Some of my colleagues in the information security profession think that hacking is evil.  They strongly rebuke any information security professionals for condoning hacking. 

I think that is a ridiculous position to take.  How can we be any good at our job (particulary the more technical information security professionals) if we ignore the skills that malicious hackers use to exploit the very systems we protect?  Why would we bind our own hands from finding vulnerabilities before our enemys? 

Not knowing the darker side of security is like a Drug Enforcement Agent who can't recognize drugs because he or she has never had any exposure to controlled substances.  It is not my position that cops should rob a bank or abuse crack to REALLY know the criminal mind.  I'm just saying that security is not just about implementing secuirty practice, it is about knowing the exploits, vulnerabilities and threats and knowing them well.

Hacking is cool.  It is not all evil or criminal.  Sometimes I have to hack my system after locking myself out.  I've attempted to hack my own network to find vulnerabilities. 

I think hacking is about mastering systems, finding easier ways to do things in life, being clever.  The dangerous thing about hacking is that sometimes individuals are smarter than the systems that they interface with (or control them).  It is the mutant strain that changes everything, the revolution that forces change, the rebel refuses to submit and any of those can be very good or very bad.

Unfortunately, it is easier to destroy than to create, so some weak, ignorant, sociopaths give in to the darkside.  This is true of any method, skill, talent, profession ect.  It is a part of human nature to have users and abusers in our ranks.  You may even have some in your family!  It is my personal belief that what you reap is what you sow (karma); those who do bad will get theirs.  I choose to hack ethically lest I incur the wrath of the universe.

The first ethical-hacking course was started six years ago. Today, there are some half-dozen organizations offering similar instruction around the world

read more | digg story

This document describes Public Key Infrastructures, the PKIX standards, practical PKI functionality and gives an overview of available open–source PKI implementations. Its aim is foster the creation of viable open–source PKI implementatations.

read more | digg story

“Starting next week, MySpace, the popular online hangout, will make it harder for strangers to send messages to younger teenagers. The site has been under pressure because members are frequently subjected to lewd or inappropriate messages and occasionally lured into dangerous real-world encounters.”

read more | digg story

If you have a UV light handy, you'll discover a world of secret messages printed on licenses, credit cards, and other official documents as an anti-counterfeiting measure. This web page has some nice photos of the UV ink on a Visa Card, a Master Card, and a CA driver's license.

read more | digg story

His project, the “Embedded Secure Network Bridge” has already attracted some attention; not bad for a sixteen year old.

read more | digg story

Civil liberties advocacy group the Center for Democracy and Technology and New Yorkers for Fair Use, comprised of businesspeople and technology advocates, both released net neutrality proposals Tuesday, two days before the U.S. Senate Commerce, Science and Transportation Committee is set to debate the issue.

read more | digg story