Simulated cracking (was Re: [TriLUG] ethical hacking?)
M. Mueller
mmueller at ss7box.com
Mon May 27 10:12:33 EDT 2002
On Monday 27 May 2002 01:57 am, Greg Brown reputedly wrote:
> I've been reading about system security (one of my most favorite subjects
> here on trilug) and I'm wondering if there should be some kind of ethical
> hacking group established. The reason for this is some of us think we have
> a more or less secure system attached to TWC or DSL and it would be nice to
> know if there are any holes in our systems that allow access.
>
> I think it would be a good idea to come up with a common filename, such as
> trilug.readme (or whatever) containing a unique text string. If someone on
> trilug hacks our system and e-mails back the text string we know we have a
> security hole - and the person that finds the hole MUST say how they were
> able to compromise the security of the system (so we can fix it).
>
> Does anyone else think this is a good idea?
>
> Greg
It piques my interest.
I understand "hacking" as the refined art of designing, implementing,
testing, and maintaining computer systems and computer controlled systems.
What you are suggesting - unauthorized, covert, access to computer systems -
I understand to be "cracking". Hacking is good. Cracking is bad.
I dislike associating the word ethical with cracking. It dilutes the meaning
of "ethical". I would call it cracking simulation.
There is value in simulated cracking attempts. The US Armed Forces have had
simulated terrorist attacks in the past which emabarrassed some high ranking
brass. In these exercises, the targets were told that they were targets. I
think the same rule of engagement should apply to parties participating in a
simulated cracking exercise.
--
Mike Mueller
www.ss7box.com
More information about the TriLUG
mailing list