• HOME
• Search ECP
• About Us ©
  • ©1996 ECP Copyright
  • Contact Us
  • ABOUT US
  • Ask Permission to Use
  • How To Cite ECP
  • Mission Statement
  • Why Play Here?
  • Suggest A Link
  • ECP Awards
  • Press
  • Site Sponsors
  • Partnerships
  • Privacy Policy
• Purchase
  • Ads In Vendor Directory
  • Ads In Blog
  • Advertising Rates
  • Site Development
  • Buy Books
• Channels
  • Blog, Mailing Lists
  • K-12 School Directory
  • Teachers
  • Interdisciplinary
  • Arts
  • Music
  • NCFR Folksongs
  • Literacy
  • Linguistics
  • Internet
  • Technology
  • Vendor Directory
• Hot Topics
  • K12 Education Issues
  • Folksong Repository
  • Music Law
  • Baby Development Chart
  • Element Song
  • Funk Brothers
  • Online Curricula
  • Webquests
  • Grandma's Tutorial
  • Net Rules for Parents
  • Security
  • K-12 Administrators
  • Digital Divide
  • *ECP RingLeaders

 

Ethics

Public Institutions and Agencies Weakening the trust of the public

How do you protect the fact finding process?

Ethical Hackers "hax0rs" -- hacker-speak for hackers

1/2011 In an age where the government threatens to restrict access to the Internet, people need to arm themselves with the knowledge to work around any attempts at censorship. Suggestions such as using Google Translate and viewing Web pages as emails, to more complex systems such as setting up VPNs (virtual private networks) and information about proxies.There is no point in trying to go after digital pirates. Ankit Fadia’s official site got hacked by a group called Team Grey Hat. The hackers seem to have gotten access to the files on his server. A Pastebin dump has been setup that shows screenshots of the files. Since the blocks can be circumvented easily, as you show in your book, does it matter if the government tries to ban/block websites?

It matters a lot - there is always a way to work around things, and I’m going to release updated versions of this book over time as more tips surface to make it even more useful - but people shouldn’t have to do all this. While some people will work around bans, the majority won’t, just like in China. In order to punish a few genuine offenders, the government will negatively affect most Internet users, and that is a real problem. Educating people about technology is, of course, one way around it, but things shouldn’t have to reach that stage at all.
http://www.livemint.com/2012/01/24210113/The-digital-hacktivist.html

---

The "best ideas" about Piracy have nothing to do with legislation, because legislation is tackling the wrong problem. No amount of legislation or enforcement stops piracy. That's been shown over and over again. What does help deal with infringement is offering a better service that gives consumers more of what they want in a reasonable and convenient manner.
Nat Torkington's brilliant response is this old joke:

Heavy rains start and a neighbour pulls up in his truck. "Hey Bob, I'm leaving for high ground. Want a lift?" Bob says, "No, I'm putting my faith in God." Well, waters rise and pretty soon the bottom floor of his house is under water. Bob looks out the second story window as a boat comes by and offers him a lift. "No, I'm putting my faith in God." The rain intensifies and floodwaters rise and Bob's forced onto the roof. A helicopter comes, lowers a line, and Bob yells "No, I'm putting my faith in God."
Well, Bob drowns. He goes to Heaven and finally gets to meet God. "God, what was that about? I prayed and put my faith in you, and I drowned!"
God says, "I sent you a truck, a boat, and a helicopter! What the hell more did you want from me?"

How does that apply to this situation? Same thing. The tech industry keeps sending Hollywood the tools it needs to save itself... and Hollywood keeps "waiting" for some miraculous savior, while missing all of the tools it's been offered to save itself:

All I can think is: we gave you the Internet. We gave you the Web. We gave you MP3 and MP4. We gave you e-commerce, micropayments, PayPal, Netflix, iTunes, Amazon, the iPad, the iPhone, the laptop, 3G, wifi--hell, you can even get online while you're on an AIRPLANE. What the hell more do you want from us?
Take the truck, the boat, the helicopter, that we've sent you. Don't wait for the time machine, because we're never going to invent something that returns you to 1965 when copying was hard and you could treat the customer's convenience with contempt.

