White hat (computer security)

A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker.[1][2] Ethical hacking is a term meant to imply a broader category than just penetration testing.[3][4] Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has.[5] The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively.[6] There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.[7]

White-hat hackers may also work in teams called "sneakers and/or hacker clubs",[8] red teams, or tiger teams.[9]

History

One of the first instances of an ethical hack being used was a "security evaluation" conducted by the United States Air Force, in which the Multics operating systems were tested for "potential use as a two-level (secret/top secret) system." The evaluation determined that while Multics was "significantly better than other conventional systems," it also had "... vulnerabilities in hardware security, software security and procedural security" that could be uncovered with "a relatively low level of effort."[10] The authors performed their tests under a guideline of realism, so their results would accurately represent the kinds of access an intruder could potentially achieve. They performed tests involving simple information-gathering exercises, as well as outright attacks upon the system that might damage its integrity; both results were of interest to the target audience. There are several other now unclassified reports describing ethical hacking activities within the US military.

By 1981 The New York Times described white-hat activities as part of a "mischievous but perversely positive 'hacker' tradition". When a National CSS employee revealed the existence of his password cracker, which he had used on customer accounts, the company chastised him not for writing the software but for not disclosing it sooner. The letter of reprimand stated "The Company realizes the benefit to NCSS and encourages the efforts of employees to identify security weaknesses to the VP, the directory, and other sensitive software in files".[11]

On October 20, 2016, the Department of Defense (DOD) announced "Hack The Pentagon."[12][13]

The idea to bring this tactic of ethical hacking to assess the security of systems and point out vulnerabilities was formulated by Dan Farmer and Wietse Venema. To raise the overall level of security on the Internet and intranets, they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so. They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. They gathered up all the tools they had used during their work, packaged them in a single, easy-to-use application, and gave it away to anyone who chose to download it. Their program called Security Administrator Tool for Analyzing Networks, or SATAN, was met with a great amount of media attention around the world in 1992.[9]

Tactics

While penetration testing concentrates on attacking software and computer systems from the start – scanning ports, examining known defects in protocols and applications running on the system, and patch installations, for example – ethical hacking may include other things. A full-scale ethical hack might include emailing staff to ask for password details, rummaging through executive dustbins, usually without the knowledge and consent of the targets. Only the owners, CEOs, and Board Members (stakeholders) who asked for such a security review of this magnitude are aware. To try and replicate some of the destructive techniques a real attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late at night while systems are less critical.[14] In most recent cases these hacks perpetuate for the long-term con (days, if not weeks, of long-term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software in a public area as if someone lost the small drive and an unsuspecting employee found it and took it.

Some other methods of carrying out these include:

The methods identified exploit known security vulnerabilities and attempt to evade security to gain entry into secured areas. They can do this by hiding software and system 'back-doors' that can be used as a link to information or access that a non-ethical hacker, also known as 'black hat' or 'grey hat', may want to reach.

Legality

Belgium

Belgium legalized white hat hacking in February 2023.[15]

China

In July 2021, the Chinese government moved from a system of voluntary reporting to one of legally mandating that all white hat hackers first report any vulnerabilities to the government before taking any further steps to address the vulnerability or make it known to the public.[16] Commentators described the change as creating a "dual purpose" in which white hat activity also serves the country's intelligence agencies.[16]

United Kingdom

Struan Robertson, legal director at Pinsent Masons LLP, and editor of OUT-LAW.com says "Broadly speaking, if the access to a system is authorized, the hacking is ethical and legal. If it isn't, there's an offense under the Computer Misuse Act. The unauthorized access offense covers everything from guessing the password to accessing someone's webmail account, to cracking the security of a bank. The maximum penalty for unauthorized access to a computer is two years in prison and a fine. There are higher penalties – up to 10 years in prison – when the hacker also modifies data". Unauthorized access even to expose vulnerabilities for the benefit of many is not legal, says Robertson. "There's no defense in our hacking laws that your behavior is for the greater good. Even if it's what you believe."[4]

Employment

The United States National Security Agency offers certifications such as the CNSS 4011. Such a certification covers orderly, ethical hacking techniques and team management. Aggressor teams are called "red" teams. Defender teams are called "blue" teams.[8] When the agency recruited at DEF CON in 2020, it promised applicants that "If you have a few, shall we say, indiscretions in your past, don't be alarmed. You shouldn't automatically assume you won't be hired".[17]

A good "white hat" is a competitive skillful employee for an enterprise since they can be a countermeasure to find the bugs to protect the enterprise network environment. Therefore, a good "white hat" could bring unexpected benefits in reducing the risk across systems, applications, and endpoints for an enterprise.[18]

