Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   EC-Council Rant @ worthless CEH (http://www.go4expert.com/forums/ec-council-rant-worthless-ceh-t28472/)

node21 29May2012 15:54

EC-Council Rant @ worthless CEH
Just my view on why CEH Certification is a complete load of rubbish...

Lets just take a quick look at the EC - COUNCIL Legal Disclaimer as published on the CEH-Candidate-Handbook-v1.6 obtained on the 28/05/12

EC-Council (Disclosing Party) intends to make available or have made available to you (Receiving Party) certain proprietary and confidential information including but not limited to exam items in connection with EC-Council certification (Purpose), in accordance with the terms of this Confidentiality and Non-Disclosure Agreement (Agreement). Such information so provided to the Receiving Party whether provided before or after the date hereof and whether written or oral, together with all manuals, documents, memorandum, notes, analyses, forecasts and other materials prepared by Receiving Party or any of its affiliates or Representatives which contain or reflect, or are generated from, such information shall be collectively referred to herein as the "Confidential Information."

Now lets just pause to consider what they are saying, what exactly do they mean by those two phrases - certain Proprietary and Confidential information. Well by reading on we discover more...

The Receiving Party shall hold Disclosing Party's Confidential Information in strict confidence. <--- I see, so I may not mention in passing that you may be a festering child molester.

Receiving Party further agrees not to disclose that they have received Confidential Information with-out the prior written consent of Disclosing Party. <--- Meaning that I have to ask for your permission first, talk about being patronised like a school child back in school "Please sir, may I?"

Disclosing Party shall be deemed the owner of all Confidential Information <---Now it gets better as basically now they are monopolising on the word play, by implying that they own the exclusive rights to the hacking Software which they are making available as course content.

---> including all patent, copyright, trademark and other proprietary rights and interests therein <--- Ah-ha, so in a nutshell they are making the outlandish claim that they own the rights to any and all of the networking, hacking, security and programming tools contained therein.

Receiving Party acknowledges and agrees that nothing contained in this Agreement shall be construed as (i) granting any rights in or to any Confidential Information or (ii) obligating either party to enter into an agreement regarding the Confidential Information, unless otherwise agreed to in writing. <--- Oh ho, so if I dont write I agree in big bold letters, then I can basically go right ahead and say "This agreement sucks!"

Clearly by signing acceptance, you are opening yourself up to a world of hurt by endorsing and accepting their outlandish claim of ownership of Linux and most of the hacking material that is the proprietary property of other hackers and being Open Source then by definition that means its freely available to anyone who wants it.

Furthermore by entering into such a legally binding contract obviously you would be prohibited from publishing any or all information about any vulnerabilities you discover whilst testing or fuzzing a third parties software for such vulnerabilities and would have to ask for permission like a school child going "please sir, may I disclose what I have discovered?" with the possibility of being told "no" whilst the Disclosing Party being the EC-Council could take exclusive credit for all your hard work and could very well make a quick buck off your back whilst doing so.

Who in their right mind would agree to this? Secondly it goes on to further stipulate that you may not work for the EC-Council as a Pentester, Forensics Analyst or Certified Secure Programmer if you've ever had a brush with the Police or if you associate with Malicious Hackers, oh and you may not be party to any Underground hacking community for purposes of preaching and expanding black hat activities.

Those statements are a grievous insult as it presumes every hacking community is maintained by black-hats, secondly why would you not want to associate with other Hackers good or bad? The bad ones could certainly teach you a few neat tricks that the good ones never get to hear about. I can think of a few bad hackers off the top of my head who've done hard time and then went on to publish a book and start their own security buisness.

I myself would have to strongly disagree to the EC-Councils contention of such intention as in my humble opinion after reading such a carefully drafted legal disclaimer it is my firm affirmation that the EC-Council and its lawyers would appear to be smoking crack!

All the bull you get to hear about, like how they want to rehabilitate offenders back into todays society and then you come across and read stuff from idiots like this that are openly biased towards rehabilitation of offenders in what people term, the so called, "unbiased equal opportunities employment sector."

As far as Police go, yeah I would have to confess that I am known to them, I've been arrested more than once but less than twice, slipped my way out of handcuffs on some occasions and on less fortunate occasions even spent a few nights in the slammer, no convictions, a couple of county judgements, hence nothing they could prove, but funnily enough not for anything computer related, so why not try something a little more physical like 'Affray' and 'Robbery' co-insided with a few DUI && TDA's then you'd be on the right track.

In fact me and Julian Assange have something in common, I too was once questioned about 'Rape' but they soon dismissed me as a suspect when it came to light that I was in point of fact sleeping with the Victim, I was not the scumbag who forced his way into her apartment and forced himself upon her. That was in point of fact some foreign dude in my country with no VISA and after she then found out that she had caught the clap from her ordeal that unfortunately brought my relationship with her to a very sudden and abrupt end as I had no desire to catch willy rot!

Isnt it funny how the virtual world is so very much the same as the real world, in so much as once you become classed as a criminal and have your fingerprints along with your DNA taken, then as far as anyone else is concerned, in their eyes you'll always be a criminal and if people already consider you a criminal and presume to treat you as one then why bother trying to better yourself in an effort to change their opinion?

Laughably the EC-Council preach "To catch a hacker, you need to think as one." yet from a quick glance at the EC-Council course content I see that whilst they're still using Back|Track 4, they've not taken the liberty of upgrading to 5 perhaps they would not like to register the fact there using it (Registration is NOW mandatory to obtain Revolution!) is it really that surprising when you reflect on the wording within that disclaimer?