---

Ethics Guidelines for Public Media Employees
On the Clock or Off: Public Service Ethics the Same in Today's Networked World. "Public Media Ethics Never Log Off: Guidelines for Public Media Employees in Their Off-Hours" is posted at the Public Media Integrity Project website. pdf download here

 

Setting the Framework for the Question of Institutional Corruption
In his inaugural lecture as director of the Edmond J. Safra Foundation Center for Ethics, Professor Lawrence Lessig presented both a plan of and call to action as the Center embarks on its five-year investigation of the problem of institutional corruption. Having introduced these ideas of an "economy of influence" and "institutional independence," Professor Lessig went on to introduce a third key concept underlying his understanding of the problem of institutional corruption, that of "responsibility." Institutional corruption ought to be understood as activities that, despite their being in accordance with existing institutional rules, either result in or from some improper influence within that institution's economy of influence that brings about either 1) a weakening of the effectiveness of that institution, or 2) a weakening of the public's trust of that institution. See: The Sociology of Power

 

See: Character Education
2009 Teen hacking seen as casual activity
Casual hacking is as almost as established a part of teen life as downloading music to an iPod, a new survey of the age group has claimed. According to Panda Security, we should take seriously the statistic it gathered from a survey of over 4,000 15 to 18 year-olds that nearly one in five of them have the knowledge to use 'advanced' Internet-distributed hacking tools. Of that group, nearly a third claimed to have used them on at least one occasion.Two thirds of the group said they had actually succeeded in hacking instant messaging or social network accounts of people known to them, with 20 percent admitting to having published embarrassing photographs or videos of acquaintances on the Internet. Apart from mischief-making and competition with their peer group, the main motivation for trying out hacking appears to be curiosity, with 86% citing that as the point from which their involvement started. Casual hacking is as almost as established a part of teen life as downloading music to an iPod, a new survey of the age group has claimed.
According to Panda Security, we should take seriously the statistic it gathered from a survey of over 4,000 15 to 18 year-olds that nearly one in five of them have the knowledge to use 'advanced' Internet-distributed hacking tools. Of that group, nearly a third claimed to have used them on at least one occasion.Two thirds of the group said they had actually succeeded in hacking instant messaging or social network accounts of people known to them, with 20% admitting to having published embarrassing photographs or videos of acquaintances on the Internet. Apart from mischief-making and competition with their peer group, the main motivation for trying out hacking appears to be curiosity, with 86% citing that as the point from which their involvement started.

VIRTUAL ACTIVIST TRAINING GUIDE
NetAction's self-guided training course is a comprehensive guide to Internet outreach and advocacy.

Defcon 18 Pwned By the owner What happens when you steal a hackers computer zoz part.

---

Hackers are often perceived as isolated, alienated individuals, working alone or in small groups. In reality, hackers are quite social, frequenting online forums and chat rooms to brag about their exploits, exchange tips and share knowledge. Online forums are critical to the hacking community, and are used by hackers and crackers to learn, communicate and collaborate with other like-minded individuals. The forums are generally not easily discoverable or accessible to everyone, but interested newbies will find plenty of resources and support to get started.

---

 

"HACKER ETHIC" - White Hat - Grey Hat - Black Hat Hackers Curious if Unconventional Researchers

ORIGIN AND DEFINITION
The terms hack and hacker originated in the 1950s at The Model Railroad Club at the MIT.

Hackers Find Bugs
Kevin Finisterre isn't the type of person you expect to see in a nuclear power plant. With a beach ball-sized Afro, aviator sunglasses and a self-described "swagger," he looks more like Clarence Williams from the '70s TV show "The Mod Squad" than an electrical engineer. But people like Finisterre, who don't fit the traditional mold of buttoned down engineer, are playing an increasingly important role in the effort to lock down the machines that run the world's major industrial systems. Finisterre is a white-hat hacker. He prods and probes computer systems, not to break into them, but to uncover important vulnerabilities. He then sells his expertise to companies that want to improve their security. Hackers are not hireable by a national laboratory. Finisterre caught the attention of INL in 2008, when he released attack code that exploited a bug in the CitectSCADA software used to run industrial control environments. He'd heard about the INL program, which helps prepare vendors and plant operators for attacks on their systems, and he thought he'd drop them a line to find out how good they really were.He was not impressed.
[http://features.techworld.com/security/3311064/after-stuxnet-a-rush-to-find-bugs-in-industrial-systems/]

 

"FREE AS AIR, FREE AS WATER, FREE AS KNOWLEDGE" ~ Stewert Brand
"In fall 1984, at the first Hackers' Conference, I said in one discussion session: "On the one hand information wants to be expensive, because it's so valuable. The right information in the right place just changes your life. On the other hand, information wants to be free, because the cost of getting it out is getting lower and lower all the time. So you have these two fighting against each other." That was printed in a report/transcript from the conference in the May 1985 *Whole Earth Review*, p. 49. Note that this refers to the original use of the term 'hacker', as programmer, not as cracker.

"Hacker Ethic" the passionate pursuit of knowledge. They share the basic interests of how things work, and how to break them as well as fix them [Hacking] keeps you on your toes. Hacking is about basic knowledge, knowing more about the innards of a system than anyone around you and being fascinated by mastering how things work.

