Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

General Security General Security
Search Search
Search for:
Tech Support Guy > > >

Ethical hacking


(!)

mohani's Avatar
mohani mohani is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2010
Location: kenya,Garissa
Experience: Intermediate
25-Aug-2010, 03:14 AM #1
Ethical hacking
HI, TECH SUPPORT GUYS,

I wanted to ask you guys if ethical hacking is really legal,and how is it practised, i mean in which cases is it practised and can somebody get a job in an organisation as an ethical hacker?
oksteve's Avatar
oksteve oksteve is offline
Member with 938 posts.
 
Join Date: Sep 2008
Location: 51.5528,-0.0063
Experience: Super Dooper Advanced
25-Aug-2010, 04:07 AM #2
The tried and tested method is to hack something that is regarded as unhackable,get a job by the company who made the product you hacked to make that product unhackable again.
Ethical or not it has to earn money.
Then you have the ethics of money to deal with
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,296 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
25-Aug-2010, 04:22 AM #3
moved to security for discussion
In my opinion, there is no such thing as "Ethical Hacking"

there is "Authorised Hacking" or penetration testing where a tester is instructed by his/her company or organisation to test the security of the systems

What these so called ethical hackers do is attack anything in sight & allegedly keep any information found to themselves, rather than use it to attck the system and inform the company/website/goverment/ whatever of what happened

That is stilll illegal & wrong

They only say they were "ethical hackers" when they get caught
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
mohani's Avatar
mohani mohani is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2010
Location: kenya,Garissa
Experience: Intermediate
25-Aug-2010, 04:39 AM #4
but Ethical hacking is being trained in some instiution which i think makes it legal,otherwise it shouldnt be taught!
lotuseclat79's Avatar
Member with 20,583 posts.
 
Join Date: Sep 2003
Location: -71.45091, 42.27841
25-Aug-2010, 10:10 AM #5
Derek's opinion is just that - an opinion, and that in and of itself is insufficient to make it so other than in Derek's mind - good for Derek, but an opinion not particularly shared widely, just myopic.

If there were no such thing as ethical hacking then why would the NSA offer certification in ethical hacking techniques? See link below.

The difference between hacking and cracking is that hackers modify code to fit their own computing needs which do not include doing any kind of harm to others via computers, whereas cracking, is more related to the criminal elements that have now taken over the majority of nefarious activities related to stealing identities, money, and committing crimes against others via computers.

Ethical hacking refers to being a white hat hacker, i.e. usually a security researcher that is engaged in working for a company that has a security product to help prevent the black hat hackers from breaking the security of enterprises, and individuals. It is the old good vs evil game that pervades the Internet today.

In-between is the gray hacker whom might at times do some ethical hacking and at other times do something on the edge of barely legal vs illegal.

See: White hat.

-- Tom
__________________
The independence created by philosophical insight is - in my opinion - the mark of distinction
between a mere artisan or specialist and a real seeker after truth. - Einstein 1944
Imagination is more important than knowledge. - Einstein

Last edited by lotuseclat79; 25-Aug-2010 at 10:18 AM..
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,296 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
25-Aug-2010, 10:42 AM #6
Several universities & companies offer courses in "ethical hacking" or call it ethical hacking because it sounds "sexy" or "Kool" . What it actually is & should be called is network security or penetration testing

There are only 2 types of hacking
Authorised or legal hacking & unauthorized or illegal hacking

Black, white & grey hats don't come in to it

While these misguided entities continue to give kool sounding names to the techniques in the hope of dragging more money in, they do a great disservice to the community at large

Too many miscreants call themselves "ethical hackers" when they get caught performing unauthorized hack attempts

Therte is no such thing as a white hat hacker

For example If I am employed to test security at company A and while testing their network accidentally hack into company B who are using another server with an IP number similar to A and I accidentally transpose the digits and get into company B, I am still guilty of an offense, even though I had no deliberate intention of hacking company B. I still performed an unauthorized intrusion into their system & the reason I did it doesn't matter. It is unauthorized and therefore illegal
lotuseclat79's Avatar
Member with 20,583 posts.
 
Join Date: Sep 2003
Location: -71.45091, 42.27841
25-Aug-2010, 11:29 AM #7
Here is a link from a respected security website:
MalCon: A Call for ‘Ethical Malcoding’.

Quote:
Just like the concept of ‘ethical hacking’ has helped organizations to see that hackers are not all that bad, it is time to accept that ‘ethical malcoding’ is required to research, identify and mitigate newer malwares in a ‘proactive’ way.”
Derek, everything is not as black and white as you paint it or would like it - despite your working credentials.

-- Tom
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,296 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
25-Aug-2010, 12:05 PM #8
And that is another pile of nonsense

you can no more have ethical malcoding than you have ethical bank robbery or ethical car theft or ethical house breaking, they just don't exist

That is just another sign of giving in to crime & saying we need to understand why they do it instead of punishing them

I will say again calling it ethical is a red herring

there are only 2 forms of hacking

Authorized = Legal or Unauthorized = Illegal
lotuseclat79's Avatar
Member with 20,583 posts.
 
Join Date: Sep 2003
Location: -71.45091, 42.27841
25-Aug-2010, 12:36 PM #9
Derek,

What you see as nonsense, appears to be very real.

Good luck with your myopic reality friend.

-- Tom
pubtech's Avatar
pubtech pubtech is offline
Computer Specs
Member with 368 posts.
 
Join Date: Aug 2010
Location: AUS
Experience: Advanced in Years
25-Aug-2010, 12:39 PM #10
call me "old school", but...............

