Skip to main content

Why we need Hackers?


Life would be easier if we didn’t have to patch our operating systems and apps. Patrick Gray explores the real reasons why updating is important.
It would be easier if hackers, who say they’re acting in the public interest by releasing information on the vulnerabilities they find, would just get real jobs and stop pointing out the weaknesses in our software, right? Wrong.

As most who work in the IT security field will tell you, all the software that we use is shipped in a vulnerable state. The security holes are there from day one, and if the good guys don’t find the bugs, the bad guys will. The only way to defend an operating system or an application against a bug is to know of the existence of the bug in the first place.

Just 10 years ago, the bug-hunting community was a mish-mash of hackers, system administrators and programmers. Many were geeks seeking kudos for finding the latest "zero-day" or "fresh" vulnerability.


Since then, IT security has become a booming business and vulnerability information is worth its weight in gold. Scores, if not hundreds of full-time bug hunters now spend their days earning hefty salaries pulling apart software and looking for bugs — a weird sort of third-party quality assurance service for software companies.

They disclose their findings to the vendor, which releases a patch, then they release information about the bug to the wider community. But what are the ethics of security research? How much information should researchers release when they find a bug?

'You talk about why people crack things; I think the benefit is that it keeps the vendors in line, its holds them accountable,” says Rick Forno, the former chief security officer of Internic. 'And chances are if the good guys find something, the bad guys have known about it longer than the good guys.'

US-based Forno is currently studying for a PhD on vulnerability disclosure at Curtin University in Western Australia. In his role as Internic’s CSO, he was responsible for securing the Internet’s root domain name servers — the core directories responsible for matching domain names to IP addresses. In short, they’re important machines.

While Forno defends security researchers who disclose information on the vulnerabilities they uncover — even "proof of concept exploit code", the software researchers sometimes release, which allows all and sundry to use the vulnerability — he says there’s a right way to do it and a wrong way.

'Knowledge is neutral. How do you use it, to patch a system or exploit a system,?' he asks. 'There is a big movement now to restrict adverse information ... but where do you draw the line between where information is deemed to be adverse or helpful. Too often people err on the side of caution.”

In this feature, you’ll hear from the hackers themselves, who largely serve the public interest. Some have disclosed information that’s led to computer worms being unleashed by unscrupulous hackers. Others have written tools the bad guys use to penetrate networks. All say they’ve acted in the public interest.


Credit for this article goes to Patrick Gray
Labels:

Comments

Post a Comment

Leave ur Comment Please :)

Popular posts from this blog

Sony India launches new camera RX10 M4

Sony’s New RX10 IV Combines World’s Fastest1 AF and 24 fps Continuous Shooting with Versatile 24-600mm F2.4-F4 Zoom Lens ·           World’s fastest 1  0.03 sec high speed AF with 315 focal-plane phase-detection AF points ·           High-speed 24fps shooting with AF/AE tracking ·           ZEISS® Vario-Sonnar T* 24-600mm F2.4-F4 Large Aperture, High Magnification Zoom Lens ·           Touch Focus ·           4K Movie Recording with full pixel readout without pixel binning New Delhi, 10 th  October, 2017 –  Sony, a worldwide leader in digital imaging and the world’s largest image sensor manufacturer today announced an addition to its acclaimed Cyber-shot® RX10 series, the  RX10 IV  (model DSC-RX10M4). Building o...
Post a Comment
Read More

Gionee Elife S Plus: Redefining smartphones

After a great successful launch of Elife series of smartphones. The company has come up with Gionee Elife S plus and that has got everyone speaking in the town. Unveiled in November 2015, this smartphone really comes with a power punch of amazing specifications and sharp new design. There are new additions to the features in this phone along with the top of the line features that every smartphones promises to offer. The fact that Gionee has been kind to people not just by the high quality smartphones but by keeping the prices on the bar is the reason why it has enjoyed a wide acclamation from the masses. The phone comes in three different colour codes that is White (Gives a really smooth and elegant look.), Blue (Gives a nice sharp and trendy look.), Gold (It is my favourite of all which is lustrous and leaves a lasting impression.) These three shades adds to the striking form. It has a sturdy metallic frame which gives it a clean and sharp look. The display screen is 5.5 inch ...
Post a Comment
Read More

Message anyone on Facebook

Hey Everyone today we are showing you how to send a message to anyone on facebook, even if he/she's not added in your friendlist. Of course,  you can click on the button "Message", but it will appear as "Message", not as Chat. First of all I'd like to give credits to - Le Boss ( here ). who shared this trick with us and we appreciate it. I- What we Need Facebook account For messaging Browser-Google Chrome or Mozzila firefox (works fine with both) II - How to Chat with Google Chrome So, that's basically very simple. 1 - Search someone you want to speak. The url would be something like this: Code: https://www.facebook.com/FacebookUsername I'll use that one : https://www.facebook.com/so.hotgirls 2 - Replace those "www" at the beginning by "graph". You will have something similar to this: 3 - You will take the value of "id" and "username". In that case the "id" is "179548569...
2 comments
Read More