The original meaning of the word hacker: someone who enjoys stretching the capabilities of a system and solving hard problems. http://www.catb.org/~esr/jargon/html/H/hacker.html

Eric Raymond's article about ``The Hacker Milieu as Gift Culture'' makes clear the difference: http://www.catb.org/~esr/writings/cathedral-bazaar/homesteading/ar01s06.html
Real hackers have given us Unix and Emacs and the Macintosh and apache and BSD and Linux and sendmail and numerous other high quality gifts, because that's what they enjoy and that's how they build their reputations.  

How to Become a Hacker

 

1983 Hacker "one who gains unauthorized access to computer records" from slightly earlier tech slang

1976  Hacker " one who works like a hack at writing and experimenting with software, one who enjoys computer programming for its own sake," reputedly coined at Massachusetts Institute of Technology.

1984 Hack (v.) "illegally enter a computer system" is first recorded

Social Engineer and the The art of human hacking

Which tactic works best for a scamming social engineer? Acting like an authority figure and requiring a victim to answer questions and give up sensitive information? Or acting like a nice, trustworthy person who strikes up a friendly conversation and just needs the victim to tell
them a few things to help them out?
That was the question asked by the team behind the web site social-engineer.org. They have just released results of a several-months long poll that laid out two different scenarios of how a social engineer might try and elicit information from a victim.
The first showed how the principle of endearment and how it may be used by a malicious social engineer. The example given was a social engineer who attempts to get strangers to engage in very personal conversation with him with little effort. Dressed very casually he grabbed a prop that he felt would endear people to him, a small sign that had a funny slogan on it. As he walked around, looking like a tourist with his prop, he was able to engage people in conversation. "The fact is we like to deal with people who are like us, but even more powerfully we like to deal with those who LIKE us," said Christopher Hadnagy, "Endearment makes a person feel liked and, in turn, like you. Endearment is used by getting on the same plane as the target, or giving them reasons to like you." [...]
csoonline.com/article/691910/new-social-engineering-poll-reveals-which-scam-works-better

Hacktivism

 

 

Hacktivism as a praxis was born in December 1997 when Critical Art Ensemble member and software engineer Carmin Karasic was so appalled by the events of the Acteal Massacre - 45 Zapatistas were murdered at the hands of the Mexican government - that she set out to create a Web interface that would perform political protest as an aesthetic act. Three other Critical Art Ensemble members joined her in forming a new collective they named the Electronic Disturbance Theatre. (The group's name is drawn from the concept of civil disobedience first proposed by Henry David Thoreau.) Their electronic civil disobedience engine is named FloodNet; funded by RTMark and launched in September 1998, it is Karasic's brainchild in her war against injustice.

• Hacktivists - "hacktivism," hacking with an ethical or political end, they are not cyberterrorists
  
• "Crackers" the dark-side, hackers who illegally break into systems to vandalize them
• Cypherpunk - a movement devoted to using networking technology and strong encryption to grasp freedoms denied by oppressive governments.
• ANNONYMOUS / JOHN GILMORE CYPHERPUNK
  Background on Assange's rage against the state & Cypherpunks
• Cyberpunk - a subgenre of science fiction focussing on computer and technological undergrounds in dystopian anarchocapitalist futures.
  
• Phreaks - people who hack the telephone system.
  
• Jargon File, a comprehensive compendium of hacker slang illuminating many aspects of hackish tradition, folklore, and humor.
  
• The annual Las Vegas hacker convention called Def Con was founded by  Jeff Moss in 1993.
• IEEE Computer Society
• The Ethical Hacker Network - Essential Wireless Hacking Tools By Daniel V. Hoffman, CISSP, CWNA
  Anyone interested in gaining a deeper knowledge of wireless security and exploiting vulnerabilities will need a good set of base tools with which to work. Fortunately, there are an abundance of free tools available on the Internet. This list is not meant to be comprehensive in nature but rather to provide some general guidance on recommended tools to build your toolkit.

Interview with Security Expert Marcus Ranum 06/29/05 AND (listen to his speech) Marcus Ranum replies:

I'm wondering why you say 'hackers' instead of <'crackers'...> thats who is causing problems...
Crackers, hackers, as*holes, you can call 'em whatever you like. Did you understand what I was saying? Then let's not worry about whether my vocabulary is politically correct or not. (By the way the earliest references to "Computer Hackers" were in memos about MIT's timesharing system and phone system being screwed up by "so-called hackers" -- and it was definitely not a term of kindness. I see these discussions about "hacker" versus "cracker" or "technophile" or "cybercriminal" or whatever as a linguistic dodge to whitewash the unpleasant truth: there is a very large grey area between acceptable and unacceptable action and a lot of people are seeking a comfort-zone that justifies their doing things that annoy other people. No matter how you cut it, if it's damaging, annoying, or just plain rude, it's not proper behavior.) ~ mjr.

