Skip to content

Are there good hackers?

Hello and welcome back to our “Mystery Jet Ski.” Much better than those programs about supernatural stuff and alien suppositions. Today we will continue with our exhaustive investigation on the hacker world, and we will delve a little more into the concept of “ethical hacker.” Is it true that there are good hackers? Who are the so-called “White hats”? Who will win this year’s Super Bowl?

Do you already know who the so-called “White Hats” are?

In this blog we never stop saying it: “No one is free from EVIL, because EVIL never rests”, and if in previous articles we saw that a bad hacker, broadly speaking, is a person who knows a lot about computers and uses their knowledge to detect security flaws in company or organization systems and take control of them, today we will see who is the archenemy of the bad hacker or cracker, the superhero of security, networks and programming… “The White Hat Hacker.”

White Hats are “evangelized” hackers who believe in good practice and good ethics, and who use their hacking superpowers to find security vulnerabilities and help correct or shield them, whether in networks, software, or hardware. “Black Hats” would be the rogue hackers we all know for their evilness, and the “White Hats” would be their honest and do-gooder counterpart. Both hack systems, but White Hat hackers do it with the goal of favoring/helping the organization they are working for.

White Hats, ethical hackers

If you thought that piracy and honesty were antonyms, you should know that, within IT, they are not necessarily so. As we pointed out, White Hats do their thing but in an ethical and supervised way, all with the aim of improving cybersecurity, not damaging it. And, dear friend, there is lots of demand for this. White Hats are not short of work, they are in high demand as security researchers and freelancers. They are the candy of organizations to strengthen their cybersecurity. Companies, in fact, take white hat hackers and make them try to hack their systems over and over again. They find and expose vulnerabilities so that the company is prepared for future attacks. They show the ease with which a Black Hat could infiltrate, and even get to the kitchen, in a system, or look for “back doors” within the encryption determined to safeguard the network. We could almost consider the White Hats as another IT security engineer or an insightful network security analyst within the company.

Some known white hat hackers:

  • Greg Hoglund, “The Machine.” Mostly known for his achievements in detecting malware, rootkits, and hacking online games. He has worked for the United States government and its intelligence service.
  • Jeff Moss, “Obama’s Right Hand (on the Mouse)”. He came to work on the US National Security Advisory Council during the Obama term. Today he serves as a commissioner in the World Commission on the Stability of Cyberspace.
  • Dan Kaminsky, “The Competent.” Known for his great feat of finding a major bug in the DNS protocol. This could have led to a complex cache spoofing attack.
  • Charlie Miller, “The Messi of hackers.” He became famous for highlighting vulnerabilities in the products of famous companies like Apple. He won the Pwn2Own edition in 2008, the most important hacking contest in the world. 
  • Richard M. Stallman, “The Hacktivist.” Founder of the GNU project, an essential free software initiative to understand computing without restrictions. Champion of the free software movement since 1980.

Are there more “Hats”? 

We have already talked about the exploits of these White Hats, but what about the previously mentioned “Black Hats”? Are there more “Hats”?  Let’s have a look:

  • Black hats: Well, these are the bad guys, the computer criminals, the ones we know and take for granted. The villains of this story. They start out, perhaps, as inexperienced Script Kiddies and end up as crackers. Pure jargon to designate how bad they are. Some do it alone, selling malicious tools, others work for criminal organizations as sophisticated as the ones in movies.
  • Gray hats: Right in the middle of computer morality, we find these hats, combining the qualities of black and white. They are usually devoted, for example, to looking for vulnerabilities without the consent of the owners of the system, but when they find them they let them know. 
  • Blue hats: These are characterized by focusing all their malicious efforts on a specific subject or group. Motivated perhaps by revenge, they dominate it just enough to execute it. They may also be hired to test specific software for bugs before it is released. They say that their name comes from the blue emblem of the Microsoft employees.
  • Red Hats: The Red Hats do not like the Black Hats at all and act ruthlessly against them. Their life goal? Destroy all evil plans that bad hackers have in their hands. A good Red Hat will always be aware of the initiatives of the Black Hat, their mission is to intercept it and hack the pirate. 
  • Green hats: These are the “newbies” of the hacking world. They want to go further, for their hat to mature into an authentic and genuine Black Hat. They will put effort, curiosity and boldness in said company. They are often seen grazing in packs within hidden hacker communities asking their elders for everything.

