Wordout

Ethical Hacking In The Business World

Image by anoldent via Flickr

May 14th, 2009

Hatchet-Man

I like to think that the term ‘hacker’ comes from using a hatchet to make the corners of log cabins fit together, like the fine cuts you see over to the right. Hacking is an attitude – and if you ever talk to a real hacker you get that right away. They may be a little strange sometimes, but they are there to build things, not tear them down.

In the 21st century, though, the term has been co-opted to mean something entirely different. The media refers to “hackers” who release computer trojans, spyware and other malware on the world. These folks aren’t hackers in the true sense, but I am certain they think they deserve the title.

Ethical Hackers

A true hacker is always ethical, but in this day and age we have to make a distinction, and most people aren’t comfortable thinking of malware creators in terms of “crackers”. They were given this name by the real hackers, years ago, because their intent at the time was usually to break things, to ‘crack’ a code.

Now that you know the difference, let me say that I will be using ‘hacker’ in its currently accepted form. I’m about to tell you how to learn what they know and more, how to use their own tactics against them without their knowledge, how to earn the credentials of a Certified Ethical Hacker and how to use all that to perform advanced security audits for any business on the planet.

Get The Certification

It’s a common misconception to think of hackers as just some geeky kids living in their mom’s basement. This may have some basis in fact in the distant past, but today many of them have studied long and hard to learn their craft. After all, it pays well when it works. As more malware is released on the world, a need is created for professionals who have those same skills and can defend against them.

The first step towards becoming that professional is educating yourself. Hopefully, you already know a bit about computers, networking, and the internet. If you’re comfortable discussing TCP/IP and you know what a node is, your next step is getting the specific training you need to win in a battle against the bad guys.

Image by anoldent via Flickr

And you’ll want a certification from a respected source, like the EC-Council. Their certificates are recognized worldwide(in over 60 countries) and have received endorsements from various government agencies including the US National Security Agency (NSA) and the Committee on National Security Systems (CNSS). Their certification shows that you not only know what you’re doing, but that you’re doing it Ethically as well.

The IT Guys And Security

Face it, if the “IT Guys” could handle this, they would. The obvious fact is that they can’t. Now before you get all riled up, understand: I have been an IT guy. And in that capacity, I had to make sure each individual pc worked, was able to access the network(which had its own set of problems) and talk to other operating systems and the internet, make sure your email gets to you, remove the paper from the copier, answer (for the 50th time) some random question about computers or the web/iphones/ipods/nintendos…. you get the picture.

IT guys have about enough time to set up layers of defense and automated monitoring tools and then hope everything works. They don’t have time to actively try to break into their own IT Security. Even if they did have the time, the best practice would be for someone else to test security. The guys who set it up will be biased in favor of their own work, and may not ‘try’ hard enough.

As an ethical hacker, that’s where you come in. Companies and governments are constantly in need of people they can trust, to hire as consultants or full time. You’ll be the quality control check for the IT guys, using all the tools at your disposal to help them plug the holes in their security. Like James Dean, you’ll be the ‘bad boy’ everybody loves.

The Bottom Line

Yeah, that’s what I’m talking about – the cash. I might like working for a little bit of nothing, but there’s no reason you should. As an
Ethical Hacker you can expect to command a professional’s salary.

Image by anoldent via Flickr

As time has passed and more malware has been released into the wild wild web, the need for Certified Ethical Hackers is only going to increase. Compensation is on the rise.

But, even more than that, as a Certified Ethical Hacker you are recognized immediately as one of the ‘good guys’. You’ll be the guy with the white hat. Respect from your peers, your employers, your clients and your family and friends – how do you put a value on that?

Some folks will tell you the only way to get ahead is ‘looking out for Number 1′ but I’m here to tell you, the BEST way to get ahead is to look out for those around you. As a Certified Ethical Hacker, you can actually do both. If you’re looking for the next step in your IT career, this may be it.

Get Your Feet Wet

You’re still reading, so I’m thinking you’re interested. Let me give you an honest, personal recommendation: Head over to the EC-Council and check out what they have to offer. I first found these guys several years ago and I believe in what they’re trying to do. (If it was any other way, I’d never write this for any amount of money.)

Over at their site you’ll see lots of information, and it can be daunting to a 1st-time visitor. Spend a few minutes looking around the site. If you’ll scroll down you’ll see links to some news items and some brief introductions to the site.

