White hat hacker carrer

[moonlit]

There's no difference between black hat and white hat other than how you apply the knowledge you obtain.

Will you use it to patch and secure systems? Will you sell it? Will you become a hired hitman? Will you become a security researcher who has close ties with major security firms?

All this [colour]hat stuff is actually quite irritating, it's superfluous and just adds another layer of pointless labels. We didn't need them before, why do we now? Both have the same knowledge and tools at their disposal, it's just the way they're used that makes a difference.

[MRGRIM]

Good vs Evil

[metatron]

There's no difference between black hat and white hat other than how you apply the knowledge you obtain.

Will you use it to patch and secure systems? Will you sell it? Will you become a hired hitman? Will you become a security researcher who has close ties with major security firms?

All this [colour]hat stuff is actually quite irritating, it's superfluous and just adds another layer of pointless labels. We didn't need them before, why do we now? Both have the same knowledge and tools at their disposal, it's just the way they're used that makes a difference.

I don't know I'd say there was no white hat hackers just security professionals. Black Hats FTW!!!!

[StarchyPizza]

haha yeah but there are labels all around the world that we have to deal with...

but either way they all mean the same thing weather you want to own people, or help people its still the same knowledge

[VaKo]

I don't especially want to help or pwn people, I'm just curious and have no respect for the law. So i'm not quite sure where that places me.

[StarchyPizza]

I'm guessing black hat but do you actually "hack" into other systems to get your items or just download them from websites

[VaKo]

I'm guessing black hat but do you actually "hack" into other systems to get your items or just download them from websites

I just look for lapses in others security arrangements and exploit them

[StarchyPizza]

Well as long as you aren't sniffing their packets or reviewing past sites for useful info such as credit cards and social numbers then i guess it's like grey because its showing their weakness, but still breaching

[snakey]

FORGET HATS . Who gives a fuck do what you think is ok. Dont worry about your hat or what some with a hat says you can or cannot do. i have a nice billabong hat maybe you could have that to use?

[cabster21]

Old thread but hey... I was looking around Uni's the other day, as I'm thinking about going back. I started Computing for Intelligent Systems back in 2005; there were not enough people so they killed the course off... But like said all that separated me from someone doing Graphics and Animation was maybe 2 modules. My main lecturer was a mathematician, openly admitting he had no interest in computers, and had his last PC for 6 years. The course was also largely based around Java.

Anyway, I noticed this as I found it funny actually having hack in the title BSc (Hons) Ethical Hacking & Countermeasures, so I'm sure there are similar courses around the world, this is what the course covers:

What you study

Stage 1

Computer hardware and networking; computer programming; basic computer hacking ethics.

Stage 2

Further study of computers and networks and ethical hacking.

Stage 3

Computer networking; Linux Networks; Project Management & Team Working; Ethical Computer Hacking; Professional Development.

Stage 4

Network Management; Mobile Phone Technology; Penetration Testing; Forensic Computing; Industrial Group Project.

My little advice would be to look at what job you realistically think you would like to do, then visit a few job sites, or companies like oil or something. Just so you can see what they require, then look what course best suits you. Or rather their needs. They usually list something, even if it is just lotus notes

[StarchyPizza]

Well I've been looking into system administration

i've also been looking at colleges in new york and found a few

i still have 1 one year of high school as i am in my junior year

so i still have some thinking time

[fuyukitsune]

Barettas are neat, but 45s are more lethal. But why bother with a side-arm? Go straight to the MP-5 and hollow point bullets.

3-round burst + hollow point bullets = you without a face _{man I'm demented}

But, if you want a hacker school, do a computer science/C++ course. If it's a "disfunctional parent's guide to computers" get out! Go for C++. I'm in a technical, computer science school, so I'm going to learn C++. Plus, I'm mentoring under a hacker at school (he's good), so I'm set, learning-wise. Maybe you need a hacker mentor.

[Ingo]

Don't fight over the color of hats. Let's face it grey hats have most fun ;)

[stingwray]

Well I think its time for my 2 pence.

Degrees are only worth something if you attend a good university which runs a good course. Unfortunatly University and Degrees have been heavily polluted in England by our government wanting 50% of people to go to university and get a degree.

