WHITE HAT

A 'white hat hacker', also rendered as 'ethical hacker', is, in the realm of information technology, a person who is ethically opposed to the abuse of computer systems. Realization that the Internet now represents human voices from around the world has made the defense of its integrity an important pastime for many.
A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them.

Contents

Terminology

Example

Notable security experts

Related books

See also

External links

Terminology

The term ''white hat hacker'' is also often used to describe those who attempt to break into systems or networks in order to help the owners of the system by making them aware of security flaws, or to perform some other altruistic activity. Many such people are employed by computer security companies; these professionals are sometimes called 'sneakers'. Groups of these people are often called tiger teams.
The primary difference between white and black hat hackers is that a white hat hacker claims to observe ethical principles. Like black hats, white hats are often intimately familiar with the internal details of security systems, and can delve into obscure machine code when needed to find a solution to a tricky problem. Some use the term ''grey hat'' and fewer use ''brown hat'' to describe someone's activities that cross between black and white.
In recent years the terms white hat and black hat have been applied to the Search Engine Optimization (SEO) industry. Black hat SEO tactics, also called spamdexing, attempt unfairly to redirect search results to particular target pages, whereas white hat methods are generally approved by the search engines.

Example

An example hack could be with Microsoft Windows and its ability to use cryptographic libraries built into the operating system. When shipped overseas this feature becomes nearly useless as the operating system will refuse to load cryptographic libraries that haven't been signed by Microsoft, and Microsoft will not sign a library unless the U.S. government authorizes it for export. This allows the U.S. government to maintain some perceived level of control over the use of strong cryptography beyond its borders.
While hunting through the symbol table of a beta release of Windows, a couple of overseas hackers managed to find a second signing key in the Microsoft binaries. That is, without disabling the libraries that are included with Windows (even overseas), these individuals learned of a way to trick the operating system into loading a library that hadn't been signed by Microsoft, thus enabling the functionality which had been lost to non-U.S. users.
Whether this is good or bad may depend on whether one respects the letter of the law, but is considered by some in the computing community to be a white hat type of activity.

Notable security experts

★ Dave Aitel - Author of SPIKE, a fuzzer completely unusable by others than himself

★ Mark Russinovich - Expert on Windows architecture and programming; noted for identifying the limited differences between Windows NT Server and Workstation, and discovering the 2005 Sony Rootkit software.

★ Fyodor — Author of the open source Nmap Security Scanner, web site Insecure.Org, co-author of hacking novel How to Own A Continent, and founding member of the Honeynet Project.

★ Johan "Julf" Helsingius — Operated the world's most popular anonymous remailer, the Penet remailer (called penet.fi), until he closed up shop in September 1996.

★ Kevin Mitnick — A former blackhat computer criminal who now (since his release from prison in 2000) speaks, consults, and authors books about social engineering and network security.

★ Shawn Merdinger — Independent security researcher, former Cisco Systems' STAT and TippingPoint's DV research teams. Technical Advisor with VOIPSA, the Voice Over IP Security Association. VOIPSA Blog

★ H. D. Moore — Author of the Metasploit penetration testing tool

★ Nightmarepolice — Security researcher.

★ Bruce Schneier — Author of many books on security and leading cryptographer and developer of new cryptographic algorithms (including the ''Pontifex'' or ''Solitaire'' algorithm made famous in Neal Stephenson's novel Cryptonomicon). He also runs a popular security website and blog.

★ Tsutomu Shimomura — Shimomura helped catch Kevin Mitnick, the United States' most infamous computer intruder, in early 1994. He is the co-author of a book about the Mitnick case, ''Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It'' (ISBN 0-7868-8913-6).

★ Solar Designer — Founder of the Openwall Project.

★ Joanna Rutkowska (website) — Security researcher, lecturer, author of 'The Blue Pill' and several other proof of concept Windows compromises.

★ Stuart Thomas — Author of the V for Victory Pro bono public information security blog

★ Zairi MdKhaidzir — Security researcher and expert.

Related books

Network Security:

★ Hacking Exposed, Stuart McClure, Joel Scambray & George Kurtz, , , Mcgraw-Hill, 1999, ISBN 0-07-212127-0

★ Extreme Exploits: Advanced Defenses Against Hardcore Hacks, Victor Oppleman, Oliver Friedrichs, Brett Watson, , , Mcgraw-Hill, 2005, ISBN 0-07-225955-8

See also

★ Black hat

★ Grey hat

★ Hacker ethic

★ Hacker

★ Penetration test

★ CREST

External links

★ Hiring Hackers As Security Consultants

★ The Ethical Hacker Network - Free Online Magazine for Security Professionals