Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1
    Gwinx
    Gwinx is offline
    Guest
    Join Date
    2011 Jun
    Posts
    2
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Are hacks a good thing or bad thing?

    In who's opinion hacks are good or bad?
    To me hacks helps everyone in a bad and good way.

    Read this article from Esecurityplanet and tell me what you think:
    Ethical hacking sounds like a pretty straightforward process: You hire somebody to break into your network or application or Web servers, and report what they find. But this simple description, which does adequately explain the basic principal, masks a process that requires a great deal more thought.

    Unless you first know what it is you are looking for and why you are hiring an outside vendor to hack your systems in the first place, chances are you won't get much out of the experience, said Arian Evan, a senior security engineer at FishNet Security. Sure, you will find out your network needs to be patched or there are X number of security holes, but if that information is not relatable back to the business in some form, it's pretty much useless.

    "If you just want numbers, any of us can run a scan and give you results," agreed Paul Klahn, FishNet's director of assessment services.

    Beyond the Numbers

    To get the most from a test, putting results into a business context is imperative, said Klahn. Which holes are truly a security threat? How deep into the network can a hacker get via one of these holes? Which should be patched first?

    * Email Article
    * Print Article
    * Comment on this article
    * Share Articles
    o Digg
    o del.icio.us
    o Newsvine
    o Facebook
    o Google
    o LinkedIn
    o MySpace
    o Reddit
    o Slashdot
    o StumbleUpon
    o Technorati
    o Twitter
    o Windows Live
    o YahooBuzz
    o FriendFeed

    Security holes can even be a necessary part of your infrastructure, allowing you to do business with partners, for example, so closing them up for security reasons may cause more headaches than the vulnerability. Your contractor should be able to appreciate this nuance.

    Invariably, threats will be found, said Albert Decker, executive director of EDS's Security and Privacy services, and a former ethical hacker with 25 years in the business and a 99% success rate at getting around corporate security.

    "It became roughly the equivalent of 'Can you throw this brick through a window?' and the answer is, invariably, unless you miss the window, it will break the glass," Decker said, commenting on his days as a hacker.

    Because not much has changed since Decker was actually scanning code, the firm you hire should be able to provide you with a threat assessment and articulate remedies that take into account business needs. And, even then, the hack should be part of a larger security audit that looks at known vulnerabilities while comparing your IT governance policies and procedures against industry best practices.

    Snapshot

    The reason for this, said Jim Goddard, an ethical hacker at IBM, is simple: If you just hire a hack and do nothing else, on the day it's complete, you are no more secure than the day before the hack began. This is because hacking provides just a snapshot of your overall security. Yes, it can provide confirmation your security is good or expose unknown threats, but it can't tell you what those threats will be tomorrow. One configuration change and much of the hacker's work can be negated, agreed Decker.

    "The use of hackers is essentially a point-in-time test for a continuous problem," said Decker. "It's only giving you one very narrow slice of your environment which could change, literally, the second after the test is completed."

    There are four basic kinds of hacks you can have done, said Goddard:

    # IP Hack: You hire someone to hack a specific IP address, giving them little or no information beforehand (Be careful if the IP address is an overseas server. You don't want hackers hacking the wrong IP address, like a foreign government's computers, causing an international incident.);

    # Application Hack: A much more sophisticated hack that can delve deep into databases and down production servers. Only experienced hackers, with strict guidelines governing their actions, should be allowed to perform such tests. Never hire a "reformed" black-hat hacker for this type of test;

    # Physical Infrastructure Hack: This is where people try to get into your facilities to access your systems or go dumpster diving looking for confidential information such as passwords discarded on sticky notes; and

    # Wireless Hack: War-driving is the new term to describe this type of attack where wireless access points are exploited from the back of a van. Ethical hackers do the same thing, but report their findings back to you instead of stealing your passwords. Have them check out your teleworkers as well to see if home offices are a source of entry to your network.

    For any of these tests, a reputable firm with clearly defined methodologies should be hired, cautioned Goddard. If a company can't tell you exactly how it conducts its business, move on. And never hire former hackers to do the work on the cheap. They may not be as reformed as they say and could leave back doors behind or worse, he said.

    Scope & Limits

    Once a vendor is selected (never use the RFP process for this type of work, cautions Evans, interview prospective companies), it is very important to outline and define the scope of the project -- you don't want the hacker deciding where to start and stop an attack. Delegate a point person with decision-making authority the hackers can contact day or night if problems arises and authority to continue is required.

    But, perhaps most importantly, know what you are looking to get from the experience. Too often, said Decker, companies conduct these tests and feel they are secure. This is not the case. Ethical hacking is just another tool, not a panacea. If viewed as such, it will fall into its proper place alongside other security tools. If not, it can leave you far more exposed through either false feelings of security or outright damage to your systems.

