Simulated cracking (was Re: [TriLUG] ethical hacking?)

[M. Mueller]

On Monday 27 May 2002 01:57 am, Greg Brown reputedly wrote:
> I've been reading about system security (one of my most favorite subjects
> here  on trilug) and I'm wondering if there should be some kind of ethical
> hacking group established.  The reason for this is some of us think we have
> a more or less secure system attached to TWC or DSL and it would be nice to
> know if there are any holes in our systems that allow access.
>
> I think it would be a good idea to come up with a common filename, such as
> trilug.readme (or whatever) containing a unique text string.  If someone on
> trilug hacks our system and e-mails back the text string we know we have a
> security hole - and the person that finds the hole MUST say how they were
> able to compromise the security of the system (so we can fix it).
>
> Does anyone else think this is a good idea?
>
> Greg

It piques my interest.

I understand "hacking" as the refined art of designing, implementing, 
testing, and maintaining computer systems and computer controlled systems.  
What you are suggesting - unauthorized, covert, access to computer systems - 
I understand to be "cracking".  Hacking is good.  Cracking is bad.

I dislike associating the word ethical with cracking.  It dilutes the meaning 
of "ethical".  I would call it cracking simulation.

There is value in simulated cracking attempts.  The US Armed Forces have had 
simulated terrorist attacks in the past which emabarrassed some high ranking 
brass.  In these exercises, the targets were told that they were targets.  I 
think the same rule of engagement should apply to parties participating in a 
simulated cracking exercise.

-- 
Mike Mueller
www.ss7box.com