Research examines 'white hat' hackers in cyber warfare

From the Heartbleed bug that infected many popular websites and services, to the Target security breach that compromised 40 million credit cards, malicious hackers have proved to be detrimental to companies' financial assets and reputations.

To combat these malevolent attackers, or "black hats," a community of benign hackers, i.e., "white hats," has been making significant contributions to cybersecurity by detecting vulnerabilities in companies' software systems and websites and communicating their findings. Researchers at Penn State's College of Information Sciences and Technology (IST) are studying white hat behaviors and how the talents of the white hat community can be most effectively used.

According to the researchers, undisclosed vulnerabilities in publicly and privately deployed software systems are a significant contributing factor to potentially damaging security incidents. Black hat hackers search for unknown software vulnerabilities and attempt to derive benefit by either exploiting such vulnerabilities to steal data and damage service availability or by selling information about such vulnerabilities on black markets.

A recent example is the Heartbleed security bug that was discovered in April and dubbed one of the biggest security threats the Internet has ever seen. Heartbleed's target is the open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where sensitive data such as usernames, passwords and credit card numbers are stored. A further complication is the interconnected nature of the Internet—an attack on an individual website or server has the potential to affect numerous websites.

For example, in August 2013, a group claiming to be the Syrian Electronic Army was able to take down the New York Times by hacking into a website in Australia. According to media reports, the group gained control of the Times' domain name registrar, Melbourne IT. A domain name registrar is a site that sells domain names and controls a domain name server (DNS). By hacking into the DNS server, the group could redirect the traffic going to nytimes.com. The Syrian Electronic Army also said it hacked Twitter, which also reportedly uses Melbourne IT.

http://cyberwar.einnews.com/article/245756848/EXuY3KwTy6b32O1Z

« UK: New £3m cyber innovation centre in Gloucester
New Cyber Security School opening in London: »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

GFI Software

GFI Software

GFI Software works with System Administrators, IT Professionals and IT Executives to ensure that their IT infrastructures are monitored, managed, secured and compliant.

Hypori

Hypori

Hypori is a virtual smartphone solution that makes truly secure BYOD a reality for organizations in healthcare, finance, government, and beyond.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

ForAllSecure

ForAllSecure

ForAllSecure’s mission is to make the world’s software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

Global Cyber Risk (GCR)

Global Cyber Risk (GCR)

Global Cyber Risk is a technology and advisory services firm that provides first tier cybersecurity services to both large corporations and small and mid-sized businesses.

WidePoint

WidePoint

WidePoint Corporation is an innovative provider of Trusted Mobility Management (TM2) solutions.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

Stronger International

Stronger International

Stronger International provides expert cyber services and training to organizations and individuals to enhance IT and security knowledge.

Progress Partners

Progress Partners

Progress Partners is a corporate advisory firm that works with buyers and sellers of emerging growth companies to complete M&A or private placement transactions. Our sectors include cybersecurity.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

Keytos

Keytos

Keytos has revolutionized the Identity Management and PKI industry by creating cryptographic tools that allow you to go password-less by making security transparent to the user.

Opkalla

Opkalla

We started Opkalla because we believe IT professionals deserve better. We help our clients navigate the confusion in the marketplace and choose the solution that is right for your business.

Boston Government Services (BGS)

Boston Government Services (BGS)

Boston Government Services is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets.

Amtivo Group

Amtivo Group

Amtivo provides Certification, Inspection and Training services to national and local Government bodies, multi-nationals, enterprise clients and SMEs.