Conclusions

Sorry for the Manichaeism, but we have the White Hat that is good, the Black Hat that is bad, and a few other colorful types of hats that fall between these two poles. I know that now you will imagine hackers classified by colors like Pokemon or Power Rangers. If only achieved that with this article, everything was worth it.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

5 Reasons Why Scale Computing HC3 is the Perfect Edge Computing Infrastructure

The key drivers for edge computing.

Edge computing allows applications to run outside of the data center or cloud, close to where they are used and data is generated. Though edge environments are supported by some form of centralized processing, running applications locally, on-premises solves many of the intrinsic challenges of data center and cloud computing.

Data Explosion: More devices generating vast amounts of data.

IoT devices, video systems and environmental sensors are just some of the many technologies saturating our physical spaces. These devices generate massive amounts of data, much of which has value when it can be properly collected and analyzed. But bandwidth isn’t free and transferring all that data to the cloud for processing is both impractical and cost-prohibitive. Edge computing allows all this rich data to be collected and processed locally.

Resiliency: Having applications available when they are needed.

Reliable connectivity is key when applications are running from a centralized location. Whether it’s a complete outage, occasional drop or simply high error rates, any interruption is bound to affect the availability and performance of applications relying on that connection. Running applications locally means they can continue to operate as expected, even without a connection to the cloud or data center.

Latency: The impact of network distance and congestion on application response time.

Information takes time to travel across a network. The longer it takes, the more it impacts end-to-end processing times. Expectations for application response times vary from one application, and organization, to the next. However, the more an application experience benefits from a real-time response, the more important it is to remove distance as a factor. Edge computing brings applications closer to where they are used, reducing lag time and improving efficiency.

Regulation: Protecting privacy and maintaining data sovereignty.

Complying with data security and privacy regulations is both serious and non-trivial. The risk of interception and potential for regulatory non-compliance increases every time data is moved. By definition, the cloud is a fuzzy place, making it difficult to know exactly where data is and where it has been. The more data can be collected and processed on-site, the simpler maintaining compliance becomes.

How Scale Computing HC3 Edge is answering your needs.

1. HC3 Edge is right sized and edge ready.

Scale Computing HC3 Edge meets the definition of edge-ready, right-sized computing. Unlike competitive alternatives, it is not adapted from infrastructure solutions built for another purpose. It has been optimized for non-stop computing in uncontrolled, non-IT environments. Everything that can operate autonomously, does. Everything that can be fixed automatically, is. The architecture makes the platform so lightweight it utilizes a fraction of the resources of other solutions. Simply put, HC3 Edge lets you run the most applications on the smallest hardware with the most reliability and least amount of effort.

2. We remove the barriers to edge computing.

Large-scale, on-premises, distributed infrastructure deployments are the definition of an IT nightmare. Siloed, point solutions each supporting a unique application. Complex virtual environments modeled after those found in the data center. Systems that require skilled onsite support personnel. Architectures that inflate costs and underutilize resources. HC3 Edge replaces all of that with a powerful, cost-effective platform that makes edge computing easier than ever and is unmatched for reliability and availability.

3. We bring a cloud-like experience to on-premises computing.

Most of the infrastructure available for edge computing was not designed for the unique needs of the edge. Edge infrastructure should extend the best elements of both the cloud and data center to local, on-premises computing. Centralized management and monitoring with cloud-like orchestration brings the simplicity of the cloud to the world of edge computing.

4. We deliver the lowest TCO and highest ROI.

With Scale Computing HC3 Edge you eliminate cots from your application infrastructure every step of the way—purchase, deployment, management and maintenance. At the same time you maximize application uptime, use compute resources more efficiently and drastically improve IT team productivity. Add it up and you will see why Scale Computing is the only solution you can bank on.

5. We are recognized as a leader in the industry.

Scale Computing is recognized across the industry by experts such as Gartner, Forbes and IDC. We appeared in the Gartner Magic Quadrant for Hyperconverged Infrastructure Software the year it was first introduced and every year since. Our edge capabilities set us apart from our competitors in this market and year after year our award-winning solution is recognized for product excellence.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scale Computing 
Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Scale Computing HC3 software eliminates the need for traditional virtualization software, disaster recovery software, servers, and shared storage, replacing these with a fully integrated, highly available system for running applications. Using patented HyperCore™ technology, the HC3 self-healing platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime. When ease-of-use, high availability, and TCO matter, Scale Computing HC3 is the ideal infrastructure platform. Read what our customers have to say on Gartner Peer Insights, Spiceworks, TechValidate and TrustRadius.

