1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Ethical hacking

Discussion in 'General Security' started by mohani, Aug 25, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. mohani

    mohani Thread Starter

    Joined:
    Jul 31, 2010
    Messages:
    15
    HI, TECH SUPPORT GUYS,

    I wanted to ask you guys if ethical hacking is really legal,and how is it practised, i mean in which cases is it practised and can somebody get a job in an organisation as an ethical hacker?
     
  2. oksteve

    oksteve

    Joined:
    Sep 14, 2008
    Messages:
    938
    The tried and tested method is to hack something that is regarded as unhackable,get a job by the company who made the product you hacked to make that product unhackable again.
    Ethical or not it has to earn money.
    Then you have the ethics of money to deal with :)
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    moved to security for discussion
    In my opinion, there is no such thing as "Ethical Hacking"

    there is "Authorised Hacking" or penetration testing where a tester is instructed by his/her company or organisation to test the security of the systems

    What these so called ethical hackers do is attack anything in sight & allegedly keep any information found to themselves, rather than use it to attck the system and inform the company/website/goverment/ whatever of what happened

    That is stilll illegal & wrong

    They only say they were "ethical hackers" when they get caught
     
  4. mohani

    mohani Thread Starter

    Joined:
    Jul 31, 2010
    Messages:
    15
    but Ethical hacking is being trained in some instiution which i think makes it legal,otherwise it shouldnt be taught!
     
  5. lotuseclat79

    lotuseclat79

    Joined:
    Sep 12, 2003
    Messages:
    20,583
    Derek's opinion is just that - an opinion, and that in and of itself is insufficient to make it so other than in Derek's mind - good for Derek, but an opinion not particularly shared widely, just myopic.

    If there were no such thing as ethical hacking then why would the NSA offer certification in ethical hacking techniques? See link below.

    The difference between hacking and cracking is that hackers modify code to fit their own computing needs which do not include doing any kind of harm to others via computers, whereas cracking, is more related to the criminal elements that have now taken over the majority of nefarious activities related to stealing identities, money, and committing crimes against others via computers.

    Ethical hacking refers to being a white hat hacker, i.e. usually a security researcher that is engaged in working for a company that has a security product to help prevent the black hat hackers from breaking the security of enterprises, and individuals. It is the old good vs evil game that pervades the Internet today.

    In-between is the gray hacker whom might at times do some ethical hacking and at other times do something on the edge of barely legal vs illegal.

    See: White hat.

    -- Tom
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    Several universities & companies offer courses in "ethical hacking" or call it ethical hacking because it sounds "sexy" or "Kool" . What it actually is & should be called is network security or penetration testing

    There are only 2 types of hacking
    Authorised or legal hacking & unauthorized or illegal hacking

    Black, white & grey hats don't come in to it

    While these misguided entities continue to give kool sounding names to the techniques in the hope of dragging more money in, they do a great disservice to the community at large

    Too many miscreants call themselves "ethical hackers" when they get caught performing unauthorized hack attempts

    Therte is no such thing as a white hat hacker

    For example If I am employed to test security at company A and while testing their network accidentally hack into company B who are using another server with an IP number similar to A and I accidentally transpose the digits and get into company B, I am still guilty of an offense, even though I had no deliberate intention of hacking company B. I still performed an unauthorized intrusion into their system & the reason I did it doesn't matter. It is unauthorized and therefore illegal
     
  7. lotuseclat79

    lotuseclat79

    Joined:
    Sep 12, 2003
    Messages:
    20,583
    Here is a link from a respected security website:
    MalCon: A Call for ‘Ethical Malcoding’.

    Derek, everything is not as black and white as you paint it or would like it - despite your working credentials.

    -- Tom
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    And that is another pile of nonsense

    you can no more have ethical malcoding than you have ethical bank robbery or ethical car theft or ethical house breaking, they just don't exist

    That is just another sign of giving in to crime & saying we need to understand why they do it instead of punishing them

    I will say again calling it ethical is a red herring

    there are only 2 forms of hacking

    Authorized = Legal or Unauthorized = Illegal
     
  9. lotuseclat79

    lotuseclat79

    Joined:
    Sep 12, 2003
    Messages:
    20,583
    Derek,

    What you see as nonsense, appears to be very real.

    Good luck with your myopic reality friend.

    -- Tom
     
  10. pubtech

    pubtech

    Joined:
    Aug 24, 2010
    Messages:
    368
  11. lotuseclat79

    lotuseclat79

    Joined:
    Sep 12, 2003
    Messages:
    20,583
    Certified Ethical Hacker Security Training Program.

    -- Tom
     
  12. lotuseclat79

    lotuseclat79

    Joined:
    Sep 12, 2003
    Messages:
    20,583
    The terms hacker, hacking, and hack have a long history as can be found in the article entitled Cybercrime terminology and the evolution of language, but the most amusing version of it can be found at Hacker Central aka MIT here Hackers Plant Tardis Atop MIT Building.

    [​IMG]
    Credit: BBCAmericanGirl on Flickr

    The TARDIS at MIT

    The funniest IMHO was when MIT hacked a Harvard/Yale football game with an MIT balloon pumping itself near the 50 yd line (I wasn't able to find it in the archives, but they show it on the local TV stations here in the Boston area every now and then). Ah hah, I just found a reference to it (circa 1982): ZBT launches rocket at Harvard-Yale game, and its description in the next to last paragraph (as quoted) is:
    -- Tom :)
     
  13. Ent

    Ent Josiah Trusted Advisor

    Joined:
    Apr 11, 2009
    Messages:
    5,407
    Avoiding the argument that Crackers break in while Hackers are the likes of Stallman or Torvalds. What is to be said of what must be termed "Hackers" who Identify and report security holes in Operating Systems (normally Windows), Encryption Software, Web Browsers, etc. They aren't probing into their company IT suite under company orders, but nor are they breaking either the law or any sort of ethical boundary.
     
  14. lotuseclat79

    lotuseclat79

    Joined:
    Sep 12, 2003
    Messages:
    20,583
    Hi Ent,

    They usually work for some company or research entity/university engaged in computer software/hardware security research.

    -- Tom
     
  15. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    But they are breaking the law so in no terminology can they be called ethical

    I repeat again, there are only 2 types of hacking
    1. AUTHORIZED
    2 UNAUTHORIZED

    there is no grey area or allowances for research or testing or accidentally doing it ( in the vast majority of countries in the world)

    What you do on your own computer to test software, including reverse enginerring it or trying to find faults with it might be against a EULA which prohibits such actions but that generally is a civil offence & breach of contract between you & the software vendor where he can take civil action against you. Most won't if you telll them about the faults discovered. But some will

    The moment you start to attack or attempt to penetrate or find faults with a remote computer or server or network, it becomes a serious criminal offence, unless you are doing it with the approval & instructions of the network, computer or systems owner

    The defence of I am doing it as an "ethical" hacker to find faults & help, protect people does not apply

    Using the term "ethical Hacker" on a course or certificate is just wrong & has encouraged lots of extra attacks against systems

    The techniques & tools used by an Authorized or Unauthorized hacker are exactly the same & I have no problem, with courses teaching network enginers or security personel in their use so they can defend against them or tighten their systems but to call it "ethical Hacking " is wrong
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/945552