Recent research has indicated that white-hat hackers are increasingly becoming an important aspect of a company's network security protection. Moving beyond just penetration testing, white hat hackers are building and changing their skill sets, since the threats are also changing. Their skills now involve social engineering, mobile tech, and social networking.[19]

Notable people

See also

References

  1. ^ "What is white hat? - a definition from Whatis.com". Searchsecurity.techtarget.com. Archived from the original on 2011-02-01. Retrieved 2012-06-06.
  2. ^ Okpa, John Thompson; Ugwuoke, Christopher Uchechukwu; Ajah, Benjamin Okorie; Eshioste, Emmanuel; Igbe, Joseph Egidi; Ajor, Ogar James; Okoi, Ofem, Nnana; Eteng, Mary Juachi; Nnamani, Rebecca Ginikanwa (2022-09-05). "Cyberspace, Black-Hat Hacking and Economic Sustainability of Corporate Organizations in Cross-River State, Nigeria". SAGE Open. 12 (3): 215824402211227. doi:10.1177/21582440221122739. ISSN 2158-2440. S2CID 252096635.{{cite journal}}: CS1 maint: multiple names: authors list (link)
  3. ^ Ward, Mark (14 September 1996). "Sabotage in cyberspace". New Scientist. 151 (2047). Archived from the original on 13 January 2022. Retrieved 28 March 2018.
  4. ^ a b Knight, William (16 October 2009). "License to Hack". InfoSecurity. 6 (6): 38–41. doi:10.1016/s1742-6847(09)70019-9. Archived from the original on 9 January 2014. Retrieved 19 July 2014.
  5. ^ Filiol, Eric; Mercaldo, Francesco; Santone, Antonella (2021). "A Method for Automatic Penetration Testing and Mitigation: A Red Hat Approach". Procedia Computer Science. 192: 2039–2046. doi:10.1016/j.procs.2021.08.210. S2CID 244321685.
  6. ^ Wilhelm, Thomas; Andress, Jason (2010). Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques. Elsevier. pp. 26–7. ISBN 978-1-59749-589-9.
  7. ^ "What is the difference between black, white, and grey hackers". Norton.com. Norton Security. Archived from the original on 15 January 2018. Retrieved 2 October 2018.
  8. ^ a b "What is a White Hat?". Secpoint.com. 2012-03-20. Archived from the original on 2019-05-02. Retrieved 2012-06-06.
  9. ^ a b Palmer, C.C. (2001). "Ethical Hacking" (PDF). IBM Systems Journal. 40 (3): 769. doi:10.1147/sj.403.0769. Archived (PDF) from the original on 2019-05-02. Retrieved 2014-07-19.
  10. ^ Paul A. Karger; Roger R. Scherr (June 1974). MULTICS SECURITY EVALUATION: VULNERABILITY ANALYSIS (PDF) (Report). Archived (PDF) from the original on 13 November 2017. Retrieved 12 Nov 2017.
  11. ^ McLellan, Vin (1981-07-26). "Case of the Purloined Password". The New York Times. Archived from the original on 2016-03-07. Retrieved 11 August 2015.
  12. ^ "DoD Announces 'Hack the Pentagon' Follow-Up Initiative". U.S. Department of Defense. Retrieved 2023-12-15.
  13. ^ Perez, Natasha Bertrand,Zachary Cohen,Alex Marquardt,Evan (2023-04-13). "Pentagon leak leads to limits on who gets access to military's top secrets | CNN Politics". CNN. Archived from the original on 2023-12-15. Retrieved 2023-12-15.{{cite web}}: CS1 maint: multiple names: authors list (link)
  14. ^ Justin Seitz, Tim Arnold (April 14, 2021). Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters. No Starch Press. ISBN 978-1-7185-0112-6. Archived from the original on August 26, 2021. Retrieved August 30, 2021.
  15. ^ Drechsler, Charlotte Somers, Koen Vranckaert, Laura (3 May 2023). "Belgium legalises ethical hacking: a threat or an opportunity for cybersecurity?". CITIP blog. Archived from the original on 17 May 2023. Retrieved 7 May 2023.{{cite web}}: CS1 maint: multiple names: authors list (link)
  16. ^ a b Brar, Aadil (18 January 2024). "China Raises Private Hacker Army To Probe Foreign Governments". Newsweek. Archived from the original on 20 January 2024. Retrieved 20 January 2024.
  17. ^ "Attention DEF CON® 20 attendees". National Security Agency. 2012. Archived from the original on 2012-07-30.
  18. ^ Caldwell, Tracey (2011). "Ethical hackers: putting on the white hat". Network Security. 2011 (7): 10–13. doi:10.1016/s1353-4858(11)70075-7. ISSN 1353-4858.
  19. ^ Caldwell, Tracey (2011-07-01). "Ethical hackers: putting on the white hat". Network Security. 2011 (7): 10–13. doi:10.1016/S1353-4858(11)70075-7. ISSN 1353-4858.