    "There's many, many different things we can do on a network that fall in or around 'ethical' hacking," said FishNet's Evans, " ... but, without that business case, its very hard to help the client make decisions about what technology services and perspectives they need."
    Last edited by Gwinx; 2011-06-30 at 12:43 AM.

  2. #2
    Datatraveler
    Datatraveler is offline
    New member
    Join Date
    2011 Jul
    Location
    Malaysia
    Posts
    19
    Thanks
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    0
    ofcoz it is bad...

  3. #3
    CriticalError
    CriticalError is offline
    Senior Member CriticalError's Avatar
    Join Date
    2011 Jun
    Posts
    204
    Thanks
    21
    Thanked 44 Times in 27 Posts
    Rep Power
    0
    really bad, the hacks destroy servers, like DDOS Attackers,etc so for me disapointed with that.

  4. #4
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,221
    Thanks
    211
    Thanked 2,224 Times in 289 Posts
    Rep Power
    10
    Quote Originally Posted by CriticalError View Post
    really bad, the hacks destroy servers
    Agreed. Someone may find ddos funny thing, but when these "someone" have own servers with own sites and services and another "someone" destroy you business.... they will change their mind.

    Also don't forget that the word "hack" has different meanings:
    • Computer security hackers - someone who focuses on security mechanisms of computer and network systems
    • Programmer subculture - person who follows a spirit of playful cleverness and loves programming. It is found in an originally academic movement unrelated to computer security and most visibly associated with free software and open source. It also has a hacker ethic, based on the idea that writing software and sharing the result on a voluntary basis is a good idea, and that information should be free, but that it's not up to the hacker to make it free by breaking into private computer systems.

    Often "hacker" relate to "black hat" people. This primarily concerns unauthorized remote computer break-ins via a communication networks such as the Internet

    We're programming lover, we love to analyze codes and write programs and not destroying servers and nets
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  5. #5
    insure3d
    insure3d is offline
    Guest
    Join Date
    2011 Jul
    Posts
    1
    Thanks
    13
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    really baddd

  6. #6
    chutzpah
    chutzpah is offline
    Guest
    Join Date
    2011 Sep
    Posts
    1
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I dont think so it is bad, at least it helps in making software more secure.

    ---------- Post added at 05:16 PM ---------- Previous post was at 05:14 PM ----------

    I dont think it is bad. at least it helps in raising the bar of comp security.

  7. #7
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,221
    Thanks
    211
    Thanked 2,224 Times in 289 Posts
    Rep Power
    10
    Quote Originally Posted by chutzpah View Post
    in making software more secure
    Exactly. From one hand, people who analyze games always increase their experience. From another, game devs improve their code
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  8. #8
    skittles
    skittles is offline
    Guest
    Join Date
    2011 Oct
    Posts
    3
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    in my own opinion I think hacking is not a bad thing to do. It seems like your pointing out the weakness of a site/game or anything can be hacked.

  9. #9
    Grooguz
    Grooguz is offline
    BanHammer Holder
    Grooguz's Avatar
    Join Date
    2010 May
    Posts
    678
    Thanks
    152
    Thanked 537 Times in 167 Posts
    Rep Power
    8
    Quote Originally Posted by skittles View Post
    I think hacking is not a bad thing to do
    If you are talking about black hacking, without doubt it's a bad thing, because people lose information etc. E.g., try to imagine, when you come back home, you will find your apartment robbed.... it will not make you happy.

  10. #10
    skittles
    skittles is offline
    Guest
    Join Date
    2011 Oct
    Posts
    3
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    was talking bout ethical hacking.

Page 1 of 3 123 LastLast
Visitors found this page by searching for:

Do you think hiring former hackers to enhance security is a good idea or a bad idea Why

Do you think hiring former hackers to enhance security is a good idea or a bad idea

how can a hacker be a good it professional

powered by vBulletin general computer securityhiring former hackers enhance securityhiring former hackers to enhance securityis a hiring formers hackers is bad to enhance security is breaking computer security good or badhiring hacker to enhance security is gooddo you think hiring former hackers to enhance security is a good ideaHiring former hacker is a good or bad thingpowered by vBulletin computer systemspowered by vBulletin computer physical security auditpowered by myBB computer security audithacks for goodpowered by myBB computer networks securitydo you think hiring former hackers to enhance security is a good idea or bad powered by myBB computer security system 20powered by myBB computer security reportpowered by myBB federal government computer security programhiring former hackers to enhance security is a good or bad ideapowered by vBulletin network security policypowered by vBulletin security auditingdo you thinkhiring former hackers to enhance security is a good idea or bad ideapowered by myBB definition of information and communication technology

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •