Penetration Testing mailing list archives

RE: Ethical Hacking Training

From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Sun, 18 Jan 2004 11:52:47 -0800

Very good statement and you do need to know your enemy.

Just because you're a police officer, soldier, or in our case, information
security engineers, does not mean you or I really know our enemy and their
full or potential capabilities.

Ethical hacking gives us an overview or lets us peer into the cracker's
world.  Of course, the classes do not have the latest cracks unless they
have a honey pot running and receiving such traffic.  Nor, does it make us
crackers.  It is only a look see and not cracker training.

Ethical Hacking is really a coin term for the public and those who do not
know the difference between hacker, wacker, and cracker.  The public only
knows or thinks they know what a hacker is.  In reality, they have no clue
that a hacker is good and the other two are not.

Also, how do you propose a professional runs pen and vuln tests against
their network to secure holes in their fortifications?  There are good
products on in the market; however not everyone can afford them, use them
properly, or the software or device is not totally up to date or catches
everything.

Regards,

Greg DeGennaro Jr., CCNP
Security Analyst


-----Original Message-----
From: Teicher, Mark (Mark) [mailto:teicher () avaya com] 
Sent: Friday, January 16, 2004 7:10 PM
To: Rob Shein; Andy Cuff [Talisker]; pen-test () securityfocus com
Subject: RE: Ethical Hacking Training

Talisker,

I still have an issue with the term "Ethical hacking"  It was a term
born out of the Big Six when they were trying build their security
practices and leverage their existing client base.  I still feel the
term is somewhat of slant on those who practice "holistic security" and
actually attempt to help customers improve their network security
posture instead of pointing out the "glaring" hole that those who
practice "Ethical Hacking" like to do.  

I have worked in the past with those who preach and teach "Ethical
Hacking" Many of those people have published books exploiting that exact
theme.

Why not spend the time in researching how to correct security exploits
in enforcing secure coding standards and forcing vendors to clean up
their act and making their products work more efficiently and securely.

/mark



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

RE: Ethical Hacking Training, (continued)
- RE: Ethical Hacking Training charl van der walt (Jan 16)
- RE: Ethical Hacking Training Teicher, Mark (Mark) (Jan 18)
  - Re: Ethical Hacking Training Jimi Thompson (Jan 19)
    - Re: Ethical Hacking Training Steve Kemp (Jan 19)
    - Re: Ethical Hacking Training Tim Gurney (Jan 20)
    - RE: Ethical Hacking Training Rob Shein (Jan 20)
- Re: Ethical Hacking Training Don Parker (Jan 18)
  - RE: Ethical Hacking Training Pete Herzog (Jan 19)
  - Re: Ethical Hacking Training Mike Hoskins (Jan 20)
- RE: Ethical Hacking Training Teicher, Mark (Mark) (Jan 19)
- RE: Ethical Hacking Training DeGennaro, Gregory (Jan 19)
  - Re: Ethical Hacking Training Meritt James (Jan 19)
    - Re: Ethical Hacking Training Stormwalker (Jan 20)
    - RE: Ethical Hacking Training Kurt (Jan 20)
- Re: Ethical Hacking Training Don Parker (Jan 19)
  - Re: Ethical Hacking Training Kevin Johnson (Jan 20)
- RE: Ethical Hacking Training Don Parker (Jan 19)
  - RE: Ethical Hacking Training S. Thomas (Jan 20)
- RE: Ethical Hacking Training DeGennaro, Gregory (Jan 20)
- Re: Ethical Hacking Training Hamish webhosting.net.nz (Jan 20)
- Ethical Hacking Training Daryl Davis (Jan 20)

(Thread continues...)