If you’re pretty sure you want to learn this stuff, you might want to check out their free introductory classes. Look over there on the right side of their page, you’ll find the links to those courses.

Image by anoldent via Flickr

If you decide to sign up for the full course load, you’ll be learning things like

-Security Fundamentals
-Ethical Hacking
-Penetration Testing
-Computer Forensics

-Disaster Recovery
-Secure Programming
-The Hacking Cycle

Why not head on over there right now and check it out? Get your feet wet with a couple of the free online classes. After you’ve had a taste of what’s involved, sign up for one of the full courses and start working on your certification.

After all, the system you protect might just be the one you’re using right now.

For more information use the links below.

http://iclass.eccouncil.org/
http://iclass.eccouncil.org/index.php?option=com_content&view=article&id=68&Itemid=91
http://www.eccouncil.org/ceh.htm
http://www.isc2.org/
http://www.comptia.org/
IT Security

Recommended by Jon

Get Wordout sent to your EMAIL!

May 14th, 2009 Posted by Jon | Sponsored Post, The Net | Leave a Comment

What It Definitely Doesn’t Take

Image by Zoolcar9 via Flickr

Social Marketing

Over at econsultancy.com is a post that sorta set a fire up under my butt. Here’s the title :

What’s it take to be a social media expert? Not much, apparently

You’ll find nice things like this there:

According to a survey conducted by MarketingSherpa, it doesn’t take much to be an expert, at least if you’re a marketer working at an organization that isn’t using social media

Well, duh. Sure doesn’t take alot to not do something. How about this one:

Yes, there are plenty of interesting social media marketing case studies but there are few tried and true techniques that can be applied consistently by practitioners. Everybody is still trying to figure this stuff out.

Or this one:

When it comes to putting together viable marketing strategies, executing them successfully, integrating them with multi-channel efforts and tracking ROI, the skills of a professional marketer are must-haves. Without these skills, otherwise creative and potentially successful campaigns will most often fail because marketing is as much about implementation and execution as it is about passion and creativity.

Hey! I agree with that last one. The emphasis you see there is in the original. And I DO agree with Exactly what it says.

Social vs Marketing

But marketing campaigns are not the same as Social Marketing. And realizing this goes a long way toward understanding why ‘there are few tried and true techniques that can be applied consistently’. (That statement about everybody trying to figure this stuff out is just bunk, in my opinion.)

Social Marketing is simple, as I’ll explain below. But an essential nature of Social Marketing is that it is eternally dynamic. One man’s trash, another man’s treasure and all that. It’s not that there are no rules, no methods, no ‘tried and true’ knowledge.

There are rules, but most of them change depending on the current circumstances. Plus, what works today may not tomorrow, even with the same customers. (That’s why I just don’t get these automated ’social’ tools. Where is the social in that?)

Back to rules. If you can’t get the 1st one right, then go back to your campaigns:

Do all you can to foster a friendship with the customer.

How do you measure that? Where is your metric and your chart and your Powerpoint presentation for that? Are you really comfortable setting goals that can only be measured over timespans of decades?

So how do you know if you’re being successful? Easy. Ask yourself this simple question with each interaction – Did I help this person?

See, this is where ‘old’ business and ‘new’ business marketers diverge. Strange thing is, the ‘new’ is actually the ‘really old but we forgot it’.

Once upon a time, a long time ago businesses survived because they nurtured relationships with their customers. Nearly all marketing was social. Then came radio, with its slick sound bites, and later television, adding visual impact to the message. Marketing took on a new face, and it had a mouth that was telling its customers what they wanted.

Then came the internet, and just like that, the mystique of The Corporation was gone. Suddenly, the customers demanded to be heard, and leveraging the power of instant communication they are achieving their goals. Generations of marketing techniques which worked just a few short years ago now fail. Social media allowed the rebirth of social marketing.

Parry and Twist (yeah, the dance)

The following excerpt is from a comment that seemed pretty representative of the comments there.

A good marketer is holistic and recognizes that before you can come up with an idea for a campaign or commit a significant amount of resource to a particular path (eg. social media), you have to understand what the brands needs, what its goals are, how their achievement will be measured, which stakeholders need to be involved, … etc. etc. etc.

I chose to respond to it…

Don’t most of you get that Social is about relationships with the customer? Where is the customer mentioned in that rant above? To ‘marketers’ it’s all about what the company gets out of a campaign. That’s why you guys are being replaced by folks who, whether you like it or not, are redefining your field. By the very ones you are sneering at with your noses held high.

