.

HNNCast's take on Ethical Hacker (the phrase not hte site)

<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sat Mar 06, 2010 4:20 pm

HNNCast's take on Ethical Hacker (the phrase not hte site)

Did anyone else see HNNCast this week (First week of March 2010) where Space Rogue has a disdain for the phrase Ethical Hacker?

I respect the guy, and the others from L0pht, and I agree with a him to a point of either you're a hacker or not.

However I don't think that all hackers are criminals, and I don't think they're all Ethical. I think he's argument shows a lack of understanding of what EH means.

*sorry edited it a few times, to get the show's name right.
Last edited by rattis on Sat Mar 06, 2010 4:23 pm, edited 1 time in total.
OSWP, Sec+
<<

Data_Raid

User avatar

Full Member
Full Member

Posts: 165

Joined: Fri Nov 09, 2007 5:55 am

Post Sun Mar 07, 2010 6:09 am

Re: HNNCast's take on Ethical Hacker (the phrase not hte site)

I did see that episode and Space Rogue is right and I agree with what he said. He said "you either are a hacker or you aren't, there's nothing ethical about it. But prefacing the term with ethical you give the illusion that all hackers are bad, or somehow unethical. Hacker does not equal criminal"
Space Rogue is referring to the original term Hacker and not what it is known as today. If anyone mentions hacker most people think "bad guy, criminal". Sadly, the real bad guys' original term was cracker but I guess that term never caught on.

I also think Space Rogue is misinformed, he asked why if the DoD had to pick an official certification, did they "pick one from the EU" instead of one of the US based certifications.
EC Council does not have any offices in the EU: https://www.eccouncil.org/contact_us.aspx&nbsp; :)
All men by nature desire knowledge.

Aristotle
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Sun Mar 07, 2010 6:40 am

Re: HNNCast's take on Ethical Hacker (the phrase not hte site)

I pretty much agree about either you're a hacker or you're not. It seems like the C|EH certificate sounds cooler than the others, because it has hacker in the name.

I still need to find the time and money to get a certificate :-[
ZF
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Mar 07, 2010 12:51 pm

Re: HNNCast's take on Ethical Hacker (the phrase not hte site)

Data_Raid -

Dead on!

Data_Raid wrote:He said "you either are a hacker or you aren't, there's nothing ethical about it.


It's very true, that being a hacker IS being a hacker.  It's the mindset and reasoning BEHIND behind a hacker that qualifies the actions as ethical or not.  I only caught part of the episode, as I got pulled away on a critical issue, for a customer.  But I would really like to catch the rest at some point.  I've never looked for it, though, but is there an archive I can catch the rest at?

TIA.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sun Mar 07, 2010 1:05 pm

Re: HNNCast's take on Ethical Hacker (the phrase not hte site)

I didn't know HNNCast before, but did some searching and found a few episodes of it on youtube. So you might check there, though I am not sure if the one discussed here is already there too or not.
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sun Mar 07, 2010 1:06 pm

Re: HNNCast's take on Ethical Hacker (the phrase not hte site)

Data_Raid wrote:Space Rogue is referring to the original term Hacker and not what it is known as today. If anyone mentions hacker most people think "bad guy, criminal". Sadly, the real bad guys' original term was cracker but I guess that term never caught on.


I'm not to sure about that (just watched the segment again). The show is called HNNCast (as in Hacker News Network), and it's mostly about computer security.

It's really no different than saying White Hat (light side, ethical, etc) Hacker or Black Hat (darkside, unethical, etc) Hacker.

But I learned the word hacker from the Jargon file.

@Hayabusa hackernews.com

@Don Thanks for moving the thread, I wasn't sure where to put it when I wrote it yesterday.
OSWP, Sec+
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Sun Mar 07, 2010 4:50 pm

Re: HNNCast's take on Ethical Hacker (the phrase not hte site)

This is relevant I think:
http://www.spacerogue.net/wordpress/?p=191

It is basically about the whole conversation of "We don't hire hackers".

When it comes down to it, ethics are flexible.  Mine and yours won't match up on certain issues.  There is legal and illegal, and in different parts of the world, those won't match up.  Certifying someone as ethical is like classifying porn vs art; the "I know it when I see it" concept has always been bogus. 

It all goes back to trust and risk management.  I trust that a pen tester from company X won't destroy my world.  There is a risk that he/she will, but I would have recourse in this situation.  Reputation is very important in security, and who you know is as important as what you know. 
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Mar 08, 2010 2:04 pm

Re: HNNCast's take on Ethical Hacker (the phrase not hte site)

Great thread, so I thought I'd chime in as I've been part of this conversation for a while. Especially running a site named The Ethical Hacker Network;)

chrisj makes an excellent point. It's more that the phrase 'ethical hacker' is a subset of the larger group 'hacker.' Just like black hat or criminal hacker is also a subset. We're all hackers.

I just recently did a video for CompTIA on the basics ethical hacking. One of the areas I cover is what 'ethical hacking' is and what it is not. 2 things I mentioned in the section on what it is discusses a) there's more than 1 accepted definition of hack as being negative. Mostly in academia. Take a look at this from dictionary.com on the def of the noun 'hack':


1. a person, as an artist or writer, who exploits, for money, his or her creative ability or training in the production of dull, unimaginative, and trite work; one who produces banal and mediocre work in the hope of gaining commercial success in the arts: As a painter, he was little more than a hack.

2. a professional who renounces or surrenders individual independence, integrity, belief, etc., in return for money or other reward in the performance of a task normally thought of as involving a strong personal commitment: a political hack



Members of the media also have their own definition with a negative connotation:


4. to damage or injure by crude, harsh, or insensitive treatment; mutilate; mangle: The editor hacked the story to bits.



http://dictionary.reference.com/browse/hack

And then B) When identifying themselves, criminals don't mention their subset, they simply call themselves hackers.

So add the definitions with negatives tones used in academic circles and the media (which BTW come from academia themselves) to the bad guys calling themselves hackers, and it was doomed to be hijacked.

So legitimate industry came up with a way of describing their subset. They've tried 'auditors,' 'researchers,' 'pen testers'... maybe it's simply because the word 'hacker' is sexy that 'ethical hacking' stuck. No matter what you call yourself, a rose by any other name...

So ethical is just a way of describing yourself. Apollo makes a great statement about being ethical and only experience and reputation can prove that you actually are. I don't completely agree with his art vs porn argument, but I see his point. A cert can clearly let the world know that you have a baseline of technical knowledge. But can it truly claim that you are ethical? The way I see it is that a certification attemtping to certify ethical behavior can only help the individual claim that their intention is to go down the legal path. As mentioned, experience and reputation is the only true way of proving it.

Then again, can't the same thing be said of the technical side? One may have the book knowledge to be able to pass a cert, but experience and reputation in the practical use of that knowledge is what sets you apart from the rest.

There's my $.02.

Don
CISSP, MCSE, CSTA, Security+ SME

Return to Other

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software