Skip to main content

Why we need Hackers?


Life would be easier if we didn’t have to patch our operating systems and apps. Patrick Gray explores the real reasons why updating is important.
It would be easier if hackers, who say they’re acting in the public interest by releasing information on the vulnerabilities they find, would just get real jobs and stop pointing out the weaknesses in our software, right? Wrong.

As most who work in the IT security field will tell you, all the software that we use is shipped in a vulnerable state. The security holes are there from day one, and if the good guys don’t find the bugs, the bad guys will. The only way to defend an operating system or an application against a bug is to know of the existence of the bug in the first place.

Just 10 years ago, the bug-hunting community was a mish-mash of hackers, system administrators and programmers. Many were geeks seeking kudos for finding the latest "zero-day" or "fresh" vulnerability.


Since then, IT security has become a booming business and vulnerability information is worth its weight in gold. Scores, if not hundreds of full-time bug hunters now spend their days earning hefty salaries pulling apart software and looking for bugs — a weird sort of third-party quality assurance service for software companies.

They disclose their findings to the vendor, which releases a patch, then they release information about the bug to the wider community. But what are the ethics of security research? How much information should researchers release when they find a bug?

'You talk about why people crack things; I think the benefit is that it keeps the vendors in line, its holds them accountable,” says Rick Forno, the former chief security officer of Internic. 'And chances are if the good guys find something, the bad guys have known about it longer than the good guys.'

US-based Forno is currently studying for a PhD on vulnerability disclosure at Curtin University in Western Australia. In his role as Internic’s CSO, he was responsible for securing the Internet’s root domain name servers — the core directories responsible for matching domain names to IP addresses. In short, they’re important machines.

While Forno defends security researchers who disclose information on the vulnerabilities they uncover — even "proof of concept exploit code", the software researchers sometimes release, which allows all and sundry to use the vulnerability — he says there’s a right way to do it and a wrong way.

'Knowledge is neutral. How do you use it, to patch a system or exploit a system,?' he asks. 'There is a big movement now to restrict adverse information ... but where do you draw the line between where information is deemed to be adverse or helpful. Too often people err on the side of caution.”

In this feature, you’ll hear from the hackers themselves, who largely serve the public interest. Some have disclosed information that’s led to computer worms being unleashed by unscrupulous hackers. Others have written tools the bad guys use to penetrate networks. All say they’ve acted in the public interest.


Credit for this article goes to Patrick Gray
Labels:

Comments

Post a Comment

Leave ur Comment Please :)

Popular posts from this blog

Defenders of Internet Freedom

From Politicians and professors to computer scientists and the first programmer, take a look at the champions of open internet. Julian Assange    Editor-In-Cheif, Wikileaks Assange has directed the publication of secret documents on the afghan wars and Guantanamo Bay Prisoner files and US Cables and also disclosed many facts which were unknown to world. He defaced many big companies and reiceved many death threads and became a Bad person in the eyes of the world. Sir Tim Berners-Lee Inventor of the world wide web Tim is instrumental pushing open data at high level to governments around the world and is a campingner against two tier internet. He also strongly supported a group putting pressure on the US government over the proposed US PIPA Act, which aims to impose restrictions and censorship on the internet. Jimmy Wales Chairman, Wikipedia Jimmy Wales is the man behind wikipedia wales participated in an internet blackout, closing the site for a day, in protest against the pro
4 comments
Read More

What is Steganography

Steganography is the art and science of hiding messages. Steganography is often combined with cryptography so that even if the message is discovered it cannot be read. The word steganography is derived from the Greek words “steganos” and “graphein”, which mean “covered” and “writing.” Steganography, therefore, is covered writing. Historical stenganography involved techniques such as disappearing ink or microdots. Modern steganography involves hiding data in computer files. It is fairly easy to hide a secret message in a graphic file without obviously altering the visible appearance of that file. Steganography software OutGuess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources. The nature of the data source is irrelevant to the core of OutGuess. The program relies on data specific handlers that will extract redundant bits and write them back after modification. In this version the PNM and JP
1 comment
Read More

Windows Basic Security tutorial

Hey guys, I just wanted to quickly write a tutorial about some basic computer security. First, you have Windows 7 installed freshly with no current infections. A fresh install is best. Second, you are a moderate user of the internet. Basic Security Applications You are going to want a few applications to help you out along the way. First off, you will need two (2) anti-malware programs. This is to ensure that if one misses something, you have a second one to make sure. I personally use Microsoft Security Essentials (MSE) and Malwarebytes Anti-Malware (MBAM). Update these as often as they need to be. Run both of these every single day. Once a week minimum, but daily is far more advantageous. If you torrent, you will want PeerBlock . PeerBlock basically blocks your peers, especially RIAA, the govt, and other unsavory sorts from tracking who you are and what you're downloading. If you don't use PeerBlock, you can almost guarantee getting cau
1 comment
Read More