From: InfoSec News (isnC4I.ORG)
Date: Sun Apr 01 2001 - 20:14:17 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://news.cnet.com/news/0-1003-200-5402894.html

By Robert Lemos
Special to CNET News.com
March 30, 2001, 12:45 p.m. PT

reporter's notebook VANCOUVER, B.C.--Black hat or white hat?

That was the seemingly innocuous question that greeted attendees at
the CanSecWest conference this week: Do you want the white baseball
cap or the black one? (Gray caps were reserved for speakers.)

Yet within the security community, the question is a litmus test that
differentiates between those who use their knowledge to improve
computer security--the white hats--and those who use it to break into
computer systems--the black hats. Despite the fact that most of the
attendees came from reputable companies, the black caps were gone by
the second day.

"When you get down to it, these guys are really all the same
personality type," said Martin Roesch, president of SourceFire and the
creator of a popular open-source intrusion detection system called
Snort.

After a day at the conference, just what that personality type was
seemed clear: Not good or bad, just monomaniacally curious.

That curiosity first focused on the hotel's high-speed network.

By registration time, an attendee had already gotten the password to
the hotel's phone system (but didn't use it), and a day later, the
hotel's high-speed Internet system had been accidentally crashed by
another attendee who had taken over the hardware connecting the hotel
to the Internet. (It was resurrected soon after.)

Richard Johnson, security administrator for the National Center for
Atmospheric Research, connected an Apple Airport wireless hub to his
room's high-speed Internet port, so he could wander around his room
and still use the Internet. Within five minutes, he said, a handful of
hackers from nearby rooms had hitched a ride on his connection as
well.

"They're just playing," he said. "We're all having a good time
learning."

That sort of curiosity made the conference's wireless network a
security nightmare. Almost every person on it was either scanning
every other person's computer or just passively listening to what the
other computers were doing.

The scanning set off digital burglar alarms, called intrusion
detection systems, run by many of the security specialists.

Normally, a typical user with a personal firewall might see a handful
of alerts every hour, on a busy day. SourceFire's Roesch, sporting a
black cap, said he saw 2,300 alerts on his computer in less than five
minutes.

By the end of the conference, paranoia had set in. Type a password
into Yahoo? Someone most likely knows it. Send an e-mail to a friend?
Someone's reading it right now.

Suddenly, the Internet seemed a lot less safe. Of course, that's the
whole point of what these people do.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]