One of my friends likes to introduce himself to new people by saying, "My name is __, and I'm a hacker!" Although many people initially give him a wary look, he uses this introduction to help people understand what he does and how his role in "hacking" helps improve security.
When most people think of hackers, they think of the "black hat" hackers that gain unauthorized access to information in order to sell it, expose it, or even delete it. These hackers can be individuals, criminal organizations, or even state-sponsored groups.
However, there are a second group of hackers. These "white hat" hackers can be freelancers or employed by corporations or security companies. They test websites and networks just like the black hat hackers, but when they find a vulnerability, they report it in a responsible manner instead of exploiting it for gain. Their goal is to get into systems so that companies can patch their systems before the black hats can get in. By doing this, they improve security for everyone.
Many companies have recognized the benefit that the white hats provide, and they encourage anyone to test their systems by offering "bug bounties". These are usually cash amounts offered in exchange for responsible handling of known vulnerabilities. (The amount offered varies greatly by company and is usually based on how severe the vulnerability is.) In order to earn the money, you must agree to not disclose the bug until after the company has been able to issue a patch.
However, not all companies are friendly to white hats. One security researcher warned an electronic billboard company that the security on their billboards was easy to get around. Instead of being greeted with thanks, he was contacted with threats of legal action. The company did nothing about its security until someone hacked it and added pornographic images to its display queue.
While this tip may not be something that will improve your computer use, I feel that it is important to understand the role that the white hats play in improving security. Just because someone "hacked" a computer system does not mean they were necessarily doing it with malicious intent. Many companies employ people whose sole job is to hack their products to make them better, and many more encourage the public to test their systems through the use of bug bounties.
Unfortunately, many companies do not understand this role and threaten the good guys with legal action. Even worse, when the media catches wind of the occasional story, they often make no distinction between the white and black hats. In order to make sense of these stories, you must be able to cut through the hype and understand the motivations of the person involved.
No comments:
Post a Comment