[ISN] Hire hackers to find loopholes in IT system, firms advised

From: InfoSec News (isnat_private)
Date: Thu Oct 31 2002 - 02:20:10 PST

  • Next message: InfoSec News: "[ISN] Security UPDATE, October 30, 2002"

    By Yvonne Chong 
    October 30, 2002
    AS computer system security becomes an increasingly major concern for
    businesses and governments alike, organisations can look to hiring
    ethical hackers to uncover their systems' vulnerabilities before the
    hackers do.
    To prevent the growing legions of hackers from crippling an or-
    ganisation's business operations and destroying their profit margin,
    local businesses must learn to think and act like hackers, said
    Wordware (M) Sdn Bhd managing director Wilson Wong.
    "Before companies can understand today's security threats, they need
    to know how hackers select and exploit companies' vulnerabilities, how
    to eliminate those vulnerabilities, and the counter measures
    available," Wong said at a seminar on Ethical hacking and
    counter-measures in Kuala Lumpur yesterday.
    Known in Malaysia as "penetration testing engineers" as opposed to the
    more controversial term "ethical hackers", these professionals who are
    skilled in all the hacking tools and counter measures are a relatively
    new breed here.
    Wong noted that the awareness level of the imminent and actual threats
    of hacking was low, particularly among the small- and medium-sized
    enterprises (SMEs), which formed the bulk of local companies.
    Many organisations are un- aware that hacking tools are readily
    available on the Internet to be downloaded. These tools can be used to
    steal database, including credit card and other personal details, and
    sensitive or confidential company information.
    A hacker need not even know any programming language to use the tools
    to cause serious damage to a company that is not adequately protected.
    Some 3,000 cases of cybercrimes and Internet security breaches were
    reported in Malaysia from August 1997 and July 2002.
    Wordware vice- sales and marketing president Sanjay Bavisis said the
    fear was not so much of having one's website defaced with big bold
    "You've been hacked!" or the logo replaced with pornography, because
    then the organisation would know it had been hacked and do something
    about it.
    "It's when everything seems to be just the way they were. But behind
    that, your data had been compromised, stolen and altered, some
    software implanted in your system that transmit all your secrets out
    ... and you are not even aware of it," he said.
    Wordware and US-based International Council of E-Commerce Consultants
    (EC-Council) recently introduced "Ethical hacking and
    counter-measures" as an e-business qualification in Malaysia.  
    Candidates who pass the programme would be accorded the title
    "Certified Ethical Hacker" (CEH).
    The seminar was attended by over 300 professionals from the banking
    and finance industry, IT and telecommunication sectors, students and
    human resource managers.
    Topics covered included Hacker ethics: Are there any ethics?, legal
    implications of hacking, computer crime and punishment, hacking and
    protecting your Windows 2000 OS and hacking and protecting your
    dial-up, voicemail and VPN.
    Wordware has 26 authorised training centres nationwide to teach and
    train students in the course, among other e-business courses. "Each
    centre plans to have 10 to 20 CEH trained every month," Wong said.
    While the profession was slowly gaining momentum here, the growing
    trend in US companies was to groom their own ethical hackers, said
    EC-Council technical director Haja Mohideen.
    "There's now a new title: chief hacking officer (CHO)," Haja said,
    adding that it was only a matter of time when the same trend came to
    CHOs are a breed of ethical hackers that have mastered all the hacking
    tools and know all the counter measures. They are not involved in
    providing security for the company but their role is to find all the
    gaps and loopholes in an organisation's system, somewhat like the
    final checkpoint in the system's quality control, according to Haja.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Oct 31 2002 - 08:57:01 PST