Just my view on why CEH Certification is a complete load of rubbish... Lets just take a quick look at the EC - COUNCIL Legal Disclaimer as published on the CEH-Candidate-Handbook-v1.6 obtained on the 28/05/12 EC-Council (Disclosing Party) intends to make available or have made available to you (Receiving Party) certain proprietary and confidential information including but not limited to exam items in connection with EC-Council certification (Purpose), in accordance with the terms of this Confidentiality and Non-Disclosure Agreement (Agreement). Such information so provided to the Receiving Party whether provided before or after the date hereof and whether written or oral, together with all manuals, documents, memorandum, notes, analyses, forecasts and other materials prepared by Receiving Party or any of its affiliates or Representatives which contain or reflect, or are generated from, such information shall be collectively referred to herein as the "Confidential Information." Now lets just pause to consider what they are saying, what exactly do they mean by those two phrases - certain Proprietary and Confidential information. Well by reading on we discover more... The Receiving Party shall hold Disclosing Party's Confidential Information in strict confidence. <--- I see, so I may not mention in passing that you may be a festering child molester. Receiving Party further agrees not to disclose that they have received Confidential Information with-out the prior written consent of Disclosing Party. <--- Meaning that I have to ask for your permission first, talk about being patronised like a school child back in school "Please sir, may I?" Disclosing Party shall be deemed the owner of all Confidential Information <---Now it gets better as basically now they are monopolising on the word play, by implying that they own the exclusive rights to the hacking Software which they are making available as course content. ---> including all patent, copyright, trademark and other proprietary rights and interests therein <--- Ah-ha, so in a nutshell they are making the outlandish claim that they own the rights to any and all of the networking, hacking, security and programming tools contained therein. Receiving Party acknowledges and agrees that nothing contained in this Agreement shall be construed as (i) granting any rights in or to any Confidential Information or (ii) obligating either party to enter into an agreement regarding the Confidential Information, unless otherwise agreed to in writing. <--- Oh ho, so if I dont write I agree in big bold letters, then I can basically go right ahead and say "This agreement sucks!" Clearly by signing acceptance, you are opening yourself up to a world of hurt by endorsing and accepting their outlandish claim of ownership of Linux and most of the hacking material that is the proprietary property of other hackers and being Open Source then by definition that means its freely available to anyone who wants it. Furthermore by entering into such a legally binding contract obviously you would be prohibited from publishing any or all information about any vulnerabilities you discover whilst testing or fuzzing a third parties software for such vulnerabilities and would have to ask for permission like a school child going "please sir, may I disclose what I have discovered?" with the possibility of being told "no" whilst the Disclosing Party being the EC-Council could take exclusive credit for all your hard work and could very well make a quick buck off your back whilst doing so. Who in their right mind would agree to this? Secondly it goes on to further stipulate that you may not work for the EC-Council as a Pentester, Forensics Analyst or Certified Secure Programmer if you've ever had a brush with the Police or if you associate with Malicious Hackers, oh and you may not be party to any Underground hacking community for purposes of preaching and expanding black hat activities. Those statements are a grievous insult as it presumes every hacking community is maintained by black-hats, secondly why would you not want to associate with other Hackers good or bad? The bad ones could certainly teach you a few neat tricks that the good ones never get to hear about. I can think of a few bad hackers off the top of my head who've done hard time and then went on to publish a book and start their own security buisness. I myself would have to strongly disagree to the EC-Councils contention of such intention as in my humble opinion after reading such a carefully drafted legal disclaimer it is my firm affirmation that the EC-Council and its lawyers would appear to be smoking crack! All the bull you get to hear about, like how they want to rehabilitate offenders back into todays society and then you come across and read stuff from idiots like this that are openly biased towards rehabilitation of offenders in what people term, the so called, "unbiased equal opportunities employment sector." As far as Police go, yeah I