Ethics or not, formula for hacking can be reduced to:
* Choose something that interests you
* Learn everything you can about that thing, reading/learnig critically : Consider how an "evil" (or opportunistic) user could exploit the requirements, standards, or suggestions in specs
* When you become even more skilled, you can work on ways in which engineers and developers might make assumptions in code to meet specs/standards and attack those assumed weaknesses.

Outside of the above are many specializations. For applications, "fuzzing," has been used to quickly explore an attack surface to expose areas of interest for more intense examination.
If interested in social engineering, there are several good books on "con games" which expose basic formulas for games to play with "marks" to get something from them, and have them want to help you.
If interested in the space of lock picking, then there are groups that you can join to learn more, and then share what you learn.
Interested in Electronic hacking using "jtag" on/with devices, and explore hardware? There are books, and youtube videos with people demonstrating some of the techniques they use; anything that they cover that you do not know about provides you with keywords to include in internet searches.
If you are interested in crypto, then your best course is to read about the proper ways that people have used to create widely used crypto systems, then learn about the best ways these have been implemented (those with the widest use and fewest security issues), and after you learn about these, then learn how past hashing and cipher systems have been weakened. Then, after you are an expert in many of these things, you could toy with creating and trying to break your own cipher. Lots of people try to reverse this and "invent" brand new "super secure" ciphers before they have learned about crypto systems, only to find their invention can be defeated with past attacks or variations on past attacks. For examples of terribly complex crypto which increases risks for security, check out older OpenSSL source code. Each feature (standard or nonstandard) increases risk for vulnerability; increasing complexity increases security risks. Simple code means code that is easier to audit.

Choose something that drives you, that causes you to feel a great deal of passion, and joy when exploring it, and then learn all you can about it. Along the way, try testing some of your assumptions on weaknesses to help you fortify your knowledge.

Good luck!
-Cot

Hi Cot,

thank you for the intresting points to consider.

I like the idea of social hacking, sounds really fun if done right.

Regards B

Your response should be pinned everywhere! This is the most universal question asked on here, I think.

ukbennyuk are you coming to DefCon this year?