The second thing you have to realize is that a degree will not teach you lots of knowledge, it will introduce you to a lot of things and it will teach you lots of skills. Part of getting a degree is so you can say to future employers, "Look I can work and motivated myself as well have a good core set of skills."

Thirdly and specifically on Computer Science courses, nearly all proper university courses are very very academic, also what you are taught and the quality of what you are taught depends on what research the university has going on. Which also leads in this point, Computer Security is extremely neglected in university, because people who do research in it can't get much funding to do it at university and so its not taught, vicious circle. Things are changing, but very very slowly, considering how important and currently overlooked computer security is.

So should you do a Computer Science degree, my advice is yes, if you can at a good university, go for it. Having it in your back pocket will open a lot more doors, especially if you want to working at big institutions.

All my security related knowledge is self taught and many companies have liked that about myself and so I don't feel for me that its necessary to take any other courses to prove what I can do, but that's because I've got the degree. If you don't have that then you may want to look at that route.

Experience is a big big plus, and it doesn't have to be in security, something computing/IT related will be just as good and how the majority of people who work in computer security start. As Vako said, being a SysAdmin is a good route as you will work with the security tools. If you haven't got experience then have something to so, a portfolio is a great way to show yourself off. If you don't program then you might think that its hard to get this, but then talk about some solutions that you have come up with and have reports and diagrams.

As for computer forensics, in my previous experiences people who work in those areas know less about computers than average joe, with all the real work being done by a tool created by a company which spits out a report that the 'interpret' usually in the wrong way.

Wow that's quite a long ramble, in short: There's is no such thing as a free lunch.

[C0DEM0NKEY]

Also if you want to learn about hacking the best advice is to set up your own computer lab to set up & test the security of each configuration. Not cheap but at least it would land you in jail. Best way to achieve this is collect hardware from people who think it's completely b0rked when it's not. Next step is to set up a few with some varying security levels on them. You can then test any tool on them or preferably write your own tools. Also it's cool so long as everything stays within your lab. Since you own all of the hardware no laws are broken if you break the security on them. The best part is the hardware was free.

Seriously Computer science is a misnomer & Computer forensics is not only about computer fraud. It's also about catching Pedobear with Kiddy Pr0ns on his computer to use as evidence againster him in court.

Yes Computers basically use alot of math & science because they are made with alot of math & science. They are programmed with math & science in mind especially since all they understand is binary, octal, hexadecimal, duotrigesimal (base 32) , and finally quadrosexagesimal ( base 64). It's all in knowing that computers only understand base number systems with the power of 2 as a common factor.

Side note on Guns there is a new Smith & wesson with a compensator in the barrel very nice big handgun with very little recoil which means better aiming. I prefer to use the right weapon for the job. For example use a rifle for long distance a dagger or Wakizashi and for high noon a goold ole revolver.

[aeturnus]

I'm guessing black hat but do you actually "hack" into other systems to get your items or just download them from websites

I think this is the fundamental difference between a Computer Scientist in the security field and a sysadmin who wants to play himself off as knowing something.

If you want to be able to find new things and then write the tool that other people can download and use, go the Computer Science route. It'll give you a good theoretical background on a lot of topics. This will be helpful when you finally sit down to begin your security research and you're just able to understand how the things work since you've seen it before in a different context.

Echoing a lot of what stringwray said: Universities teaching Computer Science are very academic and theoretical. This is a good thing, this is what you want. But you also want to have that drive to learn the practical stuff on your own. At my university, this is what is sort of expected of you as the practical stuff is easy enough for anyone to pick up, so they don't bother teaching it.

There are universities with offensive and defensive network and computer security courses as well. And in these classes you'll learn lots of practical attacks against systems, but more importantly you'll learn the theory that make them work. You want the theory rather than the practical so you can apply the solutions to similar problems later. The university courses I took like this were a lot more educational and practical than any of the vendor courses I've since received (Black hat training and so forth).

In contrast, it's my understanding from speaking with others in the security field and friends with this background, that the sysadmin approach will give you a very practical experience with no theory. Generally these seem to be the kinds of guys that use phrases like "think like an attacker" (which, if you follow the typical security mailing lists, you'll get the absurdity reference).

