Re: What to learn for IT Security/Hackers.
Security is a minefield - and an ever changing one at that. But before you can understand the details of XSS exploits, how SQL injections work and what buffer overflows are you need to understand the underlying technologies behind them.
Anyone can Google for certain exploits, get a rough idea of what they do and subsequently exploit them. What separates the script kiddies from the real men here is who can find flaws in technologies in the first place and understand and show exactly how they work. There's very few who can do that successfully.
Then again, perhaps that shouldn't be surprising. Doing that requires an enormous amount of work - if you're serious about getting that far you need to honestly take a step back and just focus on learning how all these technologies work to their most intricate details. That requires a lot of time and effort!
So my advice would be to drop the "awesome security person" goal for the moment, pick some technologies and read up on them. Find out how they work, read up on known exploits in these technologies, understand how they work, work out how these exploits could be stopped and the mistakes made that meant they were introduced in the first place.
Save the whales, feed the hungry, free the mallocs.