8:22 PM
If you need a flat head screwdriver to remove a screw, would you use a cross head?
Of course you wouldn’t – it wouldn’t work for one reason. Similarly, if you needed to dig a hole would you use a spoon? While you’d get the job done the time wasted could be better invested elsewhere. It’s only natural to use the tool that’s been perfectly designed for the job yet, for some reason, when it comes to securing the corporate infrastructure, many are frightened by the idea of hiring a hacker. I believe they’re missing out.
Not all hackers are the same so here are the skills, I believe, a hacker should display:
Out of the Box
My hacker definition sums this up perfectly. Rather than looking at how something should work, a hacker will approach it from a different angle. He won’t try your ‘security doors’ to make sure they’re locked, but instead push on the wall around to see if the bricks hold up and if the windows have glass – does the putty hold them in place.
‘No’ isn’t in his vocabulary
Tenacity is another key skill a hacker must possess – someone who doesn’t take ‘no’ for answer. Take a locked door – there are a number of ways of ‘opening’ it and a hacker will keep trying until he manages it. Of course the easiest way is to locate the key but, if one isn’t on hand, then can the lock be picked? Can it be drilled? What about cutting the lock out altogether? I think the phrase from a legendary film – You’re only supposed to blow the bloody doors off perfectly encapsulates a hacker’s enthusiasm to get the job done.
Morals of an alley cat
Now, before everyone starts baying for my blood, I don’t for one minute advocate paying a criminal for his services – unless they’re rehabilitated and you’re into second chances. However, a hacker needs to think and act like a criminal or what’s the point. Criminals don’t play by the rules and being afraid to push the boundaries is why a lot of companies end up experiencing breaches.
Porridge for breakfast
While I’ve said there’s no reason why a rehabilitated hacker shouldn’t be employed, it does raise serious concerns – primarily, why did they get caught? Professional hackers will pride themselves on their skill at infiltrating systems, undetected and will certainly not want to leave an electronic ‘fingerprint’. A criminal conviction shouldn’t be seen as a ‘qualification’ but rather testament that perhaps they’re not up to the job!
A big head
An egotistical hacker isn’t necessarily a brilliant hacker - in fact quite the reverse is often true. I’ve sat and listened to far too many people claiming responsibility for something that I’ve known they didn’t do – often because I was in fact responsible, but that’s for another time.
There are a number of reasons why bragging is a bad trait in a hacker:
· They should be able to prove their ability rather than just talk about it
· If they’re loose lipped they could inadvertently expose the organization to ridicule
· A hacker likes nothing better than ridiculing someone else’s inadequacy
SOURCE: Dominique karg – chief hacking officer at alienvault
0 comments:
Post a Comment