Ethical hacking

So far the targets of malicious hacking has been Corporate systems and Microsoft. To some extent they have all asked for trouble by their arrogance. The Bill Gate's of this world may well be the envy of many business people, who would all love to make lots of money, but they don't appeal to anyone with a "Green Peace" inclination. Windows NT has been a particular target for hackers because it has a lot of well documented security loop holes and thus is the easiest system to hack. Mainframes are far more security conscious so that while the users of these systems are high on the list of targets, they are not so easy to attack. Unix lies between the vulnerability of NT and the security of mainframes, but most Unix system users are aware of the need for security. So far NT is the only highly used system which needs very regular "fixes" to be installed, which few organisations do rigorously, but how will Linux stand up to hackers in the future? Linux is more robust than NT, but like NT the internal code is well known to the hackers; it may have less holes and less fixes than NT, but it doesn't need a lot to be vulnerable. So far the hackers love Linux and hate Microsoft, making the latter their target today. But the corporate world is very rapidly adopting Linux on its servers, so as Linux replaces NT in large numbers, moving it out of the academic and into the commercial world, will it too become a hackers dream? Linux users should from the beginning make sure that they are using one of the supported releases and not an Internet download!
Unfortunately malicious hacking has not stopped at making fools of Microsoft and large corporations, it has opened the doors for terrorist attacks. Despite the high security there are already reports of non-malicious entry to government databases, including the White House. In the UK someone managed to find and publish all the private telephone numbers of the British Royal family, a big joke, but if they could access such private data think what else they could do. Terrorists will obviously like to access databases but they could also attack power stations, chemical plants, etc., because these are increasingly being connected to networks to aid remote control and maintenance. This has been the bread and butter of fiction writers and movie makers for many years now, but with recent events we must worry about the possibility of moving from fiction to fact. The fiction writers are unwittingly giving terrorists new ideas.
In the present climate it is tempting to suggest that the Internet is a potential disaster area and that we would be better off to close it down, or at least to avoid connecting to it. But there are so many potential advantages that stem from a global communication network that this is a negative attitude and must be avoided. The Internet is proving much slower at delivering on its promises than we all hoped, largely due to the mess that the communications industry has got itself into by trying to provide "free" services, but it will happen. The only answer then lies in properly controlled use of the Internet and any other public network. There is no cheap solution. Companies must be prepared to pay for there security themselves. This involves buying security devices such as firewalls etc., but expertise is far more important. It is essential to employ trained staff and it is equally essential to buy some expert consultancy, the necessary skills are seldom available in house.
And so we come to a new concept, ethical hacking. Companies should buy the services of specialist "hackers" to break into their own systems. It is the only way that the vulnerability to attack can be assessed and defended against.