[mohani]

HI, TECH SUPPORT GUYS,

I wanted to ask you guys if ethical hacking is really legal,and how is it practised, i mean in which cases is it practised and can somebody get a job in an organisation as an ethical hacker?

[oksteve]

The tried and tested method is to hack something that is regarded as unhackable,get a job by the company who made the product you hacked to make that product unhackable again.
Ethical or not it has to earn money.
Then you have the ethics of money to deal with

[dvk01]

moved to security for discussion
In my opinion, there is no such thing as "Ethical Hacking"

there is "Authorised Hacking" or penetration testing where a tester is instructed by his/her company or organisation to test the security of the systems

What these so called ethical hackers do is attack anything in sight & allegedly keep any information found to themselves, rather than use it to attck the system and inform the company/website/goverment/ whatever of what happened

That is stilll illegal & wrong

They only say they were "ethical hackers" when they get caught

[mohani]

but Ethical hacking is being trained in some instiution which i think makes it legal,otherwise it shouldnt be taught!

[lotuseclat79]

Derek's opinion is just that - an opinion, and that in and of itself is insufficient to make it so other than in Derek's mind - good for Derek, but an opinion not particularly shared widely, just myopic.

If there were no such thing as ethical hacking then why would the NSA offer certification in ethical hacking techniques? See link below.

The difference between hacking and cracking is that hackers modify code to fit their own computing needs which do not include doing any kind of harm to others via computers, whereas cracking, is more related to the criminal elements that have now taken over the majority of nefarious activities related to stealing identities, money, and committing crimes against others via computers.

Ethical hacking refers to being a white hat hacker, i.e. usually a security researcher that is engaged in working for a company that has a security product to help prevent the black hat hackers from breaking the security of enterprises, and individuals. It is the old good vs evil game that pervades the Internet today.

In-between is the gray hacker whom might at times do some ethical hacking and at other times do something on the edge of barely legal vs illegal.

See: White hat.

-- Tom

[dvk01]

Several universities & companies offer courses in "ethical hacking" or call it ethical hacking because it sounds "sexy" or "Kool" . What it actually is & should be called is network security or penetration testing

There are only 2 types of hacking
Authorised or legal hacking & unauthorized or illegal hacking

Black, white & grey hats don't come in to it

While these misguided entities continue to give kool sounding names to the techniques in the hope of dragging more money in, they do a great disservice to the community at large

Too many miscreants call themselves "ethical hackers" when they get caught performing unauthorized hack attempts

Therte is no such thing as a white hat hacker

For example If I am employed to test security at company A and while testing their network accidentally hack into company B who are using another server with an IP number similar to A and I accidentally transpose the digits and get into company B, I am still guilty of an offense, even though I had no deliberate intention of hacking company B. I still performed an unauthorized intrusion into their system & the reason I did it doesn't matter. It is unauthorized and therefore illegal

[lotuseclat79]

Here is a link from a respected security website:
MalCon: A Call for ‘Ethical Malcoding’.

Quote:

Just like the concept of ‘ethical hacking’ has helped organizations to see that hackers are not all that bad, it is time to accept that ‘ethical malcoding’ is required to research, identify and mitigate newer malwares in a ‘proactive’ way.”

Derek, everything is not as black and white as you paint it or would like it - despite your working credentials.

-- Tom

[dvk01]

And that is another pile of nonsense

you can no more have ethical malcoding than you have ethical bank robbery or ethical car theft or ethical house breaking, they just don't exist

That is just another sign of giving in to crime & saying we need to understand why they do it instead of punishing them

I will say again calling it ethical is a red herring

there are only 2 forms of hacking

Authorized = Legal or Unauthorized = Illegal

[lotuseclat79]

Derek,

What you see as nonsense, appears to be very real.

Good luck with your myopic reality friend.

-- Tom

[pubtech]

call me "old school", but...............

> http://en.wikipedia.org/wiki/Hacker_..._subculture%29 <

"These hackers are disappointed by the mass media and mainstream public's usage of the word hacker to refer to security breakers, calling them "crackers" instead."