 

RICHARD STALLMAN FREEDOM FIRST: Unethical Products that restrict freedom.

 

Richard Stallman - Happy Hacking
Free software movement started in 1983 by Richard Stallman. Freedom and community are the moral goals of software freedom. He wrote version gnu 1, 2, and now 3 with the help of a contract lawyer. GNU public License protects the freedom on every user. Free computer programs - copyright vs. copyleft.

Facism:
Gov't toadies to big business Disney, Intel, Sony, Microsoft conspiracy.
HDTV plot to control technology available to the public. After 2013 Analog video outputs will be forbidden and won't be allowed to be manufactured.

DEMOCRACY
Pirates - where true democracy was born because the crew always had a vote. "His crew were a really rough, tough bunch - often coming from prisons and being escaped slaves. "But Sir Henry didn't have any noticeable problems with leadership and seemed to be accepted by his crew."

MIT OpenCourseWare: Ethics
This OpenCourseWare offering from MIT begins fittingly, with an architectural detail of Libra the Scales from the Autun Cathedral in France. This course was originally taught in the fall of 2009 by Professor Julia Markovits, and the course is a seminar on "classic and contemporary work on central topics in ethics." Some of the questions addressed by these
materials include "What makes our actions right or wrong?" and "What is virtue?" Visitors to the site will find the course syllabus, readings, lecture notes, and some assignments. The lecture notes include sessions on moral explanations, moral judgments, and utilitarianism. Also, visitors can look over the reading lists and offer their own feedback on the course.

WHITE HAT ETHICS

 

Johnny Long Christian, Hacker, Author, Pirate and Ninja is the descendant of Captain Sir Henry Morgan, 7th century buccaneer "one of the most notorious and successful privateers [.from wales..] and one of the most dangerous pirates that lurked in the Spanish Main.” is the penetration tester for Computer Sciences Corporation (nyse: CSC ) security team. Long is paid to probe weak points in a company's information security. His job as a "white-hat" hacker is to think like the bad guys--the more evil genius he can summon up, the better. His job as a "white-hat" hacker is to think like the bad guys. Google Hacking Mini-Guide By Johnny Long May 7, 2004 and Article about No Tech Hacking then you should watch No Tech Hacking DefCon video about this topic. Johnny has written or contributed to several books, including Google Hacking for Penetration Testers, InfoSec Career Hacking, Aggressive Network Self-Defense, Stealing the Network: How to Own an Identity, and OS X for Hackers at Heart. Google Hacking. Hacking Hollywood Style - Is it in You?

• Stangdawg.com and his personal blog
• Hacker Public Radio
• The Revolution will be Digitized Hack TV
• Binary Revolution Forums
• Welcome to Rixstep.
  Where business is the usual. Where the industry is watched because it needs watching. Where software products are watched for the same reason. Where you can actually unbelievably enough learn things. And where you'll find heaps of scrumptious software, some of it even for free. Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long.
• Ethical Hacking and Penetration Testing - Discussion on ethical hacking and penetration testing subjects.
• Internet Security - Phrack
• Jeremiah Grossman is the founder and Chief Technology Officer of WhiteHat Security lists 5 Great Web security blogs you haven't heard of.
• Cryptogram Newsletter
• How File-Sharers Will Bypass UKs Anti-Piracy Act 2010 how file-sharers will easily avoid the measures that have been introduced by the new legislation.

NTRO's ethical hackers to conquer China

 

Monday, 03 October 2011The plan, sources said, is to put in place a group of hackers with special emphasis on countering the threats emanating from Chinese hackers. Sources also said that the Chinese hackers have the capability to disrupt the communication links of the satellites and drain out the information from the space-based assets. The Government swung into action following two major offensive operations from the Chinese hackers — Operation Shadow in the Cloud and Operation Shady RAT—that were into action for three to five years for theft of classified defence data before being detected by the McAfee (a cyber security company) and Canadian researchers respectively.
The National Technical Research Organisation (NTRO), premier technical intelligence agency, has hired a team of ethical hackers to counter the ever-increasing threat of Red Army — a state-funded group of Chinese hackers — to sensitive Government websites, critical infrastructure and secure the space-based assets from cyber attacks. The Red Army or the Red Team is estimated to have on board 10,000 hackers and poses threat to the entire world, a realization resulting in strengthening of the cyber warfare capabilities by countries like the US and India.
The NTRO is a tactical intelligence gathering agency that relies on technology for collection of information for securing the country's security interests, including threats to critical infrastructure and reports directly to the Prime Minister's Office.The agency has appointed a Chinese language tutor to help the hackers learn Mandarin, the language of the Chinese so that national critical infrastructure is protected from the offensive operations of the Red Army. Insiders said the hacking team would help the agency in tracking, analysis, minimization of impact from cyber attacks and counter action against such offensives. This besides, they would also aid in launching offensive operation against an adversary.
dailypioneer.com/pioneer-news/todays-newspaper/10751-ntros-ethical-hackers-to-conquer-china.htmlb

