|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: "Black Hat" v "White Hat"
From: Mark Teicher (mark.teicher
NETWORKICE.COM)Date: Thu Oct 12 2000 - 11:39:24 CDT
- Next message: Talisker: "Security Tools Notification"
- Previous message: Derek K.: "Re: "Black Hat" v "White Hat""
- In reply to: Derek K.: "Re: "Black Hat" v "White Hat""
- Next in thread: J C Lawrence: "Re: "Black Hat" v "White Hat""
- Reply: Mark Teicher: "Re: "Black Hat" v "White Hat""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
There was just a recent article published in the CSI Journal regarding this
very same topic.
/mark
At 10:59 AM 10/12/00 -0500, Derek K. wrote:
> >Do the people on this list worry about the origins of the people who code
> >their respective IDS products?
>
>A bit. But for the most part, I think they are fairly well known. We
>have a large base of very skilled, very paranoid people who regularly use,
>abuse, examine, hack, beat, and reverse engineer the programs. When I see
>some new program guarenteed to fix everything pop up on freshmeat, I'm
>cautious. But snort/satan/ISS/etc I don't worry about. I don't think
>that a backdoor would survive long. Mostly I'll trust programs I hear
>recommended by people I trust. The stuff on networkintrustion I don't
>worry too much about. The stuff on
>geocities.com/security/31337/n0r00T!!/ I'll be a bit cautious of. And I
>don't think a professional vendor would survive long in the security field
>with backdoors. I may be naive in this respect, but I have faith in the
>folks in the field beating on them.
>
> >Does anyone else suspect, as I do, that a
> >proportion of the actual "techies" in the backrooms of these organisations
> >were at some time, or may still be, part of the hacker community in some
> >way?
>
>I would be surprised if they weren't, or hadn't been at some point.
>There are no spotless white hats, or any pure black hats. Every white hat
>has done something that could be considered black, even if it's just an
>nmap scan. And a number of people are "grey hats." But I think a lot of
>security people come up into security by way of cracking - they learn the
>cool exploits, learn to write buffer overflows, and then they realize that
>they'd rather be stopping such things (cf Mudge, L0pht, et al) - I'm
>reading Hackproofing Your Network, and it's got quite a good discussion of
>this from Mudge.
>
>Hell, one of the best sysadmins I knew was an old-school cracker in his
>younger days. He hung out with some of the big names (not Mitnick big,
>but close). He still gets occasional emails from old friends about new
>exploits. And he kept our system very nicely. He knew how cracking
>worked, and knew what to watch out for. Of course, he had an extensive
>warez collection. He had a hat that was definately stained. But he was
>on our side, and he was good.
>
> >I look forward to your opinions
>
>I'm sorry to hear that. ;)
>
>So, why hasn't the media picked up on the ultra-cool Black Hat/White Hat
>terms? I'd think they would be very interested in those - could make some
>nice little info-graphics.
>
>Cheers,
>Derek K.
- Next message: Talisker: "Security Tools Notification"
- Previous message: Derek K.: "Re: "Black Hat" v "White Hat""
- In reply to: Derek K.: "Re: "Black Hat" v "White Hat""
- Next in thread: J C Lawrence: "Re: "Black Hat" v "White Hat""
- Reply: Mark Teicher: "Re: "Black Hat" v "White Hat""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]