But that I think is just a fallacy of education as a whole. Think about it.
Did you use exactly what you learned in college in your first job? Or did you
have to learn on the job? Most people learn on the job. That's why in most
books they have you test, or at least I would hope they have you test, on a
noncritical, hopefully a test, network. I didn't learn security that way.
Hey I learned COBOL, and FORTH. You know how many times I get to use that
stuff? Try once in my carreer, for less than a day.
Remember people always have to start someplace.
--- David Gillett <gillettdavid@fhda.edu> wrote:
-----Original Message-----
From: Shawn Duffy [mailto:shawnduffy@gmail.com]
What many people fail to recognize is that if you get into this in an
effort to "learn how to hack", you're not going to get very far. This
isn't about learning how to compromise systems, per se, it is about
learning the technology behind it all. If you simply want to know how
to "hack", you may end up being no better than a script kiddy... If
you want to really succeed and differentiate yourself from the
kiddies, learn the technology. When you learn the technology, you
will learn how it works and how to break it.
I've seen an awful lot of exploit descriptions from folks who very
clearly had no idea how the system/technology being exploited was
designed to work, kind of the "let's see what happens if we press
this button" school of system exploration. That's bad for anybody
who aspires to be a White Hat (ethical), because it risks breaking
things unintentionally. And it's bad for Black Hats because it tends
to leave a fairly obvious trail of failed attempts....
On the flip side, though, well-built products are supposed to be
thoroughly tested by folks who DO understand the design, before their
released into the world. Experience suggests that the ignorant (I'm
not being derogatory here, just factual) approach pretty regularly
uncovers flaws in areas that were incorrectly or incompletely specified
in the design. The vulnerability is triggered by doing something that
nobody who understood the design would ever think to do!
I would say that your goal should be to achieve a deep, expert
understanding of the systems whose security you want to study -- but
it may be counterproductive to put off starting to study until you have
achieved that level of understanding.
Dave Gillett
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
