Since you insist on proving my point again and again, I suppose this conversation shall continue. First of all the 33 principles you have directed me to are essentially an elaboration of the 5 that i listed earlier. For example here are some of the principles from that list and where they would coincide with the ones I've listed.
Principles 1,7,18,20,26,28, and 29 can fall under Layering
Principles 3,9,19,and 27 can fall under Simplicity
Principles 12,19,20,28,and 29 can fall under Diversity
Principles 10,14,15,16,17,22,23,24,25,26, and 30 can fall under Limiting
Principles 4,5,14,16,26 and 31 can fall under Obscurity
At the same time all of these 33 principles can fall under other categories as well.
As far as your "Security by obscurity" I never once said it should be used alone, in fact I said that by itself, it wasn't a good idea. Second "Security by Obscurity" means the same thing whether it is implemented by itself or with other layers of security. Wikipedia says nothing specific about "Security by Obscurity" being a practice that is always by itself. On top of that Wikipedia is not the most credible source for accurate information. While it does contain some good information on many topics, It can't always be trusted. Not to mention I have never met a professor who would accept Wikipedia references in research as credible. As a matter of fact I've seen professors refuse assignments because of Wikipedia references.
Finally, I never said that this book was a "holy" source and the only correct source on security. It does however follow International Industry Standards and as far as every argument you have come up with to refute this book, you have only proved it more accurate.
*It seems clear to me that we are essentially saying the same thing in a different way. This argument is almost pointless and seems to be in a never ending loop. Why do I continue it? I like to argue. Also, I do not consider this particular book that I've referenced as a holy source, but in the end the things discussed in it are also discussed in most other books on information security as there is an Industry Standard. That's not to say that this standard cannot be expanded based on the person or the purpose of the security. Also I hope that you dont take anything I say too personally as it is not intended to be so.
oh yeah i never said i have passed or even taken any of the cert exams, you tend to assume to much. (once again no offense intended)
Hello, experienced hacker here.
-
PaRaDoX
- Posts: 708
- Joined: Fri Aug 22, 2008 5:52 am
- Location: In your fridge, waiting to pop out and scare you.
"Pure Bullshit. Just by asking/speaking about a criminal act you can't get punished."
i have no clue about your American laws, but in Canada our wacky laws CAN punish someone, if even only with criminal INTENT. ( if its unclear whether or not they want to, maybe not, but why else would you ask to hack an ATM machine? curiosity? if it were out of curiosity, they would NOT ask here) if you voice that you want to do something illegal, you, in fact, can be punished. again, that's just in Canada. I would assume its similar in the US. Also, we hate people who ask these questions because we want nothing to do with them and they think they can just waltz on in (their interpretation of hacker.org is some crazy "underground" criminal site) and ask how to steal money from others.
no thanks.
and FYI google is indeed a valid source of information, that is its whole purpose. the internet, believe it or not, IS a useful resource tool if used correctly. as for most of the puzzles, (emphasis on most), i don't see too much interest in them (in the sense of furthering any skills apart from critical thinking) and as for the challenges, sure, they make a nice test but you don't actually LEARN anything from them. they just act as....practice or a review.
as for the lack of educational discussion in this subforum, I hate to agree, but nonetheless, do. (hopefully you've read a few of my other posts). sure most are random rants but you could say that in a sense educates crackers about what NOT to do. *ok that was a weak argument but valid in a sense* again, i remain in the position that i agree that there should be more intelligent discussion, but i also remain steadfast in the sense that flame CAN indeed be useful, and, while this may be a bit strong a wording (for lack of better words) may very well be a compulsory element of any forum which hosts controversial (stereotyped or not) content.
i have no clue about your American laws, but in Canada our wacky laws CAN punish someone, if even only with criminal INTENT. ( if its unclear whether or not they want to, maybe not, but why else would you ask to hack an ATM machine? curiosity? if it were out of curiosity, they would NOT ask here) if you voice that you want to do something illegal, you, in fact, can be punished. again, that's just in Canada. I would assume its similar in the US. Also, we hate people who ask these questions because we want nothing to do with them and they think they can just waltz on in (their interpretation of hacker.org is some crazy "underground" criminal site) and ask how to steal money from others.
