Home Archive RSS/XML Subscribe Shop

[ISN] Hackers Go Pro

From: mea culpa <jericho_at_dimensional.com>
Date: Mon 18 Jan 1999 - 21:12:15 CST
http://www.zdnet.com/computershopper/edit/cshopper/content/9902/383168.html   
Hackers Go Pro
by Nancy Nicolaisen and Dan Costa

Penetration analysis, or ethical hacking, is an increasingly popular way
for businesses to find holes in their networks. Vendors are lining up to
break and enter for profit

Introduction

Ethical hacking might seem like an oxymoron, and it does present some
confusing issues, but it is also a growing and legitimate IT specialty. 
Ethical hackers can be separated into two broad classes--independents and
consultants. Independent ethical hackers believe that discovering the
weaknesses of software, hardware, and the networks upon which we all
depend is an inherently good or ethical act. 

These good-Samaritan Netizens have been around for years--poking holes in
Internet Explorer, breaking encryption algorithms, accessing networks
without authority. Sometimes they report the hack to the company; other
times the hack announces itself, and the vendor must quickly fix the
problem. This real-world market testing can make products stronger and
safer for the rest of us. 

Ethical-hacker consultants do basically the same thing, but they get paid
for it. We should mention that ethical hacking never entails damaging
property, destroying data, or stealing private information. These
activities may be hacks, but they fail most any standard of ethics. In
fact, some in the hacker community refer to these kinds of criminals as
"crackers." 

Though most professional system managers accept garden-variety hackers, or
crackers, as part of the spectrum of risk-management responsibility by
which they earn their daily bread, the emergence of expert hackers
represents a new kind and degree of threat. 

Truly dangerous hackers come from one of two groups: disgruntled insiders,
and those rare few who command expert knowledge of targeted systems'
communication protocols and operating-system internals. In the first case,
a bit of prudence is an effective defense. The latter requires more
aggressive measures, like hiring professional ethical hackers to find the
weak points in a company's security. 

[snip...]

-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:03:46 1999
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy