Sophos Cloud Optix
I love it when you receive a spam message that you just couldn’t make up. Yes, I woke up this morning to discover an invitation to attend an ethical hacking course for the low fee of just 3,000 Egyptian Pounds (~500 US Dollars).
What a bargain! I guess the first reason I paid attention at all was the use of the term ethical hacking. What is ethical hacking? Have I been doing it wrong all these years?
Is that like ethical accounting? Ethical plumbing? Now don’t get me wrong, I understand that for the vast majority of the unwashed masses the word hacker is pejorative, but if you were an actual hacker who wanted to teach me wouldn’t you know better?
Now I am sure my colleague Graham Cluley will pipe up in the comments to defend the negativity used in the media surrounding the term hacker, but to me it just ticks me off.
The best part of this email? It was sent to me by Shady Ahmed. If you are going to spam people claiming you offer ethical training, perhaps you should alter the random fake email address list to omit all references to Shady, Dodgy, Slippery, Adolph and Ahmadinejad.
Now if you really want to learn about hacking you are probably better off taking advantage of training from our non-spamming friends over at SANS.
Perhaps SEC 517: Cutting-Edge Hacking might be a good place to start.
This whole incident did remind me of the old gag from Mozilla’s bug-tracker about Honest Achmed’s Used Cars and Certificates applying to be a Certificate Authority in the Firefox browser.
Browse over and read it for a light-hearted laugh about the fragility of the certificate issuance business.
As for me? I’m proud to be a hacker and I will be signing up for an ethical hacking course just as soon as Honest Achmed and I get this certificate business off the ground…
A Senior security advisor that doesn't know the term "Ethical Hacking"?!?! I think Sophos needs a new security advisor! Preferrably one who knows security!! Eveer heard of the CEH? A very highly regarded certiification for security professionals.
This article has made me lose faith in the people at Sophos.
Apparently my tongue wasn't firmly enough planted in cheek. I know what it is, and I think it perpetuates two myths.
1. Hacking is criminal/evil/destructive. Labeling it ethical simply reinforces the negatives.
2. You can't teach people curiosity and innovation. You can't sell someone the hacker spirit or imagination.
We are all entitled to our opinions though, and I appreciate that yours differs from mine.
Chester, it was firmly planted for those of us that took the time to read the article, rather than glance over it. Well written, informative and amusing. Good job.
Chester, Having earned my CEH, this article certainly put a smile on my face today. “Guest” needs to lighten up!
CEH , And "Highly regarded" in the same sentence, thats a first. I think you need a new spell checker, preferably one that knows how to spell preferably.
Whatever next, You'll be describing ISC2 as professional and the CISSP as useful next.
This response has made me lose faith in guest posters.
(Tongue firmly in cheek… for the most part)
How convenient! I heard Shady Ahmed was looking for a job… 😛
It's priceless that somebody who considers the CEH to be a "highly regarded certification" is losing faith in Sophos.
The CEH is a laughable certification… I should know, I passed it quite a few years ago and it was full of questions that didn't have a correct answer and types everywhere. I don't even bother to list it on my business cards and/or profile.
http://www.northumbria.ac.uk/?view=CourseDetail&a…
it does exist
Amusing that in the prospectus of that course, the very goal of your four years of study is written in what would be air-quotes when speaking:
"As an ‘Ethical Hacker’ you will learn skills that will enable you to locate and strengthen security weaknesses in computer systems."
Would you take a medial degree which promised you could become a 'Doctor', or drive across a road bridge built by an 'Engineer' 🙂
This is perhaps the first hacker-related article I've fully agreed with in a long time, especially since I think the 'ethical' and 'white/black hat' labels are just plain daft.
The numerous 'ethical hacking' courses out there really miss the point. I'm a profesional and fairly competent hacker, but nowhere near as good as I aim to be, and that only came from dismantling, analysing and criticising stuff (mainly elrectronics) over the years, learning operating systems in depth over a long period, and eventually having the fortune to learn a much wider range of skills from excellent university lecturers. Intuition also plays a big part where security is concerned.
