Tuesday, May 24, 2011

Certified Ethical Hacking?

The first reaction seems to be `isn't that an oxymoron?'

But no.  Oxymorons are words that don't belong together, like:
  • Microsoft Works
  • jumbo shrimp
  • military intelligence
  • congressional ethics
Certified Ethical Hacker is the name of a title that one earns, as well as numerous books and courses.  CEH is where one learns the tricks of the hackers so as to apply them to defense of the network.

In my case, my employer (the Twilight Zone<tm>) paid an awful lot of money send me to this course.  I've been there rather a long time and this is my first real course benefit.  Others would see this as the first time they let me out in ten years or so.

The company doing the teaching allows one to take the course in a number of ways, generally at their place.  Their place is generally a good idea, as trying to learn anything at all at work would be a near-impossible task, similar to dancing across a war zone, naked.

Unfortunately their place has two locations; each one more difficult to reach than the other.  Difficult may not be specific... let's just say that either requires over an hour's drive on a good day (for a twenty minute ride).  I allowed over an hour the first day, figuring that this was the most highly-trafficked route in the area.  Philly has done a tremendous job of ruining interstates, with both the turnpike and I-95 completely jammed by close to six hours of rush hour traffic daily.

Thinking I could outsmart the turnpike was, in review, rather stupid and naive.  Leaving over an hour for my trip did nothing but ensure that my drive would be frought with frustration.  In fact, the parking lot started over two miles from the actual exit.  We crept, ever so slowly, to the toll booth, where I inquired whether this was normal.  The nice lady taking the money said that contractors had closed some lanes so this wasn't normal.

Knowing that this Grand Journey taking over ninety minutes was not normal actually did nothing to make me feel any better.  I did almost hurt my neck due to shaking my head vigorously at the futility of it all.  Take the absolute busiest turnpike exit and close a few lanes here and there during rush hour - yeah, that's sheer genius.

I can't say enough about the staff, largely consisting of one stunningly attractive receptionist who got me in, seated, and situated in no time flat.  And off I went - learning.  To be truthful, it had absolutely nothing to do with the Otis Spunkmeier cookies, but they certainly helped.


Since it's just you and me, let me share something: it was roughly the early 1980's when I last parked my bottom in a classroom chair.  I never went to college (I couldn't pass the drinking exam) so I'm completely self-taught.

Years later I discovered I had Attention Deficit Disorder, which explained an awful lot.  It has also kept me from going back into the classroom until recently.  I just can't wait until the test for my certificate...

Boy was I pleasantly surprised.... the teacher was quite engaging, the material very interesting, and I somehow managed to keep my attention on the screen (large headphones covering my ears probably helped too).  The teacher was physically in San Antonio so technically I could have taken the course from anywhere.

Armed with that knowledge, I arranged to take the rest of the course from home.  I don't have any serious distractions and keep the room's door closed.  Thus far only the dog has stopped by to say hello.  This is a good way to learn (Marshall agrees).  I could also see this course being horrible if the teacher was boring.  Today's tornado probably didn't help either, although it missed by a few miles.


All of that aside, I am learning all sorts of new skills, none of which are particularly pleasant.  But the skills are very useful for network defense.  You would probably be shocked at the number of things hackers can do to your computer, some without even being near your computer.  I knew Windows wasn't exactly a secure operating system but some of this stuff is off the hook.  Another great reason to use linux (as if we needed one). 

Don't use wireless, while I'm pontificating.   WEP can be cracked in five minutes, WPA in about twenty.

We also learned about social engineering, starting with the phrase `there is no patch for human stupidity'.  This is truly the weakest link.  People are so generally helpful (or stupid) that they are your best shot for hacking, short of wide open systems.

I have refused to participate in electronic medical records, knowing what is in store (look at Sony).  This class made it worse.  Even the inevitable I told you so isn't going to make me feel better.

Caveat computor.


  1. My only wireless is my cell phone. It's only a dumb phone. It doesn't do Internet. It will do text, but the only text messages I get (about 3 times a month) are from the provider informing me that I can send text messages (which I don't.)

    My web browser ought to only be a dumb terminal capable of only displaying stuff that happens somewhere else. It doesn't flash.


  2. "there is no patch for human stupidity"
    Clever and oh-so-true!!
    Consider the advice on wireless taken.