[ISN] Hackers Go Pro

From: mea culpa (jerichoat_private)
Date: Mon Jan 18 1999 - 19:12:15 PST

  • Next message: mea culpa: "[ISN] No choice perfect on encryption"

    Hackers Go Pro
    by Nancy Nicolaisen and Dan Costa
    Penetration analysis, or ethical hacking, is an increasingly popular way
    for businesses to find holes in their networks. Vendors are lining up to
    break and enter for profit
    Ethical hacking might seem like an oxymoron, and it does present some
    confusing issues, but it is also a growing and legitimate IT specialty. 
    Ethical hackers can be separated into two broad classes--independents and
    consultants. Independent ethical hackers believe that discovering the
    weaknesses of software, hardware, and the networks upon which we all
    depend is an inherently good or ethical act. 
    These good-Samaritan Netizens have been around for years--poking holes in
    Internet Explorer, breaking encryption algorithms, accessing networks
    without authority. Sometimes they report the hack to the company; other
    times the hack announces itself, and the vendor must quickly fix the
    problem. This real-world market testing can make products stronger and
    safer for the rest of us. 
    Ethical-hacker consultants do basically the same thing, but they get paid
    for it. We should mention that ethical hacking never entails damaging
    property, destroying data, or stealing private information. These
    activities may be hacks, but they fail most any standard of ethics. In
    fact, some in the hacker community refer to these kinds of criminals as
    Though most professional system managers accept garden-variety hackers, or
    crackers, as part of the spectrum of risk-management responsibility by
    which they earn their daily bread, the emergence of expert hackers
    represents a new kind and degree of threat. 
    Truly dangerous hackers come from one of two groups: disgruntled insiders,
    and those rare few who command expert knowledge of targeted systems'
    communication protocols and operating-system internals. In the first case,
    a bit of prudence is an effective defense. The latter requires more
    aggressive measures, like hiring professional ethical hackers to find the
    weak points in a company's security. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:16:24 PDT