Research examines 'white hat' hackers in cyber warfare

Uploaded on 2015-02-05 in NEWS-Cybersecurity News, TECHNOLOGY--Hackers

From the Heartbleed bug that infected many popular websites and services, to the Target security breach that compromised 40 million credit cards, malicious hackers have proved to be detrimental to companies' financial assets and reputations.

To combat these malevolent attackers, or "black hats," a community of benign hackers, i.e., "white hats," has been making significant contributions to cybersecurity by detecting vulnerabilities in companies' software systems and websites and communicating their findings. Researchers at Penn State's College of Information Sciences and Technology (IST) are studying white hat behaviors and how the talents of the white hat community can be most effectively used.

According to the researchers, undisclosed vulnerabilities in publicly and privately deployed software systems are a significant contributing factor to potentially damaging security incidents. Black hat hackers search for unknown software vulnerabilities and attempt to derive benefit by either exploiting such vulnerabilities to steal data and damage service availability or by selling information about such vulnerabilities on black markets.

A recent example is the Heartbleed security bug that was discovered in April and dubbed one of the biggest security threats the Internet has ever seen. Heartbleed's target is the open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where sensitive data such as usernames, passwords and credit card numbers are stored. A further complication is the interconnected nature of the Internet—an attack on an individual website or server has the potential to affect numerous websites.

For example, in August 2013, a group claiming to be the Syrian Electronic Army was able to take down the New York Times by hacking into a website in Australia. According to media reports, the group gained control of the Times' domain name registrar, Melbourne IT. A domain name registrar is a site that sells domain names and controls a domain name server (DNS). By hacking into the DNS server, the group could redirect the traffic going to nytimes.com. The Syrian Electronic Army also said it hacked Twitter, which also reportedly uses Melbourne IT.

http://cyberwar.einnews.com/article/245756848/EXuY3KwTy6b32O1Z

« UK: New £3m cyber innovation centre in Gloucester
New Cyber Security School opening in London: »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cybereason

Cybereason

Cybereason provides attack protection with cutting edge EDR and XDR, and industry recognized consulting services to support organizations throughout any stage of the incident lifecycle.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO was founded in 2015 with the aim of counteracting the threats posed by globally organized cybercrime and state-controlled industrial espionage.

Modux

Modux

Modux focus on a number of core competencies across cyber security including; cyber intelligence & analytics, penetration testing and training.

Carbonite

Carbonite

Carbonite offers all the tools necessary for protecting data from the most common forms of data loss, including ransomware, accidental deletions, hardware failures and natural disasters.

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

InfoSec Conferences

InfoSec Conferences

InfoSec Conferences is an online directory of infosec conferences. We list every single Information Security conference, event and seminar within every niche in Cybersecurity.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

Binarly

Binarly

Binarly is a global firmware and software supply chain security company founded in 2021.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

Yotta Infrastructure Solutions

Yotta Infrastructure Solutions

Yotta Infrastructure, a Hiranandani group company, provide Datacenter Colocation and Tech Services such as Cloud services, Network & Connectivity, IT Security and IT Management services.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.

VISO Cyber Security

VISO Cyber Security

VISO provide Cyber Security Consulting and CISO as a Service to companies who need to augment their leadership teams with information security expertise.

MyTurn Career LLC

MyTurn Career LLC

Looking for a rewarding career in cybersecurity? Explore a wide range of cybersecurity jobs and opportunities in this rapidly evolving field.