- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
J0hnny is a hacker. As a high school kid holding down a job flipping burgers, he would spend nights exploring networks and systems that didn't belong to him. Today, while employed in IT security at Computer Sciences Corp., he hacks the networks of government agencies and commercial organizations. His Web site shows visitors how they can gain passwords and logon pages for various services - all found by searching on Google.
j0hnny is actively involved in the underground hacker community and has spoken at many "black hat hacker" conferences, where hackers meet to talk about ways to exploit security vulnerabilities. He gets paid to do all this because j0hnny (aka Johnny Long) is one of a growing band of ethical hackers. "I'm able to portray an image of a hacker," says Long, whose title at CSC is security expert and ethical hacker. "My Web site looks like a hacker's site and that is my calling card." Although at first glance his Web site appears to be a hacker's domain, it serves to educate visitors about security vulnerabilities.
Many security experts advise organizations to hire ethical hackers - aka white hat hackers - as consultants to carry out penetration testing of their networks. But how should organizations go about hiring an ethical hacker? Should you hire a security consultant from a large IT organization or go to a dedicated security boutique? Or should you consider hiring a reformed black hat who has the advantage of having been there and done that and who would know the black hat's mind-set? And what's the risk of an ethical hacker turning bad and stealing your company data?
If you know where to look, you can find thousands of tools that exploit specific vulnerabilities; the difference is the way in which the tools are used, says ethical hacker Shon Harris, president of Logical Security and a former engineer in the Information Warfare unit of the Air Force. "The bad guys use the tools to find vulnerabilities to exploit. The good guys find vulnerabilities to plug," she says.
Ethical hackers say organizations should carry out the same due diligence when hiring white hats as they would when filling any other position. You can use ethical hacker certifications to weed out candidates, but such certification programs don't teach life experiences, says Pieter "Mudge" Zatko, a hacker and a division scientist at BBN Technologies who researches ways to protect Department of Defense data. "Certification courses teach you about buffer overflows and Microsoft hacking tools - stuff that's already well known and rudimentary and then you get a hacker title. It doesn't mean you have a strong grasp of security," he adds.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comments (4)
please helpppBy Anonymous on July 25, 2008, 6:18 pmCan you hack into Mike Day's computer. He lives in detroit Michigan. Delete all pictures out f his system.His email is slimluva00@aol.com
Reply | Read entire comment
schoolBy Anonymous on July 16, 2008, 12:26 pmi need your help tell me how hide the tabs at the top out of veiw
Reply | Read entire comment
find me and ill hire you....By Anonymous on April 16, 2008, 10:25 amfind me and ill hire you...
Reply | Read entire comment
Hackers for hireBy Anonymous on February 27, 2007, 9:53 ami think that he is a trouble child who may be looking for trouble.
Reply | Read entire comment
View all comments