no thanks.
and FYI google is indeed a valid source of information, that is its whole purpose. the internet, believe it or not, IS a useful resource tool if used correctly. as for most of the puzzles, (emphasis on most), i don't see too much interest in them (in the sense of furthering any skills apart from critical thinking) and as for the challenges, sure, they make a nice test but you don't actually LEARN anything from them. they just act as....practice or a review.
as for the lack of educational discussion in this subforum, I hate to agree, but nonetheless, do. (hopefully you've read a few of my other posts). sure most are random rants but you could say that in a sense educates crackers about what NOT to do. *ok that was a weak argument but valid in a sense* again, i remain in the position that i agree that there should be more intelligent discussion, but i also remain steadfast in the sense that flame CAN indeed be useful, and, while this may be a bit strong a wording (for lack of better words) may very well be a compulsory element of any forum which hosts controversial (stereotyped or not) content.
~You are a glitch in my reasoning.
@plope: Well it seems I have misunderstood but you said you're a "security major", that lead me to the assumption that you work in this area and thus have passed those certificates. So I guess "security major" only means you're studying this subject? (English is not my mother tongue sorry.)
By the way, very interesting (and somehow confusing) transformation. First you say I've no clue, and now, only one post later you say we're basically saying the same. Conclusion on that: we have both no clue
And I agree, wikipedia should not be seen as a reliable source. However, all I wanted to say with that is that there *exists* an article named "security through obscurity", so that alone is somehow a "proof" that this term exists by it's own and means something other than just your word by word interpretation that lead to your five security principle points. "Security by Obscurity" just doesn't make any sense to me if it's describing a normal system that is using other layers of security as well as obscurity, because that would really be nothing special that deserves a term by it's own.
@paradox: I agree in most of what you're saying, but it's really nonsense if you say that you don't learn anything in those challenges. In those you solved, that may have been the case, but I must say I learned a lot about cryptography, stack-based programming languages (->HVM), reverse engineering (x86 binaries as well as Java and C# bytecode), optimizing of algorithms, bash-scripting, programming Python, sorting algorithms, the HTTP protocol, Fast Fourier Transformation, Game of Life, maths (especially Fibonacci sequences and prime numbers), barcodes, SQL injections, just to name a few areas. Whenever you do some research on a subject that isn't known to you do already learn something, don't you?
I guess you're only doing challenges which you are able to solve within a minute or so and give up too early on the others. Then of course it's obvious that you don't learn anything (besides that the first few dozen challenges are boring anyway).
Of course it depends on your interest area. If the only thing you are interested in are, let's say networks, then the challenges won't help you improve your skills indeed.
By the way, very interesting (and somehow confusing) transformation. First you say I've no clue, and now, only one post later you say we're basically saying the same. Conclusion on that: we have both no clue
And I agree, wikipedia should not be seen as a reliable source. However, all I wanted to say with that is that there *exists* an article named "security through obscurity", so that alone is somehow a "proof" that this term exists by it's own and means something other than just your word by word interpretation that lead to your five security principle points. "Security by Obscurity" just doesn't make any sense to me if it's describing a normal system that is using other layers of security as well as obscurity, because that would really be nothing special that deserves a term by it's own.
@paradox: I agree in most of what you're saying, but it's really nonsense if you say that you don't learn anything in those challenges. In those you solved, that may have been the case, but I must say I learned a lot about cryptography, stack-based programming languages (->HVM), reverse engineering (x86 binaries as well as Java and C# bytecode), optimizing of algorithms, bash-scripting, programming Python, sorting algorithms, the HTTP protocol, Fast Fourier Transformation, Game of Life, maths (especially Fibonacci sequences and prime numbers), barcodes, SQL injections, just to name a few areas. Whenever you do some research on a subject that isn't known to you do already learn something, don't you?
