An insight into security research and ethical hacking
-
Are software testing and ethical hacking the same? What exactly is security research and who can help with the testing of software? Vivaldi developer Tarquin Wilton-Jones explains.
Click here to see the full blog post
-
Good article.
If you do want to look for vulnerabilities in websites, or even if you find one by accident and want to dig around a bit to report it, it is worth reading up on the law where you live.
In the UK, the Computer Misuse Act and the whole legal situation around computers and hacking requires you to get detailed and explicit permission (ideally written or in some concrete form) before you attempt any such hacking.
The law is incredibly wide-reaching and I've seen people complain that it can be off-putting to potential security researchers who could get caught out by it even if they were acting in the best of interests.
Look at the act, the whole first section basically makes the kind of research suggested in this article illegal unless you get crystal clear permission before you get anywhere near the system you want to investigate:
(1)A person is guilty of an offence ifβ
(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer [F1, or to enable any such access to be secured] ;
(b)the access he intends to secure [F2, or to enable to be secured,] is unauthorised; and
(c)he knows at the time when he causes the computer to perform the function that that is the case.
(2)The intent a person has to have to commit an offence under this section need not be directed atβ
(a)any particular program or data;
(b)a program or data of any particular kind; or
(c)a program or data held in any particular computer.From that I read that even just trying to use an incorrect login, or guess the URL of a debug page, it could be seen as a breach of the law if you go up against the wrong lawyer. (I guess you can't be guilty if you're a "she". huh.)
There are also rules about being in possession of material that you could conceivably use, or give to someone who then uses it, to commit a computer misuse offence, so you need to be really careful about what you publish (if you choose to do so after its fixed).
Most sensible companies will be receptive if you point out a flaw to them in a proper private fashion, but there is always the danger that, if the law permits it, they may end up trying to take you to court over your actions.
-
Great article and a really interesting read! I think it's reassuring that Vivaldi as a small company even has its own team dealing with security issues
Developers often don't have the time or skillset to understand the security issues in their code, so having a team focus on security is critical.
Good tools are as they say half the job, but there's no substitute for knowing how the underlying protocols of the internet work in detail and reading those (extremely dry) RFCs. A lot of these protocols are going on 40+ years now - SMTP was introduced in 1981 - and the internet was never really built with a focus on security from the outset. Not a lot of people know you can just telnet to any mail server on port 110 and communicate with it, even try sending email as for instance
[email protected]
. Obviously this is not very secure, but it's fun to try nonethelessOh and kudos to the illustrators for avoiding the the generic "hooded thug hunched over a laptop in the dark with matrix code in the background" clichΓ©
-
:knight:
Nicely done post. -
@lonm: Excellent comment, thanks very much. We added in a note for that point.
-
Great article, thank you so much!
-
@lonm: Yeah I often explain the difference in using passive and active OSINT scans due to the risk.
-
Nice break down of the various aspects and pitfalls.
@tarquin Would you consider the lack of DNSSec validation in browsers to be the reason why websites don't use it, or that browser makers won't add it until site owners use it ? -
@lonm: Great article written and it's much interesting while reading thia and having some pro knowledge. Really appreciate your effort.
-
This post is deleted! -
This post is deleted! -