting to study until you have
> achieved that level of understanding.
>
> Dave Gillett
>
>
>
> --------------------------------------------------------------------------
-
> Computer Forensics Training at the InfoSec Institute. All of our class
sizes
> are guaranteed to be 12 students or less to facilitate one-on-one
> interaction with one of our expert instructors. Gain the in-demand skills
of
> a certified computer examiner, learn to recover trace data left behind by
> fraud, theft, and cybercrime perpetrators. Discover the source of computer
> crime and abuse so that it never happens again.
>
> http://www.infosecinstitute.com/courses/computer_forensics_training.html
> --------------------------------------------------------------------------
--
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.759 / Virus Database: 508 - Release Date: 9/9/2004