I guess you're only doing challenges which you are able to solve within a minute or so and give up too early on the others. Then of course it's obvious that you don't learn anything (besides that the first few dozen challenges are boring anyway).
Of course it depends on your interest area. If the only thing you are interested in are, let's say networks, then the challenges won't help you improve your skills indeed.
I'm glad we've been able to come to a conclusion on this. And yes, when I said I am majoring in Security, I meant I am currently studying it. This being the case, I will agree that neither of us knows what were talking about in the whole scheme of things.theStack wrote:@plope: Well it seems I have misunderstood but you said you're a "security major", that lead me to the assumption that you work in this area and thus have passed those certificates. So I guess "security major" only means you're studying this subject? (English is not my mother tongue sorry.)
By the way, very interesting (and somehow confusing) transformation. First you say I've no clue, and now, only one post later you say we're basically saying the same. Conclusion on that: we have both no clue
And I agree, wikipedia should not be seen as a reliable source. However, all I wanted to say with that is that there *exists* an article named "security through obscurity", so that alone is somehow a "proof" that this term exists by it's own and means something other than just your word by word interpretation that lead to your five security principle points. "Security by Obscurity" just doesn't make any sense to me if it's describing a normal system that is using other layers of security as well as obscurity, because that would really be nothing special that deserves a term by it's own.
@paradox: I agree in most of what you're saying, but it's really nonsense if you say that you don't learn anything in those challenges. In those you solved, that may have been the case, but I must say I learned a lot about cryptography, stack-based programming languages (->HVM), reverse engineering (x86 binaries as well as Java and C# bytecode), optimizing of algorithms, bash-scripting, programming Python, sorting algorithms, the HTTP protocol, Fast Fourier Transformation, Game of Life, maths (especially Fibonacci sequences and prime numbers), barcodes, SQL injections, just to name a few areas. Whenever you do some research on a subject that isn't known to you do already learn something, don't you?
I guess you're only doing challenges which you are able to solve within a minute or so and give up too early on the others. Then of course it's obvious that you don't learn anything (besides that the first few dozen challenges are boring anyway).
Of course it depends on your interest area. If the only thing you are interested in are, let's say networks, then the challenges won't help you improve your skills indeed.
It was a good discussion though. As far as PaRaDoX's post, I think what he's saying is that, for some, the challenges and puzzle are reviews of the concepts you already know. Of course for someone who has no experience on the particular subject it can be a method of learning something new. In the end it all depends on the person and their skill level. On another note....What happened to a?
-
PaRaDoX
- Posts: 708
- Joined: Fri Aug 22, 2008 5:52 am
- Location: In your fridge, waiting to pop out and scare you.
with the challenges, its true. you can't learn anything new from them (not DIRECTLY). they cannot teach you anything themselves, or you wouldn't have passed them. they teach you INDIRECTLY, by forcing you to learn what they ask. i find them to be more like learning topic suggestion than a resource.theStack wrote:@plope: Well it seems I have misunderstood but you said you're a "security major", that lead me to the assumption that you work in this area and thus have passed those certificates. So I guess "security major" only means you're studying this subject? (English is not my mother tongue sorry.)
By the way, very interesting (and somehow confusing) transformation. First you say I've no clue, and now, only one post later you say we're basically saying the same. Conclusion on that: we have both no clue
And I agree, wikipedia should not be seen as a reliable source. However, all I wanted to say with that is that there *exists* an article named "security through obscurity", so that alone is somehow a "proof" that this term exists by it's own and means something other than just your word by word interpretation that lead to your five security principle points. "Security by Obscurity" just doesn't make any sense to me if it's describing a normal system that is using other layers of security as well as obscurity, because that would really be nothing special that deserves a term by it's own.
