wow, heated discussion on that blog. i remember seeing that when it came out back in May/June.
i'll throw my opinion in here about it.
*I think there are very very few certs out there that should bring the word "expert" to someone's mind when they see it in someone's signature block. one's like CCIE and the RHCE come to mind. Ones like CEH, CPTS, CISSP, etc do not come to mind. they should mean to someone they have a broad general knowledge of those types of subjects and that they passed a test demostrating that.
*All certifcations are out to make money, no cert vendor does anything not to make money. its stupid to sit there and say that company x is only doing this for the money, or company y is greedy. they all want to make money with their cert.
*If i recall correctly, and i may be wrong, aside from some of the SANS training and certs, CEH was the first mainstream attempt at a hacking cert. If anyone has never tried to write any type of course, lesson plan, documentation, i can say from experience that its hard and takes a LONG time to do it right. Does that excuse EC-Council from plagerizing and lack of grammar in its text, no, but as someone who has written course material i can see how it could come about. its also very easy to come after someone has written courseware and say that it sucks and how they could do much better (Mile2--and they did) but its much harder to actuall CREATE that material in the first place.
*I have said it before and i'll say it again. a 5 day bootcamp is not going to make anyone an expert. and it seems like alot of the comments in that blog are from people that thought they would be coding up exploits and hacking the planet on day 6, that's just silly.
*Also from experience with bootcamps i doubt that most people really have the background required to get the most out of a real hacking course. while this doesnt condone just teaching tools, again i can see how you can get led down that road. you could spend a whole week talking about networking before you ever get into using tcpdump or etheral and to really understanding how a packet crafting tool works and what it can really be used for--that could take another week.
*teaching exploits on old OSes. this one comes up a bit all over the place. an exploit is an exploit is an exploit...a remote exploit on Windows 2k in the grand scheme of things is the same as an exploit on Windows 2003. if you arent going to go into painful detail of the differences of exploiting things on the different OSes, the getting a remote shell on a Windows 2000 box is the same as Windows 2003. what you do with that shell is really what's important and not really discussed in any of those courses in great detail. another good reason is that there arent that many reliable exploits for win2k3 out there in the wild.
I guess that's enough of that, i am interested in what other people think about the blog. Frankly i think people expect too much out of a 5 day course and expect to be spoon fed all that knowledge at the same time. becoming a good security professional takes YEARS of work, studying, breaking things, getting stuck on a problem and working thru it, and just having the interest to keep plugging on thru it.
hope that makes some sense and helps someone...