> http://en.wikipedia.org/wiki/Hacker_..._subculture%29 <

"These hackers are disappointed by the mass media and mainstream public's usage of the word hacker to refer to security breakers, calling them "crackers" instead."
lotuseclat79's Avatar
Member with 20,583 posts.
 
Join Date: Sep 2003
Location: -71.45091, 42.27841
27-Aug-2010, 12:06 PM #11
Certified Ethical Hacker Security Training Program.

Quote:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs, that are offered in over 60 countries through a training network of more than 450 training partners globally.
-- Tom
lotuseclat79's Avatar
Member with 20,583 posts.
 
Join Date: Sep 2003
Location: -71.45091, 42.27841
27-Aug-2010, 12:53 PM #12
The terms hacker, hacking, and hack have a long history as can be found in the article entitled Cybercrime terminology and the evolution of language, but the most amusing version of it can be found at Hacker Central aka MIT here Hackers Plant Tardis Atop MIT Building.


Credit: BBCAmericanGirl on Flickr

The TARDIS at MIT

Quote:
For viewers not intimately familiar with MIT Culture, this is a "hack" (prank) for the start of the academic year at MIT. New student orientation begins this week. The MIT website has a gallery of hacks from over the years: hacks.mit.edu/ "The word hack at MIT usually refers to a clever, benign, and "ethical" prank or practical joke, which is both challenging for the perpetrators and amusing to the MIT community (and sometimes even the rest of the world!)."
Quote:
You can see a whole history of MIT hacks on the campus website.
The funniest IMHO was when MIT hacked a Harvard/Yale football game with an MIT balloon pumping itself near the 50 yd line (I wasn't able to find it in the archives, but they show it on the local TV stations here in the Boston area every now and then). Ah hah, I just found a reference to it (circa 1982): ZBT launches rocket at Harvard-Yale game, and its description in the next to last paragraph (as quoted) is:
Quote:
The last successful hack of a Harvard-Yale game took place in 1982. The members of Delta Kappa Epsilon fraternity set up a large weather balloon that rose from the turf near the 46-yard line during a break following a touchdown in the first quarter. The balloon, which had "MIT" written all over it, inflated to six feet in diameter before bursting.
-- Tom

Last edited by lotuseclat79; 27-Aug-2010 at 01:06 PM..
Ent's Avatar
Ent   (Josiah) Ent is offline Ent is a Trusted Advisor with special permissions.
Computer Specs
Trusted Advisor with 5,233 posts.
 
Join Date: Apr 2009
Location: United Kingdom
Experience: Intermediate
27-Aug-2010, 04:43 PM #13
Avoiding the argument that Crackers break in while Hackers are the likes of Stallman or Torvalds. What is to be said of what must be termed "Hackers" who Identify and report security holes in Operating Systems (normally Windows), Encryption Software, Web Browsers, etc. They aren't probing into their company IT suite under company orders, but nor are they breaking either the law or any sort of ethical boundary.
lotuseclat79's Avatar
Member with 20,583 posts.
 
Join Date: Sep 2003
Location: -71.45091, 42.27841
28-Aug-2010, 04:45 PM #14
Quote:
Originally Posted by Ent View Post
Avoiding the argument that Crackers break in while Hackers are the likes of Stallman or Torvalds. What is to be said of what must be termed "Hackers" who Identify and report security holes in Operating Systems (normally Windows), Encryption Software, Web Browsers, etc. They aren't probing into their company IT suite under company orders, but nor are they breaking either the law or any sort of ethical boundary.
Hi Ent,

They usually work for some company or research entity/university engaged in computer software/hardware security research.

-- Tom
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,296 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-Aug-2010, 03:09 AM #15
Quote:
Originally Posted by Ent View Post
What is to be said of what must be termed "Hackers" who Identify and report security holes in Operating Systems (normally Windows), Encryption Software, Web Browsers, etc. They aren't probing into their company IT suite under company orders, but nor are they breaking either the law or any sort of ethical boundary.
But they are breaking the law so in no terminology can they be called ethical

I repeat again, there are only 2 types of hacking
1. AUTHORIZED
2 UNAUTHORIZED

there is no grey area or allowances for research or testing or accidentally doing it ( in the vast majority of countries in the world)

What you do on your own computer to test software, including reverse enginerring it or trying to find faults with it might be against a EULA which prohibits such actions but that generally is a civil offence & breach of contract between you & the software vendor where he can take civil action against you. Most won't if you telll them about the faults discovered. But some will

The moment you start to attack or attempt to penetrate or find faults with a remote computer or server or network, it becomes a serious criminal offence, unless you are doing it with the approval & instructions of the network, computer or systems owner

The defence of I am doing it as an "ethical" hacker to find faults & help, protect people does not apply

Using the term "ethical Hacker" on a course or certificate is just wrong & has encouraged lots of extra attacks against systems

The techniques & tools used by an Authorized or Unauthorized hacker are exactly the same & I have no problem, with courses teaching network enginers or security personel in their use so they can defend against them or tighten their systems but to call it "ethical Hacking " is wrong
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Email spoof or hack...please help! phixgrrrl Virus & Other Malware Removal 12 20-Apr-2010 11:26 PM
Computer Hacked by a trojan or some other User billyboy90210 Virus & Other Malware Removal 0 23-Apr-2009 12:28 AM
Solved: Mysterious iPhone capability of hacking WiFi? trevorma91 Networking 3 17-Feb-2009 03:16 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