Despite the DMCA, a lot of hacking information can still be found on the Internet. Some sites contain reports about newfound vulnerabilities and research about security flaws. The information that's available includes instructions on "How To Become A Hacker," detailed data on the inner workings of phone and PBX systems, virus-writing manuals, links to Web sites with free security tools used to find vulnerable systems, and application-password crackers. There's everything from serious discussions about newsworthy events relevant to hackers, such as successful legal defenses, to handy tidbits about the inner workings of most operating systems to nostalgic threads titled "My First Hack."
Most security and business-technology professionals have little patience with the argument that hackers help make computer systems and networks more secure. "These chumps have nothing to offer. They have no valuable security contribution at all," says TruSecure's Ranum, who has developed security software since the 1980s and is the author of The Myth Of Homeland Security (John Wiley & Sons, 2003).
But not all. "Bug hunters are absolutely essential [for] keeping systems clean, semi-free of code defects, but most importantly they keep software vendors honest," says a security analyst at a major manufacturer.
Ranum has challenged hackers--at their own gatherings--to prove that they care about improving security. "I told them that if they are so smart, why don't they do something useful. If you want to be cool, write a better antivirus tool. Or if you want to make a wonderful free tool, write a tool that blocks the ability for Windows to run executable programs on your system until you have authorized that it is OK to run that executable."
Ranum laughs at the idea that it takes a hacker to stop a hacker. "They often make the analogy that if you want to build a strong safe, you need to hire a safecracker," he says. "That's pure nonsense."