BLACK HAT

 

• Full Disclosure * Privacy * Security * Surveillance * Blog Black Hat
• The User's Manifesto: in defense of hacking, modding, and jailbreaking

Dark Cloud Hovers Over Black Hat
By Jennifer Granick Nov. 23, 2005
Jennifer Granick is executive director of the Stanford Law School Center for Internet and Society, and teaches the Cyberlaw Clinic.
CISCO AND MICHAEL LYNN
Last week Black Hat, the Vegas security conference that was at the center of the Ciscogate controversy last summer, was purchased by CMP Media. The sale has the internet hens clucking about whether ownership by a larger, wealthier corporation will protect Black Hat from future legal challenges, or make it more susceptible to pressure from companies wanting to control vulnerability disclosures.
The more worrisome question is why Black Hat and other purveyors of security information must worry so much about what they disclose. For better or worse, the settlement I negotiated with Cisco in its case against researcher Michael Lynn kept some important legal issues from reaching a courtroom, and these unsettled questions cast a long shadow over security research today.
As a brief background, Michael, my client, worked for ISS, a company that provides security products and services. While there, Michael's job was to study Cisco products, to figure out how they worked and to analyze them for security flaws. Cisco did not give ISS or its employees Cisco source code and ISS had no nondisclosure agreement, or NDA, with Cisco. Michael had the typical NDA with ISS that he would not reveal confidential information obtained during the course of his employment there.
When Michael discovered the now-famous Cisco flaw, ISS initially was pleased to have Michael tout the success at Black Hat. Michael's presentation demonstrated for the first time that it was possible to execute remote code on Cisco routers, and encouraged systems administrators running vulnerable versions to upgrade fast.
But in the weeks leading up to the conference, Cisco and ISS butted heads over what information Michael would reveal about the router code. The day before the conference, Cisco and ISS cut a deal and informed Black Hat that it had to cut Michael's presentation out of the conference materials. Michael, concerned that important information was being suppressed, gave an edited version of his talk anyway, and by that afternoon, Cisco and ISS had jointly filed a federal lawsuit against Michael and Black Hat.
Among other claims, the lawsuit alleged that Michael and Black Hat misappropriated trade secrets by revealing Cisco code in his presentation. In California, where Cisco is located and the lawsuit was filed, misappropriation means "acquisition by improper means, or disclosure without consent by a person who used improper means to acquire the knowledge." Improper means "includes theft, bribery, misrepresentation, breach or inducement of a breach of a duty to maintain secrecy, or espionage through electronic or other means." Importantly, "Reverse engineering or independent derivation alone shall not be considered improper means" under the law. Michael didn't steal anything, and he never had access to confidential Cisco source code. He took the binary distributed with every Cisco router, decompiled it into machine code and used some pointers to the machine code to illustrate the claims made in his presentation.
Machine code is probably copyright-protected, but copyright's fair-use doctrine allows some copying for the purpose of critique and study.
California law makes it clear that people are allowed to study products on the market, and that a trade secret loses its special status when a company sells it to the public. When a company distributes confidential information to insiders, it can assure that that information remains protected by requiring the employee or contractor to sign an NDA.
Since Michael was not under an NDA with Cisco, he and Black Hat should have been in the clear. (At some point, Cisco and ISS lawyers claimed that Michael's NDA with ISS prevented him from reporting information he learned on the job about Cisco products, but arguing that Cisco flaws are ISS confidential information is a real stretch.)

 

EULA

 

But what about the Cisco End User License Agreement that ships with the router code? That's where things get interesting, and troubling for Black Hat's future.
Almost every piece of software today comes with a click-through EULA that purports to regulate how customers can use the product, including a limitation on reverse engineering.

Companies have argued that the EULA has the exact same effect as an NDA - essentially letting every single customer in on a "secret" that they're legally obliged to protect.

If courts adopt this view, instead of keeping insiders loyal, trade-secret law can help companies force the public not to discuss published information. And if EULAs do confer trade-secret protection, that might mean magazines, newspapers and conferences have a duty to screen information to make sure it wasn't obtained by prohibited reverse engineering.