A Step in the Right Direction – Binding Operation Directive 22-01

On November 3rd, 2021, the Cybersecurity and Infrastructure Security Agency released Binding Operational Directive 22-01, a compulsory direction with the goal of systematizing and standardizing vulnerability remediation across federal agencies except for defined “national security systems” and “certain systems operated by the Department of Defense or Intelligence Community.”

This new directive requires agencies to update vulnerability management procedures, remediate cataloged vulnerabilities according to the set timeline, and to report on the status of each cataloged vulnerability. Agencies were given two weeks to address specified exploits identified in 2021, and six months for exploits identified before 2021.

New vulnerabilities will be added to the Known Exploited Vulnerabilities catalog as CISA identifies a vulnerability that has been assigned a Common Vulnerabilities and Exposures ID, there is reliable evidence that the vulnerability has been exploited, and there is a clear path to remediation for the vulnerability. 4% of all vulnerabilities annually are expected to be added to the catalog as most vulnerabilities are not exploited in the wild. CISA hopes to shift “the focus to those vulnerabilities that are active threats.”

While BOD 22-01 only applies to specified federal agencies, CISA hopes that local, state, and private entities will use the KEV catalog to inform their remediation procedures. TOPIA is uniquely positioned to assist organizations of all sizes and industries to remediate the most critical threats to their unique digital infrastructures because TOPIA prioritizes vulnerabilities based on context. Just as CISA now recognizes that it’s functionally impossible to remediate every CVE and the CVSS system is limited in its effectiveness, TOPIA has curtailed its reliance on these outdated methodologies from the outset. When it comes to prioritizing vulnerabilities, context is king.

More information regarding the CVSS system and CVEs can be found in previous articles:

Scoring Security Vulnerabilities: Introducing CVSS for CVEs

Understanding CVSS Scores

What’s the Difference between CVSS and CVE

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

Integrating IPEVO Document Cameras into Hybrid Teaching Solution

The pandemic has altered many aspects of our lives, and that includes how and where we work. Work from home became the normalized way of living, and teachers were forced to transition to online teaching overnight. Founded in the wake of Germany’s first COVID-19 lockdown, DIGI@Education is a German company that trains teachers on how to effectively do so as schools close their doors.

Having worked closely with teachers, they came to know the pain points, needs, and issues of online, and later, hybrid teaching that teachers faced in the changing education landscape. So, by utilizing their know-how experience accumulated during their previous career as healthcare system consultants, they developed an “All-in-one-Studio” solution — DIGI@mobile — that enables teachers to turn physical lessons into hybrid lessons with just a push of a button.

As visualization forms the core of a hybrid lesson, the ability to present oneself and any content interactively and clearly is highly sought after by many teachers. And this is where DIGI@Education found a real need to integrate a document camera into their solution:

“Document cameras are very important tools for hybrid teaching.”

In view of this, they gave IPEVO document cameras a try. Performing beyond their expectations, they found the integration process extremely easy and the image quality extraordinary:

“IPEVO document cameras can be directly mounted to our DIGI@mobile solution and provide perfect quality images directly from the classroom.”

Before deciding on IPEVO, they experimented with a few other brands of document cameras, but the results were not satisfactory:

“During early testing of our solution, we had problems with connectivity and mounting the document cameras.”

However, with the multi-jointed stand, swiveling head, and plug-and-play design of IPEVO document cameras, everything falls perfectly into place:

“With IPEVO’s product, especially with the swiveling head, we could solve these problems easily. They just work and integrate perfectly with our product (DIGI@mobile).”

When asked what makes IPEVO document cameras stand out, they said:

“High image and product quality, plus the swiveling head.”

In fact, many users of DiGI@mobile are very pleased with the integration:

“Our customers are very happy with the quality, and we get the feedback that it (IPEVO document camera) is a very user-friendly application.”

Summarizing the role of IPEVO document cameras in DIGI@Education’s hybrid teaching solution:

“Hybrid teaching and hybrid meetings are hard enough as it is. Making the hardware work easily, simply, and dependably is our effort to your (schools’ and teachers’) success. IPEVO products help us make it happen.”

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About IPEVO
IPEVO makes versatile teaching tools instead of specialized “classroom equipment”.
We go beyond the usual conventions of classroom technology—large, expensive, specialized and complex—to rethink simple and flexible solutions for interactive teaching in today’s classrooms.
IPEVO’s interactive teaching tools empower educators and teachers with radically affordable and compact technology that is simple, intuitive and flexible, so that precious time and resources can be wholly dedicated to teaching. We intend to make educational technology accessible and available to all.

