Hacking 101

[tangledlisa]

School Teaches 'Ethical Hacking' to Computer Students
29 minutes ago Add Technology - Reuters to My Yahoo!

By Ben Berkowitz

LOS ANGELES (Reuters) - Sporting long sideburns, a bushy goatee and black baseball cap, instructor Ralph Echemendia has a class of 15 buttoned-down corporate, academic and military leaders spellbound. The lesson: hacking.


The students huddled over laptops at a Los Angeles-area college have paid nearly $4,000 to attend "Hacker College," a computer boot camp designed to show how people will try to break into network systems -- and how they will succeed.

"It's an amazing thing how insecure the big corporations are," Echemendia said during a break in the weeklong seminar. "It's just amazing how easy it is."

Hackers are believed to cost global businesses billions of dollars every year, and the costs to defend against them are soaring. One study by Good Harbor Consulting showed that security now accounts for up to 12 percent of corporate technology budgets, up from 3 percent five years ago.

"This is definitely bleeding edge -- so bleeding edge in fact, sometimes, that it's frightening," said Loren Shirk, a student in the class at Mt. Sierra College who owns a small-business computer consulting company.

LICENSE TO HACK (NICELY)

The course prepares students for an exam offered by the International Council of E-Commerce Consultants, or EC-Council. If they pass that test, they get the ultimate seal of approval: Certified Ethical Hacker.

The class is by no means easy. Instructors race through topics like symmetric versus asymmetric key cryptography (symmetric is faster), war dialing (hackers will always call late at night) and well-known TCP ports and services (be wary of any activity on Port 0).

"I can definitely say it's not for everyone," said Ben Sookying, director of network security services for the California State University's 23-campus system and another student in this week's class. "If you don't have discipline, you won't make it through this course."

But the work is practical, too. On the first day, students were taught basic, free and legal research methods, mostly involving search engines and securities databases, so they could learn as much information as possible about companies, their executives and systems.

With relatively little effort, they found out that the chief executive of one public company maintained his own Web site dedicated to guitars, while another public company still uses a number of systems known to be easily exploited by hackers.

IT TAKES A THIEF

Intense School, the Florida-based company that runs the hacking boot camp, started off in 1997 with a $35,000 investment, teaching Microsoft and Cisco (news - web sites) software to systems engineers.

But after the Sept. 11, 2001, attacks on the World Trade Center and the Pentagon (news - web sites), the company expanded its focus to information security courses. It now offers around 200 classes a year, generating about $15 million in annual revenue.

"What we attempt to do in our classes is teach how the hackers think," said Dave Kaufman, president of Intense School. The only way to keep hackers out of major corporate systems, he said, is to know how they will be attacked in the first place.

Cal State's Sookying said, in his case, the problem is that the users of his systems know how to attack all too well.

"We teach students how to hack and how to code and here are the students applying what they've learned against us," he said.

[Lucifina]

Oh boy I get a kick out of this one..."Ethical Hacking" as if hacking could be considered ethical even if one is trying to protect themselves. I think the last statement summarizes it all, "We teach students how to hack and how to code and here are the students applying what they've learned against us." Hey, don't get me wrong, I want to learn it too, but I won't say I wouldn't use what I know. Hence, my amusement at the paradox/irony, etc of the choice of words.

[shifter]

Ah, the age old dilemma. How can we stop hackers if we do not know how they hack, yet how can we teach them without having them turn against us? Which is more preferable? I'm sure not everyone who takes a kung-fu course uses there new skills only for self defense. Some will be more dangerous criminals with a better ability to hurt and/or kill because of these class. Should we then ban kung-fu classes based on this same line of thinking?

[Jeff]

I don't have a problem with this. The more people are educated and aware of security issues, the better. The end result will be more secure applications and less, not more, hacking.

You have to remember that all companies manage risk. Nothing is hack-proof. They test to a level that they feel is "good enough" and then ship it. The difference between "good enough" and perfect represents the risk. If the data is very important (like banking information), we expect the developer to spend more time testing and taking "good enough" as near as possible to perfect. If the data is not so important (i.e. a personal blog) the testing doesn't need to be as rigorous. After all, who would cry if one one blog disappeared?

[CoxsackieVirus]

The government is very afraid of hackers.

-For unused or unwanted government computers.
First, they whipe the hard disk, then they fill its memory with 1010101... untill it reaches it limit, then they take it to the sledge hammer. They then break it into peaces and ship it to different parts or sell it to different countrys to be buried.


Hackers can be extreamly dangereouse with the right information. I think it is appororiate to train people to counter hack.

[David]

Quote:

quote:Originally posted by CoxsackieVirus

The government is very afraid of hackers.

-For unused or unwanted government computers.
First, they whipe the hard disk, then they fill its memory with 1010101... untill it reaches it limit, then they take it to the sledge hammer. They then break it into peaces and ship it to different parts or sell it to different countrys to be buried.

Uh, no dude. I don't know where the hell you got that retarded idea. I work for the US government, we format the drive and delete the partition. Then we either sell the HUD or throw it in the dumpster.

Oh, and 'filling the memory with 1010101' is called Low-Level formatting, we usually don't bother with that.

[Oreo]

I'd certainly like to learn a few hacking tricks just to test out my father's and mother's computer systems where they work. Then maybe find ways to secure the cracks so no one else does it...it sounds pretty cool. Maybe people who are afraid of computers could learn about them this way, because it seems a lot more fund than "Move your mouse to this icon and double click. Ok, good. Now right click." Instead it would be like...."Now move your cursor over here and type in this....Very Good! You've broken into the most sensitive documents. Great job Bill you have found your boss's medical records and they prove that he's a megilomaniac." Much more enticing...and you get to learn how the programs are put together....all together a pretty cool thing.

[m3rcy]

I wander what the requirements for this course are..
I would really like to attend one of these courses but I don't think they're here in new zealand
I also wonder what languages they teach. Seeing it is only a weeks course?