It's just a bad question and won't be on the test. It would take your imagination and some creativity to come up with an answer to it as there's really no technical difference, it all be in how you want to define the terms.

What are you using to study? I ask because you mention v5 but I don't think the v5 exam is available any longer. The v6 courseware has been out for a while and they're working on getting the v7 release out.

I agree with Don, "Penetration Testing" is a subset of "Ethical Hacking".

You have hardware hacking, people hacking (social engineering), software hacking (exploit development), web application hacking (web app pen test), network and server hacking (pen test), wireless hacking, etc.

Hacking in general could be legal (ethical) or illegal.

To me, in a nutshell, ethical means that all the parties involved are fully aware of the hack being performed. To me "parties" include owners of the network, servers, application and data. This doesn't mean you warn Microsoft before pen testing a Windows environment, but make sure the owner or the person responsible of this environment understand what you will be doing. This means written permission and all that comes with it (Non disclosure agreement, methodology, rules of engagement, etc).

Alternatively, you work in your own lab.

Just about everything else is illegal, hence not ethical.

Personally, I don't get any pride or glory in hacking my neighbour's wireless access point. But downloading a vulnerable VM image and hack my way into it in my lab is very rewarding (and much, much harder!). The same goes from pen testing a web application and downloading the entire database. It is legal, your client is happy and you are happy. In addition, you can add it to your resume!

Hey tturner,

If someone describes themself as a hacker or says that they hack things, we would most likely ask for more info... is it hardware hacking, computer hacking, human hacking, etc.

Most of us would agree that 'hacking' is more than just exploiting a system. Therefore, 'ethical hacking' is much more than just exploiting a system with permission.

So I think my definition would fit that thought process better than yours.

But I do love a good debate. ;-)

What r your thoughts,
Don

...Its the people hacking behind me that make me nervous. I don't want to hear 'cough, cough' and then feel 'splat' on the back of my head. 
With all the condo commandos that live around me its always a possibility...

MP
 

I agree with you and the marketing of CEH (Certified Ethical Hacker). But I disagree completely with your time frame. IBM and many others were using the term ethical hacking long before EC-Council used the term in the name of their cert. I like to cite things, so here you go.

In a paper written by IBMer Charles C. Palmer in 2001, he states:

"In the case of computer security, these “tiger teams” or “ethical hackers”
(3) would employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information."

The 3 in that statement is the footnote which reads:

"The first use of the term “ethical hackers” appears to have been in an interview with John Patrick of IBM by Gary Anthens that appeared in a June 1995 issue of ComputerWorld."

Don