Be careful what you agree to when you click that EULA. Suppose I had put this into my DUC terms of use and you'd have to have clicked OK  in order to get on DUC? So that was then. How about now? I'm feeling greedy . .  . I'd like to lasso all your soul right outta the cyberspace skys . . .
are you ready to give it up? c'mon how 'bout it??
I'm your Bareback Ridin' Bronco Bustin'CowGirrrrl -- Lassoing java applets right out of the Cyberrodeo of life!
Yippee kiyi, yippee-aaaa I'll be ridin' the cybertrails all day.... -- KE

 

In a variety of cases, courts have held that the press has a right to disseminate information of a public concern even if it was illegally obtained.

In the Pentagon Papers case, The New York Times battled the Nixon White House over its right to publish a secret Department of Defense report on U.S. involvement in Vietnam that had been leaked by DOD employee Daniel Ellsberg. The Times won and the documents were published, calling the government version of the nation's decision to go to war into question.
In Barnicki v. Vopper, the Supreme Court said that a radio station could not be sued for playing a tape of an illegally intercepted telephone call between two union leaders involved in a matter of public interest, even though it knew that the person who recorded the call did so illegally, in violation of the Wiretap Act. Those are good decisions. But one of the only cases that addressed the issue of trade-secret publishers went the other way.
In a lawsuit filed by the DVD Copy Control Association against a California man who posted the DeCSS DVD-decryption code on his website, the California Supreme Court held that the First Amendment doesn't mean courts can't stop people from publishing trade secrets when the publisher knows or has reason to know that the information was acquired by improper means. That case is different from the Pentagon Papers case and Barnicki because the court found that DeCSS wasn't a matter of public interest. Of course, most security vulnerabilities are, especially those that affect the machines that form the backbone of the internet. Today, it's unclear how a court would rule in a trade-secret case where Cisco sued ISS for violating the prohibition against reverse engineering.
The rule should be that EULAs don't make published information secret, under any circumstance. The contrary would be dangerous for Black Hat, Michael, future bug finders and computer security. And while trade-secret law can prohibit accomplices and co-conspirators from publishing stolen data, reporters who merely know that information was improperly obtained should have a free-speech right to publish -- especially if the information reaches a matter of public interest, like the safety and security of the foundation of the internet.

2007 World's Most Ethical Companies
This ranking arose from an evaluation of "more than 5,000 companies across 30 separate industries looking for true ethical leadership" in areas such as litigation and conflict resolution, corporate citizenship, pan-industry participation, and governance. Includes a description of methodology, a list of winning companies, and brief additional material about selected winners.

Further information read about UCITA

HOW TO get
security WORK

 

How young upstarts can get their big security break in 6 steps
Here's the problem: The future of information security is in the hands of the youth. That may seem a clichd statement; so obvious it sounds stupid. But it's a fact. Here are a few things you can do to break through and make it in the industry. Think of it as
suggestions for becoming a security rock star, which you almost have to be to make a difference these days. Learn how to talk, dress, master social networking, write, work with suits AND mohawks, and get to conferences.

facebooks reward for bug hunters January 26, 2012
http://www.businessweek.com/magazine/facebooks-reward-for-bug-hunters-01262012.html

Tal Be’ery was happy helping Facebook fight hackers for free. In 2010, when the computer security professional was looking into how identity thieves, spammers, and other con artists used fake Facebook profiles to mount scams, he discovered a flaw that put new users’ passwords at risk of interception.
So Be’ery did what ethical hackers are supposed to do: He ignored the payday he undoubtedly could get from selling the information to criminals and alerted Facebook, which quickly fixed the problem. In recognition, the world’s biggest social media company added Be’ery’s name to a public list of researchers who have responsibly disclosed Facebook bugs.
At the time, that was reward enough for the Tel Aviv resident. Today the 32-year-old wishes he had something more tangible to show for his diligence—namely one of the debit cards Facebook began handing out to bug catchers in July. The Visa-branded (V) cards are loaded with as little as $500 or as much as $5,000—amounts vary depending on the severity of the bug. More important, the shiny black cards are brimming with geek cachet. There’s a whiff of exclusivity about them: Think American Express’s (AXP) by-invitation-only Centurion cards, which are also ebony. “That would be so great to get that,” says Be’ery. “To tell your grandchildren, ‘Papa was a hacker once.’ Just for the symbolic value.”
The cheeky conceit behind Facebook’s debit cards underlines a serious issue. Technology companies are torn about how to engage with application developers or security researchers who spot bugs in the course of their professional work or hobbies. Many businesses ignore unsolicited tips from so-called white-hat hackers. Some even threaten them with legal action. Criminals, governments, and sketchy middlemen are willing to pay top dollar for the nastiest bugs—experts say black market prices can go as high as $1 million.
[...]

