Hacker Boot Camp 161
abb_road writes "Business Week sent a reporter to TechTrain's ethical hacker training camp, where, for $4,300, participants spend five days working towards ICECC's 'Ethical Hacker Certification.' The camp serves companies' increasing needs for home-grown white hats, and covers topics ranging from the non-technical (social engineering and policy creation) to code-level attacks (buffer overflows and sql injections). The tuition seems a bit steep for materials that, as the article notes, are 'freely available over the web'--but where else can you play hacking capture the flag?"
Institute To Blow Smoke Into Uncomfortable Places (Score:5, Informative)
I recommend they switch to "Important-Sounding Portal Site of Certified E-Clipart and Buzzwords". Gah. That site isn't just an eyesore; it's a brainsore. Basically, you send them money, they send you off to a third-party training course, throw you in a database and give you some logos and certificates with important-sounding words. Oh, and you'll be certified. It'll take your resume to the next level (where, presumably, we can find our princess.)
Ah, but now to the meat of the matter--the legal disclaimer!
l) Educational Licenses, Accreditation, and State Sanction. The ICECC does not claim to be a college or university nor does it claim accreditation from any 501 bodies, state, or federal government agency or body. The ICECC is not a 501c3 organization and never has claimed to be a tax free or charitable entity. The ICECC may engage in business with charitable organizations or form alliances with charities that operate under 501 but the ICECC operates as a responsible, growing, proprietary, growth oriented, and profit oriented association and company. The ICECC is an independent authority similar to other American Associations. The ICECC grants certificates, certifications, marks, designations, and charters much like hundreds of other legal educational and recognition institutes or associations in the United States. The ICECC strictly follows the criteria of the Ibanez decision in the United States. We encourage all members and certified members to meet all requirements for education, experience, testing, ethics, and continuing education. The ICECC licenses its marks and logos to others. The marks are generally licensed to individuals. The ICECC will license the CEC and other marks and logos to companies, universities, or other uses upon the consent of its board. The ICECC outsourses to other companies for training and education that is provided online. The ICECC does not collect money for the courses, provide the service, teach the class, enter into a contract with the student. THe company providing the education and training is simply using our site as a distribution point. THe ICECC may receive a referral fee, rebate, revenue share, or other payments for providing the website that afforded the sale of the service to the customer. In sum, you accept that we are not responsible for the performance of any education or training contract. We do not hold any of your private information that you submitted to the training, course, or education provider although directory infomation may be exchanged. This information is limited to email address, phone number, name, employer, educational degrees and background. [emphasis mine]
Makes ya feel all edjumicated already, dunnit?
Of course, all the above is moot; it fails the sniff test (twice, no less!) on its home page:
Don't forget to bookmark us! (CTRL-D)
Trust me, I didn't forget.
ALARMING LAPSES. And here's what may be the scariest part: to be a hacker, you don't even have to be a hardcore techie or particularly good at writing code. Take me, for instance. I'm an English major who hasn't written a line of code since third grade when I wrote a BASIC program that quizzed you on state capitals. Camp got started at 9 a.m., and within an hour, I was hacking into fictional banks' Microsoft databases and retrieving credit card numbers.
It's a matter of knowing tricks and what to look for. For instance, the default Microsoft database user name is "SA" and there's no default password. An alarming number of administrators never change these settings, so once hackers get into a system, they often try this first -- successful
Re:What are the entry requirements? (Score:3, Informative)
They have to be gainfully employed in the security field and must sign waivers saying they won't use these tricks for ill. For more sophisticated classes there are background and criminal checks.
Been there done that (Score:5, Informative)
Now I was stuck in a room full of MS and MCSE zombies who did not know the difference between
a TCP and UDP packet. Just listening to the students talk I could feel the grey matter being sucked from my head....sort of like a high school student sitting in on a first grade class.
"Hacking" exercises... (Score:5, Informative)
Although we are currently working on a new version of the site (dubbed "HTSv4"), the current place still has plenty of opportunities to gain knowledge in (ethical and legal) areas of computer security, such as XSS injection, SQL injection, buffer overflows, programming, and countless of other topics--all through personal experience with the "missions" on the site.
I think it is very important for people who are going into computer development of any kind to be aware of these issues. Personal experience and skill in computer security can only be beneficial, and will teach one to code applications that are capable of defense from outside intrusion.
Re:"Hacking" exercises... (Score:2, Informative)
Re:What are the entry requirements? (Score:3, Informative)
Instead of going with that company I would recommend either EC-Council [eccouncil.org] or Vigilar/IntenseSchools [vigilar.com] for your CEH training needs.
I attended Vigilar's CISSP Boot Camp (Larry Greenblatt was the instructor) and had a very good experience. Passed the test the first time. They strictly adhere to the Code of Ethics of the various certification organizations and their NDAs. They will not tell you what's on the test like certain MS training camps.
You left out the best part! (Score:3, Informative)
all with links.
Further still, you get
Each one of those is a link, and every single one of them to the same domain.
This is a spammer site, and every page on the site has a footer labeled "links and sponsorship," also filled with spam links. I feel really bad for the poor suckers who wind up giving them money.
Also from their TOS:
The whole organization is a joke.
Re:What are the entry requirements? (Score:3, Informative)
I want to make sure that whenever I save a file it goes extremely slowly and show's me every percent along the way.
Those should be avoided. Prolonged exposure to the loud suspenseful music that accompanies just-in-the-nick-of-time saving has been shown to be harmful to your hearing.
Re:Institute To Blow Smoke Into Uncomfortable Plac (Score:3, Informative)
The submitter has put in the wrong website - The CEH site is at http://www.eccouncil.org/CEH.htm [eccouncil.org]
It is a penetration testing certification for people who can't do penetration testing.
I took the class (Score:3, Informative)
It was a chance to play with a lot of nasty stuff on machines that were there for the purpose of breaking in a controlled environment.
The biggest positive was that someone sent two PHBs to the class to see if it was worth sending techs - they got to see first hand what was out there, what the risks were and ways to help their guys secure their networks. Nothing like people seeing for themselves what their staff is up against.