Social Media is a tool. Social Marketing is about relating (really) with your customer, finding out what that customer wants, and then doing whatever you can to provide the solution.This stuff isn’t rocket science, most of it’s just common sense.

How many of you have heard this: ‘The only reason any company ever exists is because of repeat business.’ That extraordinarily old saying is an expression of the results of social marketing. If you buy used cars, will you buy again from some shallow guy with a good pitch and the right price, or from the guy who takes the time to get to know you, finds out what you want and why, and gives you a reasonable price? That guy won’t be selling used cars for very long…

OK OK so I’m not a social media expert, I don’t have millions of followers (he said, looking back over his shoulder), and hell, I’m barely alive!(see upper right of this page)

But I can still rant. And even ranting can be social, sometimes.

What do you guys think about this? Is Social Marketing a different animal than Marketing? Same? Or do we need them both?

Just want to add a couple of links here for folks who are really interested. Seems several posts appeared on this subject this morning.

Shup The Hell Up You Self-Promoting Turd

If You Want to be Successful, Be Worth Sharing

The problem with paid media isn’t the “paid”

How to Talk with Customers Differently

Get Wordout sent to your EMAIL!

May 11th, 2009 Posted by Jon | Developing Tech, The Net, commentary | Leave a Comment

ALERT! Off Schedule Windows Update

Image via WikipediaAffects All Windows, Even Vista

If you don’t do anything else on December 17th, GO TO WINDOWS UPDATE OR MICROSOFT UPDATE and get your pc patched.

A new exploit trojan which can install itself on your computer without you knowing has been admitted by Microsoft. The potential exists on ALL VERSIONS OF WINDOWS, AND ALL VERSIONS OF INTERNET EXPLORER.

From Microsoft Technet:

Microsoft Security Bulletin Advance Notification issued: December 16, 2008
Microsoft Security Bulletins to be issued: December 17, 2008

This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on December 17, 2008.

This bulletin advance notification will be replaced with the revised December bulletin summary on December 17, 2008. The revised bulletin summary will include the out-of-band security bulletin as well as the security bulletins already released on December 9, 2008.

For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft is hosting two webcasts to address customer questions on these bulletins: on December 17, 2008, at 1:00 PM Pacific Time (US & Canada) and December 18, 2008, at 11:00 AM Pacific Time. Register now for the December 17 webcast and the December 18 webcast. Afterwards, these webcasts are available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

This trojan is ALREADY ON THE WEB and people ARE BEING INFECTED. Usually, Microsoft has an idea where possible exploits could occur, but this time they were caught unawares until it was too late.

Don’t think that Vista is going to protect you. Don’t think that your firewall will protect you. Don’t think that any anti-virus program will protect you. GET THE UPDATE. It’s the only way to protect your system.

From CNET:

The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft’s browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee’s Avert Labs.

The AZN Trojan, which has been making the rounds since the first week of December, has the potential of infecting users’ system with a Trojan horse, or “downloaders” that can download other forms of malware onto a user’s system.

Microsoft announced it will release a security patch Wednesday via its automatic update system to patch users computers.

Users can potentially get infected two ways, Marcus said. One is to visit a malicious Web site that already has the malware installed on the site, or visit a legitimate site, in which the attacker has inserted the malicious script to run in the background, leaving visitors unaware their systems have been compromised.

“A lot of Web sites are pushing out this exploit,” Marcus noted. Some of the infected sites include Web sites that offer free wallpaper for mobile phones to sites that feature property to product-related sites.

Microsoft is encouraging users to update their systems once the patch is released Wednesday at 10 a.m. PDT.

(EDIT 7:10 7:20am 7:45am 8:01am Eastern)The patch is still not up on the Microsoft site. Keep checking their site until it’s available!

Here are the links, if you need them:

Windows Update

Microsoft Update

Or you can click on START – ALL PROGRAMS – WINDOWS UPDATE.

The update patch will be available after 7am Eastern time. If it’s already after 7am, GET OFF WORDOUT AND GO THERE NOW!

Two things to remember:
1. You need to use Internet Explorer when going to Windows/Microsoft Update.
2. Restart your pc immediately after the update is installed.

I am Jon, and you can bet, if it’s after 7am I am patched. (unless the patch is unavailable until later! See EDIT above.)

Get Wordout sent to your EMAIL!

December 16th, 2008 Posted by Jon | Need2No, The Net | Leave a Comment