Read other articles:

عبد الحق واثق (بالبشتوية: عبد الحق واثق)‏    [1][2]   تولى المنصب7 سبتمبر 2021  معلومات شخصية الميلاد سنة 1971 (العمر 51–52 سنة)  ولاية غزني  مكان الاعتقال معتقل غوانتانامو  الإقامة معتقل غوانتانامو  مواطنة أفغانستان  الحزب طالبان  الخدمة العسكرية ا

 

ПеньяльсордоPeñalsordo Герб {{{official_name}}}ГербFlag of {{{official_name}}}ПрапорМуніципалітетКраїна  ІспаніяАвтономна спільнота ЕстремадураПровінція БадахосКоординати 38°49′12″ пн. ш. 5°06′47″ зх. д. / 38.82° пн. ш. 5.113° зх. д. / 38.82; -5.113Координати: 38°49′12″ пн....

 

Location of Buchanan County in Missouri This is a list of the National Register of Historic Places listings in Buchanan County, Missouri. This is intended to be a complete list of the properties and districts on the National Register of Historic Places in Buchanan County, Missouri, United States. Latitude and longitude coordinates are provided for many National Register properties and districts; these locations may be seen together in a map.[1] There are 62 properties and districts li...

American musician (born 1969) This article is about the musician. For the associated band, see Marilyn Manson (band). Not to be confused with Marilyn Mason or Marlyn Mason. Marilyn MansonManson performing in 2017Background informationBirth nameBrian Hugh WarnerBorn (1969-01-05) January 5, 1969 (age 54)Canton, Ohio, U.S.GenresIndustrial metalindustrial rockalternative metalhard rockgothic rockshock rockOccupation(s)SingersongwriteractorpainterwriterYears active1989–presentLabelsNothingI...

 

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages) The topic of this article may not meet Wikipedia's notability guideline for music. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merge...

 

Ізраїль Ця стаття є частиною серії статей продержавний лад і устрійІзраїлю Конституція Правова система Права людини Глава держави Президент (список) Реувен Рівлін Виконавча влада Прем'єр-міністр (список) Біньямін Нетаньягу Законодавча влада Палати парламенту Судова вл...

Mythological humanoid creatures of small stature This article is about little people as a mythological archetype. For other uses, see Little people. The examples and perspective in this article may not represent a worldwide view of the subject. You may improve this article, discuss the issue on the talk page, or create a new article, as appropriate. (January 2021) (Learn how and when to remove this template message) Little people have been part of the folklore of many cultures in human histor...

 

Tyne and Wear Metro and railway station in Gateshead HeworthTyne and Wear Metro stationGeneral informationLocationHeworth, GatesheadEnglandCoordinates54°57′05″N 1°33′21″W / 54.9515°N 1.5559°W / 54.9515; -1.5559Grid referenceNZ285619Transit authorityTyne and Wear PTEPlatforms2Tracks2Bus stands7ConstructionParking463 spacesBicycle facilities 4 cycle lockers 25 cycle racks AccessibleStep-free access to platformOther informationStation codeHEWFare zoneBHistoryO...

 

The Egypt Game First editionAuthorZilpha Keatley SnyderIllustratorAlton RaiblePublisherAtheneum This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: The Egypt Game – news · newspapers · books · scholar · JSTOR (November 2015) (Learn how and when to remove this template message) The Egypt Game (1967) is a Newbery ...

Shipley College Shipley College and Victoria Hall, Saltaire Shipley College is a General Further Education college in West Yorkshire, England, The college is a small place mainly based in the village of Saltaire. Other Sites are used for Lifestyle and Adult Learning and include local schools and Community Centres. The buildings in Saltaire go under the names of Salt Building, Mill building, Victoria Hall and Exhibition Building.[1] All buildings are within walking distance of each oth...

 

Railway station in Nagato, Yamaguchi Prefecture, Japan Kiwado Station黄波戸駅Kiwado Station in October 2009General informationLocation2008-3, Hekikami Kiwado, Nagato-shi, Yamaguchi-ken 759-4401JapanCoordinates34°23′7.07″N 131°8′23.3″E / 34.3852972°N 131.139806°E / 34.3852972; 131.139806Owned by West Japan Railway CompanyOperated by West Japan Railway CompanyLine(s)     San'in Main LineDistance604.9 km (375.9 mi) from K...

