Hacker, Cracker Power Shift?
Interesting news the last few weeks…..
ScanAlert customers get hacked:
http://jeremiahgrossman.blogspot.com/2006/10/just-when-you-think-its-over-scanalert.html
Accunetix and F5 are caught with their pants down:
http://www.darkreading.com/document.asp?doc_id=104815
Is a hacker, cracker power shift finally happening?
Let us examine a few areas:
1. Out of date security prodecures and tools vs cutting-edge exploitation
Jeremiah mentioned ScanAlert being PCI certified. Part of the PCI standard is to test according to the OWASP Top Ten. Accunetix also claims to test according to OWASPs standard. Hence, my rantings here.
2. Exploits are now a product
Every penetration testing tool on the market relies on internal research and publically published vulnerabilities. This model worked great a few years ago, when the industry was young and “true” hackers roamed the earth. Nowadays, who cares about going through the pain of notifying the vendor - who in many cases couldn’t care less, when hackers can earn some money, i.e.
http://www.zerodayinitiative.com/. I wonder what the new and upcoming generation(s) think about this? What principle is this teaching? hmm..
3. Extreme situations call for extreme laws
Hacker gets 40 years in jail. Chefs get 19 years for rape.
What side will our new generation of hackers be on?
How are the above factors affecting the traditional hacker philosophy?
The traditional security model relied on sharing knowledge, ideas and tools… is this still the case?