Hmm, I'll start this with some Sun Tzu quotes from Wikiquote
http://en.wikiquote.org/wiki/Sun_Tzu (because it is fun):
- It is said that if you know your enemies and know yourself, you will not be imperilled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperilled in every single battle.
- The more you read and learn, the less your adversary will know.
- Now the reason the enlightened prince and the wise general conquer the enemy whenever they move and their achievements surpass those of ordinary men is foreknowledge.
- The general who wins the battle makes many calculations in his temple before the battle is fought. The general who loses makes but few calculations beforehand.
- Thus, what is of supreme importance in war is to attack the enemy's strategy.
- And therefore those skilled in war bring the enemy to the field of battle and are not brought there by him.
- When the enemy is at ease, be able to weary him; when well fed, to starve him; when at rest, to make him move. Appear at places to which he must hasten; move swiftly where he does not expect you.
- etc
I think that we can all agree that these apply in some form or fashion. Although some will like certain sayings better than others.
The point is that ethical hackers obtain their skills so that they can make a difference. If the only hackers out there are unethical hackers then there is only defense and no way to test the defenses. This is a losing proposition.
Here is a real world example. We have good police officers and we have police officers who act unethically. Are you willing to dismiss all police officers because of the potential for an unethical element?
Go forth and do good things,
Cutaway
OSCP - Offensive Security Certified Professional : OSCP exam scheduled
