Showing posts from January, 2023

What Is an Ethical Hacker?

 It’s easy to have the simple view that all hackers are bad guys out to cause data breaches and to deploy ransomware. This isn’t true, though. There are plenty of bad-guy hackers out there. Some hackers use their skills ethically and legally. An “ethical hacker” is a hacker that hacks within the remit of a legal agreement with the legitimate system owner. Tip: As the opposite of a black hat hacker, an ethical hacker is often called a white hat hacker. The core of this is an understanding of what makes hacking illegal. While there are variations around the globe, most hacking laws boil down to “it is illegal to access a system if you don’t have permission to do so.” The concept is simple. The actual hacking actions aren’t illegal; it’s just doing so without permission. But that means that permission can be granted to allow you to do something that would otherwise be illegal. AD This permission can’t just come from any random person on the street or online. It can’t eve

What is Security Through Obscurity?

Security is a critical feature of our modern lives. With the number of things that rely on digital communications, security is basically fundamental now. Take the example of just connecting to a website. If the connection is securely encrypted then you can be confident that the data sent between you and the web server is unmodified and unknown to everyone else. If you connect insecurely, any device that transmits or can see the transmission of your connection can see exactly what data is transmitted. In that scenario, any device that is part of the transmission chain between you and the server can also edit the data in transit too. The thing with all of this secrecy is that most of it isn’t secret at all. In fact, the entire encryption algorithm is public. Only a single part of the system needs to be secret in order for the encrypted messages to be secure. That’s the encryption key. Modern cryptography follows Kerckhoffs’s Principle from 1883: “a cryptosystem should be