From: InfoSec News (alertsinfosecnews.org)
Date: Mon Mar 26 2007 - 01:32:02 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.infoworld.com/article/07/03/24/HNshmoocon_whitehats_1.html

By Matt Hines
March 24, 2007

WASHINGTON -- White hat hackers unite!

The Hacker Foundation, a nonprofit organization of ethical security
researchers, is trying to extend its reach and encourage more people to
join its ranks to help further codify the United States hacking
community.

Many people working on important security research programs need
financial help to allow them to pay their bills and maintain their
efforts to improve IT systems defenses, Hacker Foundation leaders
explain. In addition to giving seed money and grants to researchers, the
group also raises funds for any legal defense fees incurred by white
hats as they bend rules to help test the concepts they build.

By fostering a closer relationship within the white hat hacking
population and bringing people together to raise funds and organize new
channels for research, the growing community of individuals who engage
in ethical hacking can form a more unified front to the outside world
and back new projects that keep vital research moving forward, founders
of the effort said in their presentation at the ShmooCon convention on
March 24.

Founded in 2002, the Hacker Foundation primarily serves as a source of
funds for financially challenged security researchers, but the group is
hoping to begin opening facilities across the country where people can
carry out their experiments and find other hackers with whom to share
their work.

Hackers tend to be a solitary crowd or come together in small,
tightly-knit groups, but there is much to gain by collecting input and
funding from people across the U.S. white hat industry, said Nick Farr,
treasurer and co-founder of the Hacker Foundation.

"We're trying to create a base of expertise within the community to give
independent researchers access to things they normally wouldn't have
access to," Farr said. "Many security researchers are doing work out of
the goodness of their hearts. It would be great if we could get
resources to allow to them to do their work full time and pay their
bills; that's one of the big things we started the foundation for."

For instance, the Hacker Foundation has already set up a fund and is
providing resources to the Metasploit Project, an open source computer
security effort that aims to provide information to people who perform
penetration testing, intrusion detection signature development, and
exploit research.

Led by researcher H.D. Moore, among others, Metasploit has already made
a name for itself by publishing details of a number of serious flaws in
high-profile software programs, including products made by Microsoft and
Apple.

Unlike in other countries such as Germany, where that country's Chaos
Computer Club -- another national white hat hacker group -- receives
government funding, U.S.-based hackers have few resources to turn to,
according to Farr and Jesse Krembs, president of Hacker Foundation.

Other projects backed by the Hacker Foundation include efforts to get
younger researchers into the wider community at a younger age to teach
them the right way to go about their work, and a program to send people
across the country, and even the world, to help rebuild IT systems after
natural disasters such as Hurricane Katrina.

One of the groups' more significant goals, beyond generating more
industry financing through donations, is to open the series of "hacker
spaces" it would like to see established in different regions of the
country to give researchers someplace to work freely, and in unison.

Like Internet cafes for the teenagers, the facilities would pitch
themselves as convenient places for researchers to carry out their work
and meet other hackers. By opening centers that offer free access to
large amounts of bandwidth and other computing infrastructure,
researchers would be able to create things they are unable to build on
smaller home systems, and turn to colleagues when they need help or
advice.

Although no plans are in place to open an official Hacker
Foundation-sponsored research location, the group believes it isn't far
from seeing the idea brought to fruition.

Washington is among the regions being considered for the initial
facility, although rent is relatively high in the city, group leader
noted.

"There is a strong core of people here who want to build the first
prototype in [Washington] D.C., but if you think you have a critical
mass to build something like this where you live, just let us know and
we can help," Farr said. "This group was designed to take these great
ideas that people in the community come up with and build an
infrastructure that makes it possible for them to happen. There are a
lot of people interested in this type of research, but almost no formal
support for these types of projects in this country."

In perhaps its most optimistic scheme to date, the Hacker Foundation is
also planning an unprecedented movable feast of white hat researchers
that will begin with the Defcon hacker confab in Las Vegas in early
August 2007.

>From that notorious hacker show, the group is chartering a private
>plane
that will fly directly to Germany for the CCC's annual hacker show, with
white hat activities planned for the trip.

In addition to the freedom to bring whatever unusual boxes of gear they
would like to display or use at the show, which has become tough to do
on commercial flights, the $5,000 per person trip will include
round-trip airfare, all the food and drink attendees seek in transit,
and on-board meetings to discuss events at the two industry shows.

The Hackers on a Plane adventure is just the sort of white hat industry
fraternization that the group's organizers are hoping to spread.

"We realized that all hackers don't have a place to meet and try out new
things, as people in places such as Germany have been doing," Krembs
said. "We want to make that happen in the U.S.; hackers need a space to
learn, develop, and display their skills. We're very social creatures
despite what people think and socializing the critical mass of hackers
is a great way to make new things happen."

_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]