Hacking and white hat security

There is currently a lot of buzz in the recent media reports, about how an adult social site has been hacked and large data dump containing information on the users is now available in the open. Since the site’s most vital selling strategy was discretion of users, publicly naming and shaming (at least hoping to) the users was the aim of the hackers. The debate and discussion around this hacking are plenty- from social ethics to how large quantities of encrypted passwords have been easily been hacked.

What is hacking? “In the computer-security context, a hacker is someone who seeks to exploit weaknesses in a computer system or computer-network “.  The motivation might range from money, ethics to just being intellectually challenged. One of the earliest histories of hacking a computer was in 1965, in the MIT lab on an IBM computer; couple of students were able to reveal the passwords on the system. Despite the seemingly decadent role that hackers play, they are seen as an asset in the software industry. Hackers are generally computer programmers, whose understanding of a technology or network is exceptional, therefore are able to foresee how the program could have loopholes. Security concerns and loopholes have often been a sort of benchmark on how newly released products are evaluated. For example, every time a new version of an operating system is released, we are likely to see a list of security loopholes in the system published in media and blogs. And there have been scenarios, where an organization subsequently has released a patch to take care of multitude security issues.

With social media and cloud computing, there is a whole load of data and information that is available that could cause serious privacy issues for users. Hence bridging security concerns has become one of the primary selling points, before a product or service release. One social media giant, who has around 1.49billion users, has been continuously trying to upgrade and improve security risks, due to its humungous user base. Recently, an Indian-origin Harvard student, who was soon to start internship with the organization, was inspired by its prevalent ‘hacking-culture’ to find loopholes in the site. The student was able to highlight, serious privacy flaws, which allowed users to be tracked using geo-locations. The social-media site has since then, been updated to cover the flaw. A case study for the Harvard journal also has been published by the ethical student hacker.

Hackers categorise themselves as white hat, grey hat and black hat based on the intent and purpose of their hacking. White hat refers to those, who have no malicious intent and are experts in being able to penetrate a system therefore sometimes referred to as ethical hackers. The skill of white hat hackers is in great demand, which is why white-hat testing is mandated by many organizations before a release. This form of testing involves being able to penetrate to the very core of the system from operating system breaches to security patch installations. In this method, testers try to imitate, what a black hat hacker could attempt while on the system, and then find the destructive loopholes. This could be achieved on a clone system or during a downtime (if it’s a website) and then allow the developers to come out with upgrades to close these breaches.

One cannot stress enough, about how critical security and privacy issues are in the software computing world. And every attempt to test security concerns should be made by organizations before they release a software application.

LEAVE A REPLY

Please enter your comment!
Please enter your name here