2007年12月16日 星期日

Basic Terminology

Yes, it is boring, but it is essential to understand some basic term. Just bear with it, there are just a few and I have kept it simple and short.

Threat - A potential violation of security.

Vulnerability - Existence of a weakness, design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system, network, application or protocol involved.

Target of Evaluation - An IT system, product or component that is identified/subjected as requiring security evaluation.

Attack - An assault on system security that dervied from intelligent threat, i.e. an intelligent act that is a deliberate attempt to evade security services and violate security policy of a system.

Exploit -A defined way to breach security of an IT system through vulnerability.

Make an analogy, Target of Evaluation is a person who has weakness (vulnerability), because of the weakness he is subject to certain potential dangerous act or event (threat). A thief (cracker) can exploit his weakness to cheat (attack) on him.

Can Hacking Be Ethical?

Yes! That is why I start writing this blog.

The next question you would probably ask is "How can hacking be considered as ethical?". The idea of hacking in general mind is an act of unauthorized access to computer resource. How can unauthorized access be considered as ethical?

Yes, it can! Unauthorized access can still be ethical and moral if the objective is to help not to destroy. After gaining unauthorized access you can abuse the information or privilege you have, or on the other hand you can help improve the security of the system.

Large corporates have begun to realize the need to evaluate their system for vulnerabilities and correct security holes. They need some one who can think like a cracker and simulate their act to hack into their system without doing anything harmful.