Research examines 'white hat' hackers in cyber warfare

Uploaded on 2015-02-05 in NEWS-Cybersecurity News, TECHNOLOGY--Hackers

From the Heartbleed bug that infected many popular websites and services, to the Target security breach that compromised 40 million credit cards, malicious hackers have proved to be detrimental to companies' financial assets and reputations.

To combat these malevolent attackers, or "black hats," a community of benign hackers, i.e., "white hats," has been making significant contributions to cybersecurity by detecting vulnerabilities in companies' software systems and websites and communicating their findings. Researchers at Penn State's College of Information Sciences and Technology (IST) are studying white hat behaviors and how the talents of the white hat community can be most effectively used.

According to the researchers, undisclosed vulnerabilities in publicly and privately deployed software systems are a significant contributing factor to potentially damaging security incidents. Black hat hackers search for unknown software vulnerabilities and attempt to derive benefit by either exploiting such vulnerabilities to steal data and damage service availability or by selling information about such vulnerabilities on black markets.

A recent example is the Heartbleed security bug that was discovered in April and dubbed one of the biggest security threats the Internet has ever seen. Heartbleed's target is the open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where sensitive data such as usernames, passwords and credit card numbers are stored. A further complication is the interconnected nature of the Internet—an attack on an individual website or server has the potential to affect numerous websites.

For example, in August 2013, a group claiming to be the Syrian Electronic Army was able to take down the New York Times by hacking into a website in Australia. According to media reports, the group gained control of the Times' domain name registrar, Melbourne IT. A domain name registrar is a site that sells domain names and controls a domain name server (DNS). By hacking into the DNS server, the group could redirect the traffic going to nytimes.com. The Syrian Electronic Army also said it hacked Twitter, which also reportedly uses Melbourne IT.

http://cyberwar.einnews.com/article/245756848/EXuY3KwTy6b32O1Z

« UK: New £3m cyber innovation centre in Gloucester
New Cyber Security School opening in London: »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

International Security Management Association (ISMA)

International Security Management Association (ISMA)

ISMA is an international security association of senior security executives from major business organizations located worldwide.

FAMOC

FAMOC

FAMOC is an enterprise mobile management solution that delivers comprehensive security and management for applications, documents, email, and mobile devices.

Konfidas

Konfidas

Konfidas provide high-level cybersecurity consulting and professional tailored solutions to meet specific cybersecurity operational needs.

Authorize.Net

Authorize.Net

Authorize.Net is a Payment Gateway which provides the complex infrastructure and security necessary to ensure fast, reliable and secure transactions.

Lanner Electronics

Lanner Electronics

Lanner Electronics is a leading hardware provider for advanced network appliances and industrial automation solutions including cyber security.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

ISA Security Compliance Institute (ISCI)

ISA Security Compliance Institute (ISCI)

ISCI, a not-for-profit automation controls industry consortium, manages the ISASecure™ conformance certification program for industrial automation and control systems.

NETRIO

NETRIO

If you are looking for a highly mature, exceptionally competent Managed Service Provider, NETRIO has solutions to keep your business running at warp speed with zero disruptions.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.

Data Computer Services

Data Computer Services

Data Computer Services provides professional tailored IT Support and IT Services for businesses throughout Edinburgh and the Lothians.

42Crunch

42Crunch

42Crunch provides API security testing and threat protection. We proactively test, fix and protect your APIs from development to runtime.

Telarus

Telarus

Telarus is a Technology Services Brokerage that holds contracts with the world's leading cloud voice, contact center, cybersecurity, mobility and IoT providers.