HNNCast’s take on Ethical Hacker (the phrase not hte site)

Viewing 7 reply threads
  • Author
    • #4755

      Did anyone else see HNNCast this week (First week of March 2010) where Space Rogue has a disdain for the phrase Ethical Hacker?

      I respect the guy, and the others from L0pht, and I agree with a him to a point of either you’re a hacker or not.

      However I don’t think that all hackers are criminals, and I don’t think they’re all Ethical. I think he’s argument shows a lack of understanding of what EH means.

      *sorry edited it a few times, to get the show’s name right.

    • #29755

      I did see that episode and Space Rogue is right and I agree with what he said. He said “you either are a hacker or you aren’t, there’s nothing ethical about it. But prefacing the term with ethical you give the illusion that all hackers are bad, or somehow unethical. Hacker does not equal criminal”
      Space Rogue is referring to the original term Hacker and not what it is known as today. If anyone mentions hacker most people think “bad guy, criminal”. Sadly, the real bad guys’ original term was cracker but I guess that term never caught on.

      I also think Space Rogue is misinformed, he asked why if the DoD had to pick an official certification, did they “pick one from the EU” instead of one of the US based certifications.
      EC Council does not have any offices in the EU:  🙂

    • #29756

      I pretty much agree about either you’re a hacker or you’re not. It seems like the C|EH certificate sounds cooler than the others, because it has hacker in the name.

      I still need to find the time and money to get a certificate :-[

    • #29757

      Data_Raid –

      Dead on!

      @Data_Raid wrote:

      He said “you either are a hacker or you aren’t, there’s nothing ethical about it.

      It’s very true, that being a hacker IS being a hacker.  It’s the mindset and reasoning BEHIND behind a hacker that qualifies the actions as ethical or not.  I only caught part of the episode, as I got pulled away on a critical issue, for a customer.  But I would really like to catch the rest at some point.  I’ve never looked for it, though, but is there an archive I can catch the rest at?


    • #29758

      I didn’t know HNNCast before, but did some searching and found a few episodes of it on youtube. So you might check there, though I am not sure if the one discussed here is already there too or not.

    • #29759

      @Data_Raid wrote:

      Space Rogue is referring to the original term Hacker and not what it is known as today. If anyone mentions hacker most people think “bad guy, criminal”. Sadly, the real bad guys’ original term was cracker but I guess that term never caught on.

      I’m not to sure about that (just watched the segment again). The show is called HNNCast (as in Hacker News Network), and it’s mostly about computer security.

      It’s really no different than saying White Hat (light side, ethical, etc) Hacker or Black Hat (darkside, unethical, etc) Hacker.

      But I learned the word hacker from the Jargon file.


      @Don Thanks for moving the thread, I wasn’t sure where to put it when I wrote it yesterday.

    • #29760

      This is relevant I think:

      It is basically about the whole conversation of “We don’t hire hackers”.

      When it comes down to it, ethics are flexible.  Mine and yours won’t match up on certain issues.  There is legal and illegal, and in different parts of the world, those won’t match up.  Certifying someone as ethical is like classifying porn vs art; the “I know it when I see it” concept has always been bogus. 

      It all goes back to trust and risk management.  I trust that a pen tester from company X won’t destroy my world.  There is a risk that he/she will, but I would have recourse in this situation.  Reputation is very important in security, and who you know is as important as what you know. 

    • #29761
      Don Donzal

      Great thread, so I thought I’d chime in as I’ve been part of this conversation for a while. Especially running a site named The Ethical Hacker Network.  😉

      chrisj makes an excellent point. It’s more that the phrase ‘ethical hacker’ is a subset of the larger group ‘hacker.’ Just like black hat or criminal hacker is also a subset. We’re all hackers.

      I just recently did a video for CompTIA on the basics ethical hacking. One of the areas I cover is what ‘ethical hacking’ is and what it is not. 2 things I mentioned in the section on what it is discusses a) there’s more than 1 accepted definition of hack as being negative. Mostly in academia. Take a look at this from on the def of the noun ‘hack’:

      1. a person, as an artist or writer, who exploits, for money, his or her creative ability or training in the production of dull, unimaginative, and trite work; one who produces banal and mediocre work in the hope of gaining commercial success in the arts: As a painter, he was little more than a hack.

      2. a professional who renounces or surrenders individual independence, integrity, belief, etc., in return for money or other reward in the performance of a task normally thought of as involving a strong personal commitment: a political hack

      Members of the media also have their own definition with a negative connotation:

      4. to damage or injure by crude, harsh, or insensitive treatment; mutilate; mangle: The editor hacked the story to bits.

      And then B) When identifying themselves, criminals don’t mention their subset, they simply call themselves hackers.

      So add the definitions with negatives tones used in academic circles and the media (which BTW come from academia themselves) to the bad guys calling themselves hackers, and it was doomed to be hijacked.

      So legitimate industry came up with a way of describing their subset. They’ve tried ‘auditors,’ ‘researchers,’ ‘pen testers’… maybe it’s simply because the word ‘hacker’ is sexy that ‘ethical hacking’ stuck. No matter what you call yourself, a rose by any other name…

      So ethical is just a way of describing yourself. Apollo makes a great statement about being ethical and only experience and reputation can prove that you actually are. I don’t completely agree with his art vs porn argument, but I see his point. A cert can clearly let the world know that you have a baseline of technical knowledge. But can it truly claim that you are ethical? The way I see it is that a certification attemtping to certify ethical behavior can only help the individual claim that their intention is to go down the legal path. As mentioned, experience and reputation is the only true way of proving it.

      Then again, can’t the same thing be said of the technical side? One may have the book knowledge to be able to pass a cert, but experience and reputation in the practical use of that knowledge is what sets you apart from the rest.

      There’s my $.02.


Viewing 7 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?