Work for the FEDS

2010 DoD Requires Hacker Certification
Official government cyber defenders are now required to have the skills of a hacker according to a mandatory certification approved this week by the Department of Defense. The DoD now requires its computer network defenders (CNDs) pass Certified Ethical Hacker certification program from the International Council of E-Commerce Consultants (EC-Council) to fulfill baseline skills. The Certified Ethical Hacker qualification tests someone's knowledge in the mindset, tools, and techniques of a hacker. CNDs -- who are part of the DoD's information assurance workforce -- protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information systems and computer networks. Assistant Secretary of Defense John Grimes officially instated the Certified Ethical Hacker requirement in late February under DoD Directive 8570, which provides guidance for how DoD information workers
should be trained and managed. [...] DSS

You can work for Jim Christy dod cyber crime response team.

2006 Hackers can work for the Feds - NO DEGREE REQUIRED
http://www.tomsnetworking.com/2006/08/07/defcon2006_meetthefed_nodegree/ Traditional requirements like college degrees and polygraph tests were no longer strictly required for government employment. They also said security clearances are being approved quickly. FBI combats criminal hackers, fraud and abuse.
The government is streamlining its process of attracting hacking talent and has hired several people without degrees. "Very gifted" have the chance of being hired even without a high-school degree. The government is willing to accept people gaining skills away from schools.Many employees, contractors and even people in the senior executive service do not have degrees. Becoming a contractor first is the "easiest and quickest" way to eventually getting a government job and said 60% of his organization is composed of contractors. Government hiring procedures often can be "slow and antiquated" and working with contractors sometimes is the only option to complete a critical job, It can take "two to three years" for that position to be created. Hires can receive an interim secret clearance in about 3 to 4 weeks. According to Christy, the interim check consists of a "quick little" background inquiry and a check for warrants and convictions. " Strict polygraph requirement only exists at some agencies - like the NSA. Polygraphs are usually not required for other government agencies polygraphs are not required for most secret level jobs. Everyone doesn't have to be polygraphed. In certain programs, up to 90% are not polygraphed. Other factors that could disqualify an applicant are financial problems and drug use. Financial responsibility is the "number one" disqualifier, but Christy adds that drug use is also a major disqualifier. "If you used drugs in the last year, you would probably be precluded.

Mark Loveless, a.k.a. “Simple Nomad” Hacker for 25 years, is a Senior Security Analyst at BindView Corporation.  Mark works on the company's highly regarded RAZOR Research Team.  He is also the founder of the Nomad Mobile Research Center, an international group of hackers that explore technologies. He has spent years developing and testing security strengths for a broad range of computer systems. He has also authored numerous papers, tools and articles, all dealing with the computer security and insecurity. Mark is a frequently sought lecturer at security conferences and industry events around the globe. He has been quoted in print, online and television media outlets regarding computer security and privacy.

Who does your OWN security company work for?
It's Not You!

 

You pay a company to keep the bad stuff out of your machine right? BUT Do they get paid off not to?

Mark Russinovich Before Mark Russinovich's mind-blowing expose of Sony BMG's use of stealth technology in a DRM (digital rights management) scheme, "rootkit" was a techie word. Now, the word is being used in marketing material for every anti-virus vendor, cementing Russinovich's status as a Windows internals guru with few equals. The Sony rootkit discovery highlighted the fact that anti-virus vendors were largely clueless about the threat from stealth malware and forced security vendors to build anti-rootkit scanners into existing products. Russinovich, who now works at Microsoft after Redmond acquired Sysinternals, spent most of 2006 expanding on his earlier rootkit warnings and building new malware hunting tools and utilities.

ADWARE COMPANY QUIBBLES WITH LABEL
A company that makes and distributes adware has filed a lawsuit against a computer security company that identifies the adware company's products as "high risk." The adware purveyor, 180solutions, contends that Zone Labs erred in saying that some of 180solutions's applications try to monitor mouse movements and keystrokes. Although
some of its applications employ a technology that could be used in such a manner, those applications do not in fact work that way, according to 180solutions. Representatives from 180solutions said they tried to explain the situation to Zone Labs but were forced to file the lawsuit when Zone Labs refused to remove the applications in question from its list of high-risk tools. Eric Howes, a spyware researcher at the University of Illinois, said that despite its protestations, 180solutions remains "a perfectly legitimate target for anti-spyware companies." According to Howes, security professionals continue to "find unethical and illegal installations of 180's software." ZDNet, 1 December 2005

HACKER ETHICS Computer Women

 