would have to confess that I am known to them, I've been arrested more than once but less than twice, slipped my way out of handcuffs on some occasions and on less fortunate occasions even spent a few nights in the slammer, no convictions, a couple of county judgements, hence nothing they could prove, but funnily enough not for anything computer related, so why not try something a little more physical like 'Affray' and 'Robbery' co-insided with a few DUI && TDA's then you'd be on the right track. In fact me and Julian Assange have something in common, I too was once questioned about 'Rape' but they soon dismissed me as a suspect when it came to light that I was in point of fact sleeping with the Victim, I was not the scumbag who forced his way into her apartment and forced himself upon her. That was in point of fact some foreign dude in my country with no VISA and after she then found out that she had caught the clap from her ordeal that unfortunately brought my relationship with her to a very sudden and abrupt end as I had no desire to catch willy rot! Isnt it funny how the virtual world is so very much the same as the real world, in so much as once you become classed as a criminal and have your fingerprints along with your DNA taken, then as far as anyone else is concerned, in their eyes you'll always be a criminal and if people already consider you a criminal and presume to treat you as one then why bother trying to better yourself in an effort to change their opinion? Laughably the EC-Council preach "To catch a hacker, you need to think as one." yet from a quick glance at the EC-Council course content I see that whilst they're still using Back|Track 4, they've not taken the liberty of upgrading to 5 perhaps they would not like to register the fact there using it (Registration is NOW mandatory to obtain Revolution!) is it really that surprising when you reflect on the wording within that disclaimer? Furthermore if thats localised, ie: not being run from the CD-Rom and if you wanted root then you would simply boot an old copy of BT and chroot your way to root by directly editing the shadow-password file or you could even go so far as to directly edit the Grub2 config and delete all its entries and then it wont even load up, after all there is no encrypted LvM2 or password protected Grub2 on the default Back|Track what-so-ever. Security? Dont make me laugh by being preachy, what Security! :freak: That particular OS broadcasts its own hostname as BT all over the internet and somehow I doubt the ISP is so nieve as to believe that british telecom (also known as bt) has taken up residence on all there lines. If I came down there to one of there testing centers right now, I seriously ponder would the EC-Council be prepared to tell me I can't delete their default Grub2 entries (press E for edit and hit delete) or browse their local logical disks, because of course they took the precaution of using the low level on the fly encryption within the logical volume manager that utilizes the advanced encryption standard "oh hold on oops is that a feature missing from the back|track installer!?" maybe its because things like that and true-crypt make forensics investigators lives a living hell.:cuss: Of course they might want to argue that they've got nothing to hide. But if thats the case then whats with the bull about this information shall be collectively referred to herein as the "Confidential Information" what in gods name is so confidential about Back|Track? The metasploit primer? Last time I checked they didnt own the exclusive rights to it and niether does the EC-Council, H.D Moore over at Rapid7 does.:lipsrseal Oh well if it's so confidential, after all it would appear that over night and all of a sudden learning how to hack has suddenly become so increadibly confidential, then ask yourself why they do not preserve the confidentiality of your information with encryption? Perhaps it's because no one can ask google or search hacking forums as that would be considered making you a party to an Underground hacking community for purposes of "preaching and expanding black hat activities." Far be it from you the end user to go ask a fellow Ubuntu user, pick up a hacking e-book or watch a freely available tutorial on YouTube! Can anyone tell me exactly, what is the significance of having your default hostname setup as bt, is it supposed to inspire instant fear in your antagonist that your a back|track user, if so, all it signifies to other hackers is that you are someone who hasnt even figured out that his hard-disk is not even protected with an encryption scheme, that you have no kerberos in your Kernel, you have no Security Enhanced Linux and no grSecurity, in fact all you've got is Ubuntu AppArmor with Upstart for your apps and not so much as a rudimentry Firewall along with a nice collection of legally questionable hacking material on an un-hardened, un-encrypted and un-protected operating system. Are we thinking like hackers yet?