CEH and "hacking"

My boss is CEH certified in the new version so every now and then, he gets invited to some of their webinars where they demonstrat hacking utility and techniques. He invited me to attend one of the webinars with him and wow...it's kind of scary how easy everything is.

I'm never going to any banking website or logging in to my email when I'm at a public wifi ever again! One thing I thought that was kind of cool was related to the password length. Apparently, 7 characters passwords are like infinitely easier to crack than 8 characters password. If you use 10 characters password, it's almost uncrackable!

Anyone here into the hacking scene or looked at becoming a certified ethical hacker? Is it really as easy as clicking a few buttons on a utility?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Akaricloud

Yeah, password length can make a huge difference, as can not using dictionary words. Each character increases how hard it is to crack exponentially but you have to remember that our computers are getting quicker at cracking passwords as well.

CEH is definitely something I'd like to pursue because I enjoy learning about it.

computer g33k

I read that creating passwords like "pa$$w0rd" is a great practice to use.

echo465

I think XKCD said it best...

\

[h=3]http://xkcd.com/936/[/h]

computer g33k

That picture is great!

Chivalry1

Yes fear a well educated Certified Ethical Hacker. Cant say much about the course...but the material covered in the labs and books can be quite eye-opening. There are so many attack vectors for systems. Pretty much if I can gain physical access to your system...be it linux, unix, windows, mainframe fully patched..I can own your system.

If someone wants to own your network....there is absolutely NOTHING you can do. Whether its Fortune 500 company or your local bank...a simple attack can render a system useless.

the_Grinch

The password length argument is one that I always found funny. The 10 character isn't great because with rainbow tables the hash is broken in half, making it 8 characters on one side and 2 characters on the other side. Cracking two characters will take no time and perhaps knowing those two would make things a bit easier to guess the full word. So I've always stuck to using 8, capitals, numbers, and a symbol. If you really want to screw up a hacker make the last character a blank (you know where you hold ctrl+shift and type on the numpad). That will usually throw off an attacker when he doesn't "see" the blank and thinks he has the password. A lot of experts are now going with a passphrase being one of the best passwords. Such as using a favorite line from your favorite song, easy to remember and it usually ends up being a huge password.

DevilWAH

pham0329 wrote: »

Is it really as easy as clicking a few buttons on a utility?

NO!

The trouble is with Computers that every thing is easy once some one shows you, its all 1's and 0's and if's and buts. Logic at its most fundemental level. Hacking is just taking this idea to the extreem to understand the fundementals of how systems work at the most basic of levels and then finding the holes. (Hacking in the sence of breaking in to systems this being).

You have the "script kiddies", the people who use the exploits that other people have discovered. and the real Hackers that find the exploites from scratch. THe CEH course introduces you to the ideas, and how a hacker might work, but it does nto make you a hacker, that is years of pizza and coke by the light of your monitor and an unhelthy obsession of poking around in systems to find how they work. Defending agsint script kiddeis is relitivy easy, thats what the microsfot security patches are doing each month, if the exploites are know, then its easy to fix them. For the hacker its finding the exploites that no one knows about, and so no one can defend. if you can find new types of exploites, then you are a hacker.

Think of it like Programing, I can tech you the syntac of a language in a short time, and its really very simple. But you still have to come up with the consept and design of your killer application your self, and take what you have learnt to create something that before did not exist.

CEH will get you started in the field, but I don't think it really makes you a hacker, but if you enjoy it, then its a good step towards it.