|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: "Black Hat" v "White Hat"
From: Derek K. (flatline
IO.COM)Date: Thu Oct 12 2000 - 10:59:28 CDT
- Next message: Mark Teicher: "Re: "Black Hat" v "White Hat""
- Previous message: Elliot Turner: "Re: Intrusion Detection Logfile Software"
- Next in thread: Mark Teicher: "Re: "Black Hat" v "White Hat""
- Reply: Mark Teicher: "Re: "Black Hat" v "White Hat""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>Do the people on this list worry about the origins of the people who code
>their respective IDS products?
A bit. But for the most part, I think they are fairly well known. We
have a large base of very skilled, very paranoid people who regularly use,
abuse, examine, hack, beat, and reverse engineer the programs. When I see
some new program guarenteed to fix everything pop up on freshmeat, I'm
cautious. But snort/satan/ISS/etc I don't worry about. I don't think
that a backdoor would survive long. Mostly I'll trust programs I hear
recommended by people I trust. The stuff on networkintrustion I don't
worry too much about. The stuff on
geocities.com/security/31337/n0r00T!!/ I'll be a bit cautious of. And I
don't think a professional vendor would survive long in the security field
with backdoors. I may be naive in this respect, but I have faith in the
folks in the field beating on them.
>Does anyone else suspect, as I do, that a
>proportion of the actual "techies" in the backrooms of these organisations
>were at some time, or may still be, part of the hacker community in some
>way?
I would be surprised if they weren't, or hadn't been at some point.
There are no spotless white hats, or any pure black hats. Every white hat
has done something that could be considered black, even if it's just an
nmap scan. And a number of people are "grey hats." But I think a lot of
security people come up into security by way of cracking - they learn the
cool exploits, learn to write buffer overflows, and then they realize that
they'd rather be stopping such things (cf Mudge, L0pht, et al) - I'm
reading Hackproofing Your Network, and it's got quite a good discussion of
this from Mudge.
Hell, one of the best sysadmins I knew was an old-school cracker in his
younger days. He hung out with some of the big names (not Mitnick big,
but close). He still gets occasional emails from old friends about new
exploits. And he kept our system very nicely. He knew how cracking
worked, and knew what to watch out for. Of course, he had an extensive
warez collection. He had a hat that was definately stained. But he was
on our side, and he was good.
>I look forward to your opinions
I'm sorry to hear that. ;)
So, why hasn't the media picked up on the ultra-cool Black Hat/White Hat
terms? I'd think they would be very interested in those - could make some
nice little info-graphics.
Cheers,
Derek K.
- Next message: Mark Teicher: "Re: "Black Hat" v "White Hat""
- Previous message: Elliot Turner: "Re: Intrusion Detection Logfile Software"
- Next in thread: Mark Teicher: "Re: "Black Hat" v "White Hat""
- Reply: Mark Teicher: "Re: "Black Hat" v "White Hat""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]