Ethical hacking (updated)

I write this out of interest for the secondary (high-school) students I teach.

If you teach, if  you think digital citizenship is important and if you know some of the students you teach are coding, you have I believe some responsibility to teach yourself about ethical hacking, so as to advise the students  about rights and responsibilities in the coding environment that motivates them.

This is a toe in the water post and I am interested in comments.

Update – an interesting comment on this post was made by José Flores via the Computer Education of Ireland mail-list (here). I have pasted it below at the end of the original posting.

_________________________________________________________________________________________

I published a post last December entitled What have you learned this year?

One of the points I made was that  “I promote the Mozilla Drumbeat view of the web Connect. Share Projects. Hack everything. Genuine social capital will be generated as we promote an open web for all.”

I was picked up (face to face) by some peers for  my use of the word hack – for them it meant one of two things – steal or break in and damage .

That interpretation has been reinforced in Ireland by the recent arrest (and subsequent release) of Irishman Donncha O’Cearbhaill for hacking (here).

David O’ Dwyer of the Irish Times (March 2102) then published a  piece entitled The Hacking Game (here).

Martin Mitchell gave talk on Ethical Hacking at Google HQ in Dublin tonight. I went along (a bit of an impostor, as most there were developers) to see what I might learn…

Mitchell pointed to four types of hackers

  1. the good / ethical ones – white hats
  2. the bad / hurtful ones – black hats
  3. the naive / easily led ones – script kiddies
  4. the politically motivated ones – hactivists

Mitchell was talking to a room full of developers and was ultimately looking at why a company, such as a bank will employ an ethical hacker – ultimately to protect the company name and find and patch issues before the bad ones break in and cause hackingdamage to that name.

The ethical hacker is working with permission and / or  if working on their own, knows when and how to stop.

Ultimately the ethical hacker is finding issues and pursuing knowledge.

Mitchell advocated third-level students to consider ethical hacking as a final-year project or as research within a Masters dissertation.

Food for thought!

Picture Credit I found it on the Internet. Amazon.

Hey guys,

Donal, nice post. I just wanted to clarify the meaning of hacking in a
development environment (as in your Mozilla quote). It is not really
equivalent to ethical hacking. We use ‘hack’ as a act of creation. We
hack on pet projects (personal projects for learning purposes) on our
own or with others, we run hacka-thons (hacking marathons) and hack
days (think 24/48 hours of group coding sessions to build systems) and
all that has nothing to do with ethical hacking but with developing
new applications (and learning).

Ethical hacking is still breaking into systems and finding
vulnerabilities in applications that will allow you to do all the bad
stuff… but stopping there, and reporting back to the owners so that
they can fix the problem. So you could say that it is a destruction
(of sorts) act.

I really liked the classification of ‘good/bad/naive/politically
motivated’; certainly not applicable only to hackers! 🙂

cheers,
José

Comments are closed.