Like anything though, if you work at it hard enough you'll learn it and get good with it. I'd hire a willing learner over an apathetic, experienced guy any day.

[Apache]

On Hats:

I personally don't think there is such think as a hat when it comes to hacking. The whole hats thing was to merge the true terms of "hacking" and "cracking" with the publics misguided use of the word "hacker". There is a line which people do choose to cross but it's not a line from white hat to black hat hacking, it's a line from hacking to cracking.

I think the whole hats thing paints the wrong picture as well because every "white hat hacker" is actually grey, they need to be to do their job. Every "black hat hacker" is grey, no-one that is competent and intellectual enough to be able to confidently call themselves pure black hat is either lying about their "skillz" or is lying about how they got to that stage.

You'll find most people who call themselves black hat are 12 years old and have just downloaded Back Orifice or Subseven. Equally so, anyone who calls themselves pure white hat is painting a far more rosier picture of themselves than is true.

A hackers only crime is curiosity, but it's that curiosity that tarnishes the white in us all.

On Courses:

I'm currently doing a BSc (Hons) in Computer Network Technology at Uni in the UK. It teaches mainly networking skills and it majorly a team based and group led course. I'm doing this course to go on for an MSc in Advanced Computing which will give a head start into Next Gen hardware and software, various security procedures and a lot of other things but the course isn't fully written yet. Endgame is either Sys Admin or carry on my PGCE and become an IT Teacher full time although I'm less enthusiastic about that.

Another route I could have gone down which is separate to Computer Forensics previously mentioned in this thread - which I understand to be mainly working with law enforcement, obtaining evidence on paedophiles and physical computer forensics for instance if a bank manager was arrested for embezzlement or a terrorist cell was uncovered with hardware still intact etc. - would be Information Security which is really the area in which "white hatting" is mainly associated. Information Security is the production of new encryption techniques, stress testing of security measures, investigation of illegal activity and works more with the software than the hardware, unlike Computer Forensics. Most of the highest paid jobs within IS in the UK are within the government and specifically, the MoD, I do have a contact if you would like some more information although it may take a while to get anything from him, he's notoriously difficult to sit down and actually talk to although a good quality bottle of Port and a few hours on WoW should give me at least 20 minutes to extract some information from him.

Speciality: Closest Course

Security (Hardware): Computer Forensics

Security (Software): Information Security

Networks: Computer Network Technology

Development (Hardware): Computer Science

Development (Games): Computer Games Technology

Development (Software): Microsoft Certified "LANGUAGE" Course

Administration: Pure Computing Degree

There's loads of others as well but they are the basics.

My Advice:

You say you are only 16. My advice to you would be, for now, to be a 16 year old. Don't worry about your lifelong career just yet. Study hard and get good grades in A Levels or take a computer based college course like a BTEC or HNC/D (A preferred route, A Levels are too broad and often lead to difficulties in your first year at Uni). Take a couple of years out before going to University. Whilst at college, talk to the Sys Admins there, you can very often get a job with them helping with imaging or college-wide hardware upgrades where they need as many hands on deck as they can (although this is done over summer/christmas breaks so make sure if you do ask that you are available.) If you are clued in and enthusiastic they will often help you out.

In the break between college and Uni I would then seriously think about what I wanted to do. Read up on different courses in your area, be prepared to travel to get the right course. Give yourself at least a year to get a clear idea because all the time you are in Uni you are accruing debt. This is easily paid off but can be very costly to you if you choose the wrong course or lose passion half way through and flunk for a year. It'll also put you behind the game and you'll have to begin at square one.

One very important thing you should work on and think about from now though, and I know I'm gonna sound really anal here... spelling, grammar and punctuation. You must have seen it yourself in the past, no-one takes notice of someone on a forum no matter how sincere they are if their message reads "yO bouyZ..... HOW DUZ I LYK HAK MY GFS MSN???!!1111". I know that doesn't apply to you but simple things like misspelling "career" in the title to the post make you sound less clued in and enthusiastic about what you are asking. A lot of this is just me being completely anally retentive after teaching in a high school but it surprising how much difference it does make in life. First impressions are the most important impressions you'll make and online/in writing, bad spelling is like walking into a job interview with an open bottle of vodka and a lit fag. Not the right impression to give.