Hackers Who Left a Mark on 2006
These folks disclosed serious vulnerabilities in the technologies we take for granted, forced software vendors to react faster to flaw warnings and pushed the vulnerability research boat into new, uncharted waters.
1) H.D. Moore has always been a household nameand a bit of a rock starin hacker circles. As a vulnerability researcher and exploit writer, he built the Metasploit Framework into a must-use penetration testing tool. In 2006, Moore reloaded the open-source attack tool with new tricks to automate exploitation through scripting, simplify the process of writing an exploit, and increase the re-use of code between exploits. Moore's public research also included the MoBB (Month of Browser Bugs) project that exposed security flaws in the world's most widely used Web browsers; a malware search engine that used Google search queries to find live malware samples; the MoKB (Month of Kernel Bugs) initiative that uncovered serious kernel-level flaws; and the discovery of Wi-Fi driver bugs that could cause code execution attacks. Moore's work nudged the security discussion to the mainstream media.
2) Jon "Johnny Cache" Ellch and David Maynor
At the Black Hat Briefings in Las Vegas, Jon "Johnny Cache" Ellch teamed up with former SecureWorks researcher David Maynor to warn of exploitable flaws in wireless device drivers. The presentation triggered an outburst from the Mac faithful and an ugly disclosure spat that still hasn't been fully resolved. For Ellch and Maynor, the controversy offered a double-edged sword. In many ways, they were hung out to dry by Apple and SecureWorks, two companies that could not manage the disclosure process in a professional manner. In some corners of the blogosphere, they were unfairly maligned for mentioning that the Mac was vulnerable.However, security researchers who understood the technical natureand severity of their findings, Ellch and Maynor were widely celebrated for their work, which was the trigger for the MoKB (Month of Kernel Bugs) project that launched with exploits for Wi-Fi driver vulnerabilities. Since the Black Hat talk, a slew of vendorsincluding Broadcom, D-Link, Toshiba and Applehave shipped fixes for the same class of bugs identified by Ellch and Maynor, confirming the validity of their findings.Maynor has since moved on, leaving SecureWorks to launch Errata Security, a product testing and security consulting startup.
Joanna Rutkowska In a standing-room-only presentation, she dismantled the new driver-signing mechanism in Windows Vista to plant a rootkit on the operating system and also introduced the world to "Blue Pill," a virtual machine rootkit that remains "100 percent undetectable," even on Windows Vista x64 systems.

"They came for the communists, and I did not speak up because I wasn't a communist;
They came for the socialists, and I did not speak up because I was not a socialist;
They came for the union leaders, and I did not speak up because I wasn't a union leader;
They came for the Jews, and I didn't speak up because I wasn't a Jew.
Then they came for me, and there was no one left to speak up for me." -- Martin Niemoller, 1892-1984

"Take sides. Neutrality helps the oppressor, never the victim. Silence encourages the tormentor, never the tormented. " -- Eli Weisel

The only real difference between hacking and Quality Assurance is that a QA engineer generally gets compensated for finding flaws in a product before the general public (and our hacker kindred) have the opportunity to. Flaws that QA engineers work around or take for granted, when shipped to the consumer, become vulnerabilities that any halfway decent hacker can exploit. ~ annonymous

"Never belong to any party, always oppose privileged classes and public plunderers, never lack sympathy with the poor, always remain devoted to the public welfare, never be satisfied with merely printing news, always be drastically independent, never be afraid to attack wrong, whether by predatory plutocracy or predatory poverty." -- Joseph Pulitzer 1907 Speech

ETHICS OF OPEN GOV'T

 

USE LIMEHOUSE.COM

Limehouse was a central place where you could comment on individual paragraphs of the plan. Not only could you submit your comments, but you could see what others were saying. You could agree or disagree with those comments as well.

Using email to share feedback with local government only goes so far. It's a great tool for communication, but not so much for collaboration, sharing, and transparency. Avoiding email for feedback might actually help city employees do their jobs. Instead of being stuck at their desk answering emails, they can use their skills more efficiently.

Raleigh's On-Line Document Center and Interactive Portal

On this website you will be able to search, navigate and read on-line versions of important documents right in your browser. Registered users will also be able to comment on draft documents that have been posted for input, as well as participate in specific surveys.

If you have not done so, please register at the link above access all the features of this website and to receive automatic notifications when documents are posted. A guided tour showing how to use the site is available at the link to the left, and help files are available at the link on the upper right hand corner of this page.

What you can do without registering on this portal:

• Read on-line versions of documents.

What you can do when you register on this portal:

• Comment on all or part of documents posted for public review.

• Read other people's comments on the documents.

• Take surveys and participate in bulletin boards.

• Keep up with other means of participating in on-going projects, such as attending public meetings.

Creating a citizen movement for open government: more

© Educational CyberPlayGround ® All rights reserved world wide.