@paradox: I agree in most of what you're saying, but it's really nonsense if you say that you don't learn anything in those challenges. In those you solved, that may have been the case, but I must say I learned a lot about cryptography, stack-based programming languages (->HVM), reverse engineering (x86 binaries as well as Java and C# bytecode), optimizing of algorithms, bash-scripting, programming Python, sorting algorithms, the HTTP protocol, Fast Fourier Transformation, Game of Life, maths (especially Fibonacci sequences and prime numbers), barcodes, SQL injections, just to name a few areas. Whenever you do some research on a subject that isn't known to you do already learn something, don't you?
I guess you're only doing challenges which you are able to solve within a minute or so and give up too early on the others. Then of course it's obvious that you don't learn anything (besides that the first few dozen challenges are boring anyway).
Of course it depends on your interest area. If the only thing you are interested in are, let's say networks, then the challenges won't help you improve your skills indeed.
~You are a glitch in my reasoning.
Full ACK, it was nice - now get ready for the next fight! (just kiddingplope0726 wrote:I'm glad we've been able to come to a conclusion on this. And yes, when I said I am majoring in Security, I meant I am currently studying it. This being the case, I will agree that neither of us knows what were talking about in the whole scheme of things.
)@paradox: Alright, of course you will learn the things from the challenge more in an indirect sense. But since for some things in life "learning by doing" is the best practice, this seems to be perfect for me because there's some motivation behind that (curiosity - what challenge will be next after this one?). Especially for learning a new programming language this is the case - nobody on earth will learn programming just by reading books (for beginners it's maybe better to practice on regular exercise at first than on freaky challenges though). Besides that it's sometimes very interesting to discuss the different approaches in the "Challenges solved" subforum.
I did the first few challenges with C - since I switched to python I think this was real masochistic - I must say I fell in love with that scripting language
Python is a nice little language.
As far as trying to learn a programming language, or to learn programming in general it is certainly best to have a problem to solve with the program you write. Otherwise you're just creating a bunch of useless "Hello World" apps and learn nothing. I figured this out when I tried using the Video Tutorials on MSDN...What a waist of time.
As far as trying to learn a programming language, or to learn programming in general it is certainly best to have a problem to solve with the program you write. Otherwise you're just creating a bunch of useless "Hello World" apps and learn nothing. I figured this out when I tried using the Video Tutorials on MSDN...What a waist of time.
-
rajganeshb2
- Posts: 1
- Joined: Fri Mar 06, 2009 4:10 pm
- Location: India
Fresh Meat
Hi all, I m new to hacking and this community. Kindly help me with the basics of becoming a hacker. I am interested to be a hacker since my child hood. 
sanfeng
-
Allosentient
- Posts: 273
- Joined: Thu Apr 10, 2008 9:47 pm
Re: Hello, experienced hacker here.
I thought this post was a joke at first until I saw his signature and the fact that he only has 4 posts (and probably no rankings)daengpalopo wrote:BerryTheWest wrote:I am a hacker and earned my title for 4 years in network security penetration. I am an assistant to who you probably know WhiteKnight. He told me to check up this site for any update or changes to this site for those perhaps provide WhiteKnight some vital information. I also have permission from the WhiteKnight to discuss or to help you among the hacker network. If you have any question you can ask me right ahead.
After all nice to meet you guy.
wow.. it's great.. nice to know you...
please, teach me how to hack ATM machines
-
Allosentient
- Posts: 273
- Joined: Thu Apr 10, 2008 9:47 pm
Re: Hello, experienced hacker here.
Welcome to the site! (A little late, I know). One question, are you a professional network security person? Care to elaborate on some of your experiences? =)BerryTheWest wrote:I am a hacker and earned my title for 4 years in network security penetration. I am an assistant to who you probably know WhiteKnight. He told me to check up this site for any update or changes to this site for those perhaps provide WhiteKnight some vital information. I also have permission from the WhiteKnight to discuss or to help you among the hacker network. If you have any question you can ask me right ahead.
After all nice to meet you guy.
