True tales of (mostly) white-hat hacking

Stings, penetration pwns, spy games -- it's all in a day's work along the thin gray line of IT security

By Roger A. Grimes, InfoWorld |  Security

In the mainstream media, hacking gets a bum rap. Sure, the headline grabbers are often nefarious, but all computer professionals are hackers at heart. We all explore the systems we use, often reaching beyond their normal intent. This knowledge and freedom can come through big time in sticky situations.

In my three decades fighting malicious hackers, I've come to rely heavily on that desire to scratch an itch. Improvisation and familiarity with computing systems are essential when combating those who will do almost anything to compromise your network.

[ Verse yourself in 14 dirty IT security consultant tricks, 9 popular IT security practices that just don't work, and 10 crazy security tricks that do. | Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from expert contributors in InfoWorld's PDF guide. | Keep up with key security issues with InfoWorld's Security Central newsletter. ]

Some call it white-hat hacking. I call it a good day's work -- or weekend fun, depending on whether it's at home or business.

Here are five true tales of bringing down the baddies. I can't say I'm proud of all the things I did, but the stories speak for themselves. Got one of your own to pass along? Send it my way, or share it in the comments.

True tale of (mostly) white-hat hacking No. 1: Disney, porn, and XSSCross-site scripting (XSS) continues to be the No. 1 problem plaguing websites, even today. XSS vulnerabilities arise when a website allows another entity to post Web scripting commands that can then be viewed and executed by others.

Oftentimes, these vulnerabilities fly under the radar. Simply offering users the ability to post comments is enough, if your site allows script commands to be posted, viewed, and executed. A malicious party writes a malicious scripting command that is then consumed and acted upon by other visitors to your site.

When asked why you should worry about cross-site scripting attacks, I like to tell the following story, although the XSS scripting part was just one piece of a great week of hacking.


Originally published on InfoWorld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question