Furthermore if thats localised, ie: not being run from the CD-Rom and if you wanted root then you would simply boot an old copy of BT and chroot your way to root by directly editing the shadow-password file or you could even go so far as to directly edit the Grub2 config and delete all its entries and then it wont even load up, after all there is no encrypted LvM2 or password protected Grub2 on the default Back|Track what-so-ever. Security? Dont make me laugh by being preachy, what Security! :freak:

That particular OS broadcasts its own hostname as BT all over the internet and somehow I doubt the ISP is so nieve as to believe that british telecom (also known as bt) has taken up residence on all there lines.

If I came down there to one of there testing centers right now, I seriously ponder would the EC-Council be prepared to tell me I can't delete their default Grub2 entries (press E for edit and hit delete) or browse their local logical disks, because of course they took the precaution of using the low level on the fly encryption within the logical volume manager that utilizes the advanced encryption standard "oh hold on oops is that a feature missing from the back|track installer!?" maybe its because things like that and true-crypt make forensics investigators lives a living hell.:cuss:

Of course they might want to argue that they've got nothing to hide. But if thats the case then whats with the bull about this information shall be collectively referred to herein as the "Confidential Information" what in gods name is so confidential about Back|Track? The metasploit primer? Last time I checked they didnt own the exclusive rights to it and niether does the EC-Council, H.D Moore over at Rapid7 does.:lipsrseal

Oh well if it's so confidential, after all it would appear that over night and all of a sudden learning how to hack has suddenly become so increadibly confidential, then ask yourself why they do not preserve the confidentiality of your information with encryption? Perhaps it's because no one can ask google or search hacking forums as that would be considered making you a party to an Underground hacking community for purposes of "preaching and expanding black hat activities." Far be it from you the end user to go ask a fellow Ubuntu user, pick up a hacking e-book or watch a freely available tutorial on YouTube!

Can anyone tell me exactly, what is the significance of having your default hostname setup as bt, is it supposed to inspire instant fear in your antagonist that your a back|track user, if so, all it signifies to other hackers is that you are someone who hasnt even figured out that his hard-disk is not even protected with an encryption scheme, that you have no kerberos in your Kernel, you have no Security Enhanced Linux and no grSecurity, in fact all you've got is Ubuntu AppArmor with Upstart for your apps and not so much as a rudimentry Firewall along with a nice collection of legally questionable hacking material on an un-hardened, un-encrypted and un-protected operating system.

Are we thinking like hackers yet?

Alex.Gabriel 30May2012 00:30

Re: EC-Council Rant @ worthless CEH
I had no time to read all the article but i got the ideea. Now my question is :
Why do you need this course anyway ? In this world few people make something with hacking capabilityes. Many kids do lose some years (2-3-4) making something they like , like hacking websites then they get different scripts ... find bugs , post them as vulns with theyr name on report with many thanks to all the peoples from his city ....
The point of this bla bla bla is that you can't get a job in IT with a certificate released that some peoples who use backtrack and not some private tools like google have (Google uses theyr own hardware). I can't teach you how to ping a server then you have to stay silent when you find a bug in ping. Hacking is gone now ... prevention is on top.
Few friends of mine have entered on some NASA servers .. what did they get ? 100.000 $ to pay and few years of jail .
I have read some articles about FBI's intentions to sniff some of the largest networks around the world. Do you think that you will be able to write *I want to hack* on public ? Never ever.

Are we thinking like hackers yet?

node21 31May2012 13:23

Re: EC-Council Rant @ worthless CEH
Allow me to share my setup, this little blackbox is a PS2 (Fat Version) running Black Rhino Linux for the Sony Playstation 2 it has a 320GB HDD behind this tiny network adapter and it is plugged directly into the back of this AMD on the eth0 Port, It's primary purpose is to serve the kdadmind and kdc server to the Loopback Address of our solitary loopbacked stand alone machine on a reverse parallel DNS os If your going to access the network from this machine then I would recommend using the Prism54 Wireless Adapter that has been built into the US Robotics PCI to PCI host bridge with its 250GB through put as it utilises its own PKI encryption keys. I always struggle to understand why in a day and age that everything is wireless people still insist on CAT5 for all there networking tasks when WiFi makes that Job that little bit so much easier. Once you have your encrypted transport layer for the kernel then encrypting the protocol itself with TCPCRYPT and setting up fakearpd to keep a watchful eye on your solitary network cable talking to the little black box really does become a breeze. Show me another setup anywhere in the world where you have Kerberos talking to itself with a reverse HTTP proxy and I'll eat my hat. Are we thinking like hackers yet?

node21 31May2012 17:27

Re: EC-Council Rant @ worthless CEH
I kind of have to agree with your sentiments. But these guys selling the security course only cover aspects of it that suit people that want to abuse that level of trust, Forensics investigations, so you can peal someones copy of windows open like an onion stripping away the layers of their private lives. Read their correspondance, basically be as intrusive as you want and just class it as the ethical approach. They're only in it for the money they're making teaching complete neopyhytes about some rudiementry hacking basics. Want a computer security course? Try me, I would tell you want you want to know for free, would not charge you 20'000 to get accredited and hand you a shiny certificate of excellence. Why the TCPCRYPT ontop of the already 3DES encrypted Kerberos.. well that throws AES ito the mix so now the protocol goes AES+3DES have to marvel that at one time Kerberos was banned as auxilery military technology.. Best shut up, it might be proprietary information. LOL

Alex.Gabriel 31May2012 21:59

Re: EC-Council Rant @ worthless CEH
Well in theyr case it is about the money, some peoples have learned to use BackTrack and other tools and now they want to take your money for that. You will learn shortly to use them and you have pay some nice prices for that.

All times are GMT +5.5. The time now is 14:20.