Decent hacking skills cannot come from crash courses and ready-made tools. Yes, those who pay for the courses could perform a standard pen test, but there'll be a thousand vulnerabilities they'll overlook.
I remember when the word "Hacking" or "Hack" meant "To spit up a dirty great loogie" to "Hack it up".
You Computer nerds steal all the kewl terms….lmao
Guess I will keep "Sarcastic" all to myself.
isn't hacking something that horsey people do in the countryside?
I thought it was something that happens to football players before they take a long-term sickness vacation to Madrid with a bruised ankle.
Okay I cannot take it anymore. While I enjoy and even recomend your articles on keeping things secure, please do your research on the Origins of the word Hacker and what it really means. Originally 'Hacker" was a term for pulling your systems apart, over clocking it, and just making it work better.
Over the years, media and movies and TV confused the term with "Cracking" Where one goes into the databases of the internet, and 'cracks" passwords. This is what most people refer to as Hacking these days, however, it is insanely wrong. People are confusing the two terms all the time and I simply have lost faith in the security IT and tech teams if they write articles without using the proper terms.
for proof: http://en.wikipedia.org/wiki/Hacker If you must write about someone circumventing the security of something, or in general with the same use please use the proper word which is "Cracker".
Ummm, I'm not sure where to start with how incorrect this is.
I understand your intent, and I think you are somehow confused about what I am saying.
Additionally your idea of the origin of the word hacker is about 40 years newer than the origin of the word.
Could I recommend you read Steven Levy's book Hackers (http://www.stevenlevy.com/index.php/books/hackers)?
Please read any decent (or, failing that, even a half-decent) book about the history and development of the English language.
Here are two very readable and accessible volumes you'll enjoy:
"Mother Tongue," by Bill Bryson.
"Made in America," by Bill Bryson.
And kindly cut out the insults if you intend to contribute here in future. Referring to Chester as "insanely wrong" because you have strong – and, if I may say so, misguided – opinions about the shades of meaning of a word he has used is unacceptable. Your use of the word "insanely" here can only be considered, in my opinion, to be insultingly pejorative.
Permit me to direct your attention to RFC 1392, from back in 1993 (http://tools.ietf.org/html/rfc1392).
hacker
A person who delights in having an intimate understanding of the
internal workings of a system, computers and computer networks in
particular. The term is often misused in a pejorative context,
where "cracker" would be the correct term. See also: cracker.
If you're going to use Wikipedia as a source, perhaps you ought to have picked this page (http://en.wikipedia.org/wiki/Hacker_(term)), which talks about the multiple uses of the term. According to this, while the use you speak of (overclocking, etc.) dates back to the 70's, the use of hacker in RFC 1392's sense dates back to the 60's.
People in glass houses. . .
I find refernce to two films can do far more to resolve the point of contention here ….
Wargames and Hackers.
I rest my case
Zero Cool
Lol – People take this far to seriously !
FYI Shady is actually a name and it is very common in Arabic speaking countries ….
Ah Achmed … I thought he was long gone …
www.youtube.com/watch?v=1uwOL4rB-go
Also worth a laugh, also quite shady.
OJ.
Wikipedia? Really, a page put together by anyone who wants to type something? Come on, at least reference a legitimate source of information.
“Hacking” in the computer context has some or all of the meanings above. I tend not to use the word–in its various forms–due to its Boston (MA, USA) street slang meaning from the mid 1950s–when I encountered it–and I think long before.
watever, I suspected initially that “Shady” is a real name–and probably not pronounced as Chester pretended to think of it.
And, sorry, but my mental picture of “Guest” (first above) has him sitting in a proper London club looking down on us lesser beings.
–John
Ha! Cracker…in the ever evolving english slang-uage has yet another meaning.
Hacker = Programmer that ‘hacks’ away on his keyboard, a little bit later one who ‘hacked’ his way into DB over the phone lines using a modem to do mischievous and nefarious things… …
cracker = someone who removes the copy-protection on software (mostly games)…
^^ that is what it was in the early 1980’s….
in the 1990’s somehow those terms got jumbled…
😉
Boris, that is how I understood the terms at my age, that going back before the birth of the PC .
https://www.facebook.com/shadyahmedfanpage