You know, in light of events that occurred just yesterday, I'm a little confused.
What exactly is an ethical hacker? Who's ethics are we going by and what are the standards of ethical hackers? Is there a creed or a motto or something?
"Do no harm unless asked, and don't be dissin' my white hat" ? (There are actual mottos out there if you Google for them). How do I know you're ethical? Just because you said so? Is there a badge you can show me? (hmmm, that actually sounds like a good idea, maybe it's time for credentials and/or vetted Ethical Hackers?)
Maybe you're a poser! Maybe your hat is black on the inside and you just flip it inside-out when you get a wild hair!
Yesterday I came into work early, turned on my LinkedIn home page and started browsing the IT news. It's that morning rigmarole all of us IT people go thru, coffee mug in one hand, mouse in the other. Different scenario for different folks; could be an iPad in one hand, cappuccino in the other, or a galaxy pad 7 and a red bull.
Whatever it is, the end result is the same. Anyways, right there in front of me as a top IT News article was an article on how to pwn a Hotmail account. It was a 0-day exploit, which meant no one at Microsoft was notified of the exploit.
The article was written by a person who's name I shall not mention, and this person apparently lives in Egypt from what I could tell; a self-described ethical hacker. Naturally my first reaction was, "Ya right" (cuz I'm skeptical that way, it’s how I roll).
I went on to the link to read the guy's blog and there were all the steps in black-and-white, a way to reset a Hotmail account's password, using the Windows Live password change or reset page. All you needed was someone's Hotmail address.
There were also some comments at the bottom with people trying to do it but having difficulties and then down further, the author comments that Microsoft must have caught on and must be working on it because now the page is unavailable. Now I was thinking this is serious and it might actually work, judging by the methodology and the comments.
I also saw some of the author's tweets and he was posting stuff like "Wait for my HOW-TO Compromise any Hotmail, Yahoo or AOL Account... Very Soon!" I was immediately alarmed by the fact that this stuff was posted, first by a so-called ethical hacker, and second, on LinkedIn as a news article.
I contacted LinkedIn and a group owner who was also displaying the article. I also reported the article as inappropriate. I had great responses from both, the group owner first and then LinkedIn staff (Thanks Traycee).
Both took down the article as soon as they could.
This whole incident brings me back to my questions concerning Ethical Hackers. How could a real "Ethical Hacker" post this kind of malicious content? I'm really trying to understand this - help me out here, maybe it's something I'm missing. Maybe it's a cultural difference.
Maybe, in Egypt, this is acceptable practice? Is this just a cultural misunderstanding? Or maybe this guy is posing as being ethical? If I'm missing something, please let me know.
Otherwise, I'm assuming this is anything but ethical hacking. This is just downright irresponsible.