Internet and online security professionals deal with hacking and cracking activity on a daily basis. With new technologies emerging every day the new security challenges arise and new vulnerabilities become available that allow black hat hackers to create and execute new scripts that can cause serious problems to the whole networks. Our mission is to let you know about the latest scams and to warn you about new exploits that can have a severe impact on your online business.
8th August 2007

Online Business Security and White Hat Hackers

It’s hard to imagine talking about [tag]online security[/tag], and in particular, without the inevitable appearance of the shadow antipode of the [tag]security professional[/tag] otherwise known as “hacker”.

The word “hacker” has such a bad publicity associated with it that for the average Internet users hackers are almost always a synonym of the serious online trouble.

So let’s “set the records straight”. There are many different types of hackers, some of them are really dangerous, others can help you patch gaping vulnerabilities in your business or even save your online business.

They are known as “White Hat Hackers” and they have the full right to be called “the White Knights of the Online World”.

So who are these guys? I would say every gifted programmer who found and reported serious in publicly available systems (either in open source architecture or in commercial application) could be called a “white hat hacker”.

If s/he wouldn’t report this security whole, it could be later identified by black hackers and used as a new exploit for a successful 0-day attack.

Every security professional who stumbled upon un-known security risk during penetration testing and informed not only his client (for whom this testing was performed) but also the community of security professionals, could be called a “white hat hacker”.

The person who was able to reverse-engineer binaries of the sophisticated new virus not only through a creation of a sandbox or virtual machine simulation, but by getting his hands dirty and actually playing with the code and understanding the internal actions of the binaries through core dump analysis, and then show the world the structure of this virus, could be called a “white hat hacker” too. 

All these guys have one thing in common: they used their knowledge to make this world a little better, more secure place. They didn’t use it for their own personal gains.

Make no mistake though – hacking is in their blood, it’s their alter ego. It gives the ultimate joy to their brains, because not many things in life can compare with a thrill of entering the presumably secure system through the newly created backdoor, without being noticed by company’s IDS and avoiding other traps.

But it’s one thing to hack in the system as part of penetration testing, when you was asked to do so by the owner, and use your knowledge to help the company to patch the security holes at the end of your ride. And quite another – to penetrate the same system without permission and rip off all the sensitive data off the company’s servers.

That’s in a nutshell the difference between white hat and black hat hackers.

Stay tuned, we’ll talk about grey hat hackers in the next post.

posted in Main, Online Business Security | 0 Comments