[lotuseclat79]

Certified Ethical Hacker Security Training Program.

Quote:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs, that are offered in over 60 countries through a training network of more than 450 training partners globally.

-- Tom

[lotuseclat79]

The terms hacker, hacking, and hack have a long history as can be found in the article entitled Cybercrime terminology and the evolution of language, but the most amusing version of it can be found at Hacker Central aka MIT here Hackers Plant Tardis Atop MIT Building.


Credit: BBCAmericanGirl on Flickr

The TARDIS at MIT

Quote:

For viewers not intimately familiar with MIT Culture, this is a "hack" (prank) for the start of the academic year at MIT. New student orientation begins this week. The MIT website has a gallery of hacks from over the years: hacks.mit.edu/ "The word hack at MIT usually refers to a clever, benign, and "ethical" prank or practical joke, which is both challenging for the perpetrators and amusing to the MIT community (and sometimes even the rest of the world!)."

Quote:

You can see a whole history of MIT hacks on the campus website.

The funniest IMHO was when MIT hacked a Harvard/Yale football game with an MIT balloon pumping itself near the 50 yd line (I wasn't able to find it in the archives, but they show it on the local TV stations here in the Boston area every now and then). Ah hah, I just found a reference to it (circa 1982): ZBT launches rocket at Harvard-Yale game, and its description in the next to last paragraph (as quoted) is:

Quote:

The last successful hack of a Harvard-Yale game took place in 1982. The members of Delta Kappa Epsilon fraternity set up a large weather balloon that rose from the turf near the 46-yard line during a break following a touchdown in the first quarter. The balloon, which had "MIT" written all over it, inflated to six feet in diameter before bursting.

-- Tom

[Ent]

Avoiding the argument that Crackers break in while Hackers are the likes of Stallman or Torvalds. What is to be said of what must be termed "Hackers" who Identify and report security holes in Operating Systems (normally Windows), Encryption Software, Web Browsers, etc. They aren't probing into their company IT suite under company orders, but nor are they breaking either the law or any sort of ethical boundary.

[lotuseclat79]

Quote:

Originally Posted by Ent

Avoiding the argument that Crackers break in while Hackers are the likes of Stallman or Torvalds. What is to be said of what must be termed "Hackers" who Identify and report security holes in Operating Systems (normally Windows), Encryption Software, Web Browsers, etc. They aren't probing into their company IT suite under company orders, but nor are they breaking either the law or any sort of ethical boundary.

Hi Ent,

They usually work for some company or research entity/university engaged in computer software/hardware security research.

-- Tom

[dvk01]

Quote:

Originally Posted by Ent

What is to be said of what must be termed "Hackers" who Identify and report security holes in Operating Systems (normally Windows), Encryption Software, Web Browsers, etc. They aren't probing into their company IT suite under company orders, but nor are they breaking either the law or any sort of ethical boundary.

But they are breaking the law so in no terminology can they be called ethical

I repeat again, there are only 2 types of hacking
1. AUTHORIZED
2 UNAUTHORIZED

there is no grey area or allowances for research or testing or accidentally doing it ( in the vast majority of countries in the world)

What you do on your own computer to test software, including reverse enginerring it or trying to find faults with it might be against a EULA which prohibits such actions but that generally is a civil offence & breach of contract between you & the software vendor where he can take civil action against you. Most won't if you telll them about the faults discovered. But some will

The moment you start to attack or attempt to penetrate or find faults with a remote computer or server or network, it becomes a serious criminal offence, unless you are doing it with the approval & instructions of the network, computer or systems owner

The defence of I am doing it as an "ethical" hacker to find faults & help, protect people does not apply

Using the term "ethical Hacker" on a course or certificate is just wrong & has encouraged lots of extra attacks against systems

The techniques & tools used by an Authorized or Unauthorized hacker are exactly the same & I have no problem, with courses teaching network enginers or security personel in their use so they can defend against them or tighten their systems but to call it "ethical Hacking " is wrong