The Log4j Vulnerability Spells Crisis for Network Security, With Some Exceptions

In early December 2021, a significant vulnerability in a common piece of Java-based code by Apache set the world on fire…at least for IT security professionals. Within 24 hours of disclosure, leading software companies like IBM, Oracle, Amazon, and Cisco went into damage control, seeking to assess the level of potential damage they had and could expect to sustain, and frantically working on patches to prevent their customers’ data from being siphoned off and sold to the highest bidder. The event was fitting for 2021, a year marked by disinformation, confusion and fear.

“The log4j vulnerability is the most serious vulnerability I have seen in my decades-long career,” Jen Easterly, U.S. Cybersecurity and Infrastructure Security Agency director, said in a interview on CNBC.

As December 2021 dragged on, related flaws continued to surface, sending those same software companies back to the drawing board to repackage and test yet another series of patches for customer distribution. This after communicating initial patches to customers that often took a whole weekend or more to implement. It didn’t bode well for a happy holiday season for already resource-strapped IT teams who had been dealing with a plethora of network security issues for two years brought on by the COVID-19 pandemic and the overnight surge of remote workforces.

Depending on the version and the type of application, the log4j vulnerability’s scope and severity ranged from focused and moderate to widespread and critical. Some vendors were hit harder than others, such as Cisco, whose Identity Services Engine system saw more than 120 configurations affected. Others, like Microsoft, capitalized on the opportunity, rolling out solutions to proactively seek out and manage affected files, software, and devices impacted by log4j.

Widespread & Hard to Pin Down

The extent of the impact of the log4j vulnerability was in many ways foreseeable. The root cause: human “ingenuity” that could otherwise be called laziness. Rather than reinventing the wheel by creating a new set of code for each application that is developed, software engineers now often patch together existing libraries and packages for shared functions to generate much of the codebase that runs critical applications.

Like many noteworthy cyber incidents before it, the Log4j vulnerability helped us open our eyes to just how many software dependencies exist across enterprise systems — no matter if they are designed for security, operations, or sales. It also highlighted to us just how hard it is to mitigate and develop stopgaps for these vulnerabilities when they are so far-reaching and barely understood, especially in the early days of disclosure.

While the ability to utilize the same code across many systems does offer value in terms of time to market, the problem is that many prefabricated libraries and open-source projects are interdependent, resulting in a web of dependencies that drill down many layers. Inevitably, this creates a scenario where indirect dependencies that can be nearly impossible to identify and troubleshoot when a vulnerability is unearthed.

For the average Joe IT manager, this just means that the software you licensed was likely built using common third-party code you’re not even aware of that likely contains some vulnerabilities. Multiply this shared code across other enterprise systems in your stack – and queue the headaches.

Avoiding Issues Like Log4j as an End-User

Java is a programming language that’s been around for a while and is commonly found in older on-premises software. As such, it should not come as a surprise that the classic tech giants of the world wasted no time prioritizing the log4j vulnerability – they had billions of dollars in revenue at stake across their suites of legacy software. And to make matters worse, the issue didn’t just impact Java-based systems, but also Java components and development frameworks that rely on it including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, ElasticSearch, Apache Kafka and many others. We’re talking about tens of millions of impacted systems in use at any given moment today.

How to avoid such widespread vulnerabilities is more than a question of choosing which apps are programmed with which language(s) – software engineers can debate the efficacy of each until they are blue in the face. Rather, it’s a question of how to consume enterprise software. For organizations more reliant on cloud native software-as-a service applications, IT employees almost certainly experienced fewer lost weekends dealing with the log4j problem.

This is because SaaS has a shared responsibility model, whereby both the vendor and the customer are responsible for the security of the application in use. The onus is on the SaaS vendor to deliver secure products and services, while the responsibility for configuring, managing, and using the product lies with the customer. In the case of Log4j, most of the heavy lifting falls on the SaaS vendor. They must ensure that their products are not affected. If they are, it is up to them to provide transparency into how the system is being patched and how the vulnerability is being mitigated.

While this differentiation seems simple, implementing a cloud-first IT strategy – no matter if universal or by function – can mean retaining IT talent by avoiding burnout, optimizing your IT budget by eliminating the need for third-party professional services, and so much more.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×