Which hat are you?

It was inevitable that the hacking scene be split into new sub categories with new terminology to represent the mentality of the world’s brightest hackers. A decade ago it was a lot easier to understand what a hacker was and could do. Now we have millions of people using computers each day for email, e-commerce, banking, business, socialising, etc. It’s clear cyberspace has become a mirror of reality with more and more people getting online every day. The internet follows the same patterns as the universal guiding pattern of birth, a system rises, transforms itself and the world. Birth, change, death, rebirth, but on the net it’s beta, version 1, obsolete, prototype.

And on and on it goes bringing new, hardier, more efficient systems and programs. So what’s this got to do with security? Everything, security is a myth, just as in real life security is a myth. It’s told we will have security if we follow responsibilities and be good law abiding people, we will be given security if we keep loyal to our government and laws from the system. Security in real life is given at a price to us, which is programmed and sold into us. Others tell us we have security. Security on the net is similar with some respect. You go to a security company, purchase a firewall or have a marketer speak to your IT department and make you feel that now you have security, but you don’t because the firewall is installed and not setup correctly, also you still have left other doorways open. 75% of all attacks occur despite having a firewall in place. How are are people getting through these seemingly impenetrable devices? Web hacking, It’s the next generation of hacking kungfu, people now are focusing more and more on bugs in e-commerce technology. The open youth will always rebel, always. When they rebel generation after generation they learn more and more about the systems than some of the rulers that think they have control of them. Security is a myth, it’s sold to us in real life at a price, it’s sold to us to program security and safety into our minds, but every day you have an affinity of possibilities which can leave you with no security.

That’s reality. How though can you feel a sense of well being and security on the net? Nobody is telling you that you are protected or have insurance, you can’t see what other humans are doing behind their computers, you can’t see where all the information is going. This leaves people feeling intimidated without security understanding or knowledgeable computer skills, that’s the majority of the net. Your in control of systems, you have a web server, mail server, whole complex array of servers, mainframe systems, wide-area network links, etc. Everything is online. How can you feel safe and secure from others penetrating your network and safe with your browsing and employees browsing and shopping?” Get a firewall, get two!, which should do it!” That’s the attitude of the majority, that’s the reason why security is still breaking down. You can’t have security when people every day every month are going to be trying to break into your computers, just the same as your real life security. If every month 30 people are trying to break into your store front or home, someone’s going to break in eventually. Many people need to understand the Internet still, it’s not always a persons fault to be lured into buying a product to find out it’s useless, and they have still been hacked.

So how do you keep secure? whitehats. First understand the terminology, a whitehat is a professional security expert; you’ll know a whitehat from the understanding of security and the scene. The whitehats web site should contain allot of security information, whitepapers and be current with security news and latest vulnerable findings. Whitehats may conduct product evaluation services; network auditing, network monitoring and penetration testing. After all, professional whitehats have spent years in the security scene and are helping secure computers and the Internet in general. But how can you trust a whitehat?, they are too good. These guys are stealth, you can trust them because they don’t need to be doing this, they want to be doing this. They want to make it as difficult as possible for someone to steal your information. “Yeah but their hackers, arn’t they?” “They might steal information themselves” This seems to be the biggest problem from companies hiring whitehats and security professionals in general, it’s the biggest ignorant hurdle at helping them understand. Oh they’re a form of hacker all right and some of the best are very good vulnerabilities coders, they find the bugs and inform companies to lift their heads. If a whitehat wanted to steal your information, the whitehat wouldn’t be in contact with you in the first place. You wouldn’t know the company, you wouldn’t be communicating with whitehats and you would probably be having installed and miss-configured firewall, sitting behind a false sense of security right now.

The danger online can come from a blackhat out for finanical gain, or even just e-thugs, annoying webpage defacers, teenagers out on datastreaming missions carding site after site. Political activists, corporate spies or government snooping.

You need to feel secured online and you can. Security will be coming from those most skilled in security and those most skilled and willing to help are wearing the whitehats.

I hope this article helped people understand security more and the terminology behind online security.