 

1996 studio album by Pat Metheny GroupQuartetStudio album by Pat Metheny GroupReleasedNovember 1996RecordedMay 1996StudioRight Track Studio, New York CityGenreJazz, jazz fusionLength66:01LabelGeffenProducerPat MethenyPat Metheny chronology We Live Here(1995) Quartet(1996) Beyond the Missouri Sky (Short Stories)(1997) Professional ratingsReview scoresSourceRatingAllmusic[1]The Penguin Guide to Jazz Recordings[2] Quartet (1996) is the eighth studio album by the Pat Methe...

List of links to articles about Cape Town on Wikipedia View north-eastwards across the city bowl of Cape Town from Lion's Head The following outline is provided as an overview of and topical guide to Cape Town: Cape Town – capital city of the Western Cape province and legislative capital of South Africa. General reference Pronunciation: (Afrikaans: Kaapstad [ˈkɑːpstat]; Xhosa: iKapa; Dutch: Kaapstad); Common English name(s): Cape Town Official English name(s): Cape Town Adjec...

 

perturbasi pada bulan dan matahari Dalam astronomi, perturbasi atau gangguan adalah gerakan kompleks subjek besar dengan kekuatan selain daya tarik gravitasi dari tubuh besar tunggal lainnya. Kekuatan lain dapat mencakup ketiga subyek (keempat, kelima, dll), ketahanan, seperti dari suasana, dan daya tarik lain. Referensi Solex Diarsipkan 2007-09-07 di Wayback Machine. (by Aldo Vitagliano) predictions for the position/orbit/close approaches of Mars Gravitation Sir George Biddell Airy's 1884 bo...

 

Indian geologist Nibir MandalBorn (1963-11-06) 6 November 1963 (age 60)Jahangirpur, Murshidabad, West Bengal, IndiaNationalityIndianAlma materJadavpur UniversityHokkaido UniversityETH ZurichKnown forStudies on the evolution of geological structuresAwards1992 INSA Young Scientist Medal2005 S. S. Bhatnagar Prize2013 G. D. Birla AwardScientific careerFieldsTectonicsStructural geologyGeodynamicsInstitutionsJadavpur University[1] Nibir Mandal (born 1963) is an Indian ...

A large number of canals were built in Cheshire, England, during the early phases of the Industrial Revolution to transport goods and raw materials. This resulted in a significant canal network which is now enjoyed by holiday-makers, anglers, walkers, and others. Canal boats navigating the Beeston Locks Routes of navigable canals Bridgewater Canal Main article: Bridgewater Canal The Bridgewater Canal runs from Preston Brook, near Runcorn, to Leigh in Greater Manchester. The original section o...

 

State highway in Berks County, Pennsylvania, United States This article is about the current route. For the PA Route 12 in the 1920s, see Baltimore Pike. For the PA Route 12 in the 1930s, see Pennsylvania Route 191. Pennsylvania Route 12Route informationMaintained by PennDOTLength9.566 mi[1] (15.395 km)ExistedDecember 1998[2]–presentMajor junctionsWest end US 222 / US 422 in WyomissingMajor intersections PA 183 in Reading PA 61 in...

 

Marcos Lopes Informasi pribadiNama lengkap Marcos Paulo Mesquita LopesTanggal lahir 28 Desember 1995 (umur 27)Tempat lahir Belém, BrasilTinggi 1,74 m (5 ft 9 in)Posisi bermain Gelandang serangInformasi klubKlub saat ini Lille (pinjaman dari Manchester City)Nomor 17Karier junior2003–2006 AD Poiares2006–2011 Benfica2011–2013 Manchester CityKarier senior*Tahun Tim Tampil (Gol)2013– Manchester City 0 (0)2014– → Lille (pinjaman) 13 (2)Tim nasional‡2011–2012 Por...

53°20′48″N 6°16′07″W / 53.3468°N 6.2686°W / 53.3468; -6.2686 The noted actor Charles Macklin appeared at Capel Street Theatre William Thomas Lewis acted in False Delicacy at the theatre in 1770 Capel Street Theatre was an 18th-century theatre located on Capel Street in Dublin, Ireland. The Capel Street Theatre had two distinct periods in its history. The first theatre on the site was called the 'New Theatre in Capel Street' or 'City Theatre in Capel Street'...

 

Mostar Youth TheatreMostar Youth Theatre LogoAddressTrg Republike 1MostarBosnia and HerzegovinaCoordinates43°20′38″N 17°48′40″E / 43.34389°N 17.81111°E / 43.34389; 17.81111OwnerThe City of MostarDesignationPublic InstitutionConstructionOpenedFebruary 24, 1974ArchitectMiroslav LoseWebsitemostm.weebly.com Mostar Youth Theatre (locally known as Mostarski Teatar Mladih or MTM) is a city-sponsored community theatre located in Mostar, Bosnia and Herzegovina. Hist...

 

Strategi Solo vs Squad di Free Fire: Cara Menang Mudah!