CyberSecurity June 2, 2005

Pages
- Home
- About
- Archives
- ArchivesList
- Contact
- email scam
- hacked
  - remove malware
- internet scam check
- Quiz
  - Security+ Module1
- Report A Scam
- scams
- DIACAP
Archives
- May 2020
- May 2019
- April 2019
- September 2018
- August 2018
- July 2018
- June 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- December 2016
- November 2016
- October 2016
- August 2016
- July 2016
- June 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- June 2015
- April 2015
- March 2015
- January 2015
- December 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- December 2013
- October 2013
- September 2013
- August 2013
- June 2013
- May 2013
- April 2013
- March 2013
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- March 2011
- February 2011
- January 2011
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
Calendar

June 2005

S M T W T F S

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30

« May Jul »
Categories

June 2005
S	M	T	W	T	F	S
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Archive for June 2nd, 2005

June 2nd, 2005

Defcon.org, 29 – 31 July, Las Vegas, NV. $80.00 admission @ Alexis Park

Convention of hackers, crackers, programmers, security pros, black hats, white hat, gray hats the entire spectrum of security technology freaks converging on one location to discuss their favorite subject.

Once a year I am encouraged to go to numerous Security Conferences most of which turn out to be usless infomercials where vendors a trying to sell there plug in security solutions.

There are very few that have really been of value. Defcon is by FAR the best. Since it is a hacker convetion I often have trouble convicing the Government of its worth. It is good to know that FBI, CIA and possibly the NSA don't hold the same view as the Agencies I have worked for.

I can not stress the value of Defcon to Security Professionals enough.

Martin McKeay has a great site on Security issues. We discussed what the word “hacker” conveys to most people.

The original meaning of hacker was that of a technical savvy person creative enough to come up with work arounds, fixes and find vulnerabilities. This is what hacking still means to me. It is my personal oppinion that this is where you seperate the men from the boys. Hacking, in the traditional sense of the word, is the true gauge of technical skill and understanding.

These days the meaning of hacker, and hacking in general is used to address the activities of cybercriminals, or black hats. Martin and I disagree with the direction that the concept is going.

Unfortunately, his view is what most “security professionals” and the general public currently think of the whole concept of hacking, that is is criminal behavior. That is ignorant.

But, no matter how you define hacking or hackers, it is the duty of ever one who calls themselves a security professional to know the practices and mind set of a hacker, criminal or otherwise. It is like a detective or a profiler. The best detectives, investigators and profilers have an understanding of why criminals do what they do. In this same way, it is imperative that the Security Professional understand the techniques and mindset of every shade of hacker, black-white hat.

Which investigator will understand a thief better, the one with a PHD in criminology or the investigator who used to be a thief?

If the security professional doesn't know how to exploit there own systems, how effect is that security professional… And if MOST security professionals can not exploit ANY system, what does it mean to be a system security professional?

Martins Comments:

I love the 'Hacks' books from O'reilly. They've probably done more to regain the original meaning of hack and hacker than all of the protests by security professional combined. I have 4 or 5 of the 'Hacks' books sitting on my work and home bookshelves. Have you checked out Make magazine? (http://www.makezine.com/)

I wish we could regain the original meaning of the word, but I fear it's a pointless battle. To the average Joe in America today, hackers will always and forever be the evil creators of viruses and trojans. Not that Joe could tell the difference between the two.

I don't know if you remember it, but last year the guy who wrote the Sasser and Netsky viruses was hired by a German AV company (http://www.enn.ie/news.html?code=9554015). I know at least one German CISSP who was very upset at this idea, and let them know it. I also seem to remember that his employment didn't last long, but I couldn't find a link to that news. So at least one company was willing to hire a hacker knowingly and publicly.

People don't want to have to worry about the complexity of the shade of a hacker. Black, gray or white hat, if you say you're a hacker, they assume you're after their bank account number. I'll stick with calling myself a Security Professional, rather than trying to borrow from the 'hacker mystique' for publicity.

Posted by Martin at June 1, 2005 01:15 PM

ME:

McKeay.. great blog,

I was at Barnes & Nobles the other day looking for Kyle Rankin's book, Knoppix Hacks and I noticed hacking is quite the buzz word. It seems every conceivable category of Information Technology now has a book followed by (or proceding) the words hack, hacking, hacker's guide ect. O'reily has a whole series on hacks (great books): http://www.oreilly.com/hacks/

There is even a book called, “Understanding God's Will: how the HACK the equation” — (Not from O'reily)

I believe the reason for this is because hacking is cool. Its like the new and very necessary quick fix tool among this era of information overload and technical bombardment.

Many of the most famous and infamous player in this new Information Age have been Hackers. Just to name a few: William H. Gates III, KBE, Blake Ross (19 year old creator of FireFox), Linus Trivalds, Klaus Knopper (creator of Knoppix), the Woz, Paul Allen, Kevin Mitnic, Jeff Moss (creator of Defcon), all the creators of Unix, Bill Joy…

The word hacker has been hi-jacked. Its real meaning has been… hacked. That is why I was over joyed when I was introduced to the Certified Ethical Hacker certification. I have yet to take the cert. I plan on using the CISSP to prepare me for it… it is difficult from what I've seen in the Sample tests. I hope this cert gains enough credibility to take the concept of the true hacker back in mind of the Business owners.

I went to Defcon in 2003 (11 I think) and I learned a lot there. For one thing, not all hackers are evil Sasser Worm creators or apart of the “Hang Up Team” (a truly, TWISTED bunch of Russian hackers). Many of the Hackers speaking were hackers in the original since of the word. In fact, they were do-gooders! They would find exploits and try and report them imediately to the owner of the software or hardware. The biggest problem was that they companies like Microsoft and Oracle would not listen to them. They are often refered to as Gray Hats. Almost like vigilantes, where as White Hats can be considered people like you and me (mercenaries working for companies), and Black Hats just cyber criminals.

I think the concept of what a hacker is is being transformed. Why a company would hire an Internationally know Black Hat and publicize it is, to me, not smart money. I bet it would even negatively effect the stock.

Posted in Computer Security, I got hacked, security, Security Awareness/ISSA, Super GEEK by Bruce Brown

Pages

Archives

Calendar

Categories