I have not been blogging since the CEH exam. I guess my brain was expanding with all the information and now that it has time to deflate a bit I have been able to catch up on the news in IT Security. I also conducted a presentation in Mexico City which was demonstrating the dangers of Social Networks to your privacy and also to your children. It was a great experience and I am looking forward to doing another one in the near future.
I feel it is extremely important for anyone who users a computer to have access to the information regarding how they can protect themselves online. It is not just about having the anti-virus software or the operating system updates anymore, attackers are choosing popular channels of communication such as Facebook and LinkedIn to get into your system.
So safety is all about how much you know about the threats and how you mitigate against them. When you have the training and have been taught to think like an attacker you learn the ways to counter-attack or block those actions. But it is a constant battle and training in IT is like training in a dojo to get your gradings for the next belt. You could think of each certification as another notch on the belt or another colour on your way to being blackbelt. But even when you get to that level, blackbelts know that they are just really beginning to understand their art are then learning on how they can adapt that knowledge and apply it in real life. Anyone who has read “The Tao of Jeet Kune Do” by Bruce Lee will know what I am talking about. You have to first fill the cup before you learn how to empty it. I really like this analogy of having “no way as way” but you have to learn a lot of information before you get there.
So Ethical Hackers are learning “the way” and then they have to learn the “no way” method to really start to think like an attacker. A Black Hat is not limited to ethics, resources or time and is not sitting down writing a 50 page report for a client who needs a Penetration Test. They are constantly learning how to break bricks with their skull in new and ingenious ways which Ethical Hackers have not seen on a forum, security site or read in their manuals.
So it´s our job as Ethical Hackers to keep on our toes, jumping the intellectual rope everyday and continue thinking outside the box. Only then can we attempt to counter the black hats´ formless form.