http://www.infoworld.com/article/07/03/24/HNshmoocon_whitehats_1.html By Matt Hines March 24, 2007 WASHINGTON -- White hat hackers unite! The Hacker Foundation, a nonprofit organization of ethical security researchers, is trying to extend its reach and encourage more people to join its ranks to help further codify the United States hacking community. Many people working on important security research programs need financial help to allow them to pay their bills and maintain their efforts to improve IT systems defenses, Hacker Foundation leaders explain. In addition to giving seed money and grants to researchers, the group also raises funds for any legal defense fees incurred by white hats as they bend rules to help test the concepts they build. By fostering a closer relationship within the white hat hacking population and bringing people together to raise funds and organize new channels for research, the growing community of individuals who engage in ethical hacking can form a more unified front to the outside world and back new projects that keep vital research moving forward, founders of the effort said in their presentation at the ShmooCon convention on March 24. Founded in 2002, the Hacker Foundation primarily serves as a source of funds for financially challenged security researchers, but the group is hoping to begin opening facilities across the country where people can carry out their experiments and find other hackers with whom to share their work. Hackers tend to be a solitary crowd or come together in small, tightly-knit groups, but there is much to gain by collecting input and funding from people across the U.S. white hat industry, said Nick Farr, treasurer and co-founder of the Hacker Foundation. "We're trying to create a base of expertise within the community to give independent researchers access to things they normally wouldn't have access to," Farr said. "Many security researchers are doing work out of the goodness of their hearts. It would be great if we could get resources to allow to them to do their work full time and pay their bills; that's one of the big things we started the foundation for." For instance, the Hacker Foundation has already set up a fund and is providing resources to the Metasploit Project, an open source computer security effort that aims to provide information to people who perform penetration testing, intrusion detection signature development, and exploit research. Led by researcher H.D. Moore, among others, Metasploit has already made a name for itself by publishing details of a number of serious flaws in high-profile software programs, including products made by Microsoft and Apple. Unlike in other countries such as Germany, where that country's Chaos Computer Club -- another national white hat hacker group -- receives government funding, U.S.-based hackers have few resources to turn to, according to Farr and Jesse Krembs, president of Hacker Foundation. Other projects backed by the Hacker Foundation include efforts to get younger researchers into the wider community at a younger age to teach them the right way to go about their work, and a program to send people across the country, and even the world, to help rebuild IT systems after natural disasters such as Hurricane Katrina. One of the groups' more significant goals, beyond generating more industry financing through donations, is to open the series of "hacker spaces" it would like to see established in different regions of the country to give researchers someplace to work freely, and in unison. Like Internet cafes for the teenagers, the facilities would pitch themselves as convenient places for researchers to carry out their work and meet other hackers. By opening centers that offer free access to large amounts of bandwidth and other computing infrastructure, researchers would be able to create things they are unable to build on smaller home systems, and turn to colleagues when they need help or advice. Although no plans are in place to open an official Hacker Foundation-sponsored research location, the group believes it isn't far from seeing the idea brought to fruition. Washington is among the regions being considered for the initial facility, although rent is relatively high in the city, group leader noted. "There is a strong core of people here who want to build the first prototype in [Washington] D.C., but if you think you have a critical mass to build something like this where you live, just let us know and we can help," Farr said. "This group was designed to take these great ideas that people in the community come up with and build an infrastructure that makes it possible for them to happen. There are a lot of people interested in this type of research, but almost no formal support for these types of projects in this country." In perhaps its most optimistic scheme to date, the Hacker Foundation is also planning an unprecedented movable feast of white hat researchers that will begin with the Defcon hacker confab in Las Vegas in early August 2007. >From that notorious hacker show, the group is chartering a private >plane that will fly directly to Germany for the CCC's annual hacker show, with white hat activities planned for the trip. In addition to the freedom to bring whatever unusual boxes of gear they would like to display or use at the show, which has become tough to do on commercial flights, the $5,000 per person trip will include round-trip airfare, all the food and drink attendees seek in transit, and on-board meetings to discuss events at the two industry shows. The Hackers on a Plane adventure is just the sort of white hat industry fraternization that the group's organizers are hoping to spread. "We realized that all hackers don't have a place to meet and try out new things, as people in places such as Germany have been doing," Krembs said. "We want to make that happen in the U.S.; hackers need a space to learn, develop, and display their skills. We're very social creatures despite what people think and socializing the critical mass of hackers is a great way to make new things happen." _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Sun Mar 25 2007 - 22:39:31 PST