White Hacking related site

[binil]

Is it okay to host white hacking related forum on x10hosting? There won't be any warez or nulled scripts or black hacking related stuff. I am asking this before I start to build the site - I don't want my account to get suspended.

 

[xav0989]

Hi binil,

I don't know for sure, I'll ask with some higher ups about this.

 

[binil]

Hi binil,

I don't know for sure, I'll ask with some higher ups about this.

Thanks xav0989, Please do ask someone higher up..

There was no specific x10hosting FAQ's related to hacking - People often tend to think that any normal hacker as a black hacker/cracker while normal white hackers are into securing PC's and networks without any intend to harm anyone.

 

[DeadBattery]

According to the Terms of Service, hacking is not allowed. This would include white hat hacking.

 

[binil]

According to the Terms of Service, hacking is not allowed. This would include white hat hacking.

Hi Deadbattery,

Thanks for the reply, I guess then the TOS should be rewritten to specify that all kind of hacking including white hacking is not allowed on x10hosting.. (lol - this might make half the sites hosted here illegal...)

 

[DeadBattery]

I think by saying hacking is not allowed, that means all types of hacking aren't allowed; white to black.

 

[dlukin]

The problem is that all the bad guys will claim they are "white hats".

It would be interesting to see what you specifically consider "white hat" hacking.

 

[pmg1991]

Hacking is not a crime Cracking is...

Edit:

A hacker is a person who is proficient with computers and/or programming to an elite level where they know all of the in's and out's of a system. There is NO illegality involved with being a hacker.

A cracker is a hacker who uses their proficiency for personal gains outside of the law. EX: stealing data, changing bank accounts, distributing viruses etc.

What the hacker does with their knowledge of systems within the definition of the law is what defines them as a hacker vs a cracker. It's then safe to say that all crackers are hackers, but not all hackers are crackers. This is an important distinction.

The term cracker and hacker are used interchangeably (albeit incorrectly) largely due to the ignorance of the general populace, especially the media.

 

[binil]

Dear DeadBattery, dlukin - As pmg1991 pointed out - I am a hacker(white hacker) not a cracker (black hacker) - I have no intention of breaking any laws in any country.

This site that I am about to create contains support forum for my company - I will be kicked out of my company if I put warez in the site.

But I will have to post security related stuff. For example - I may post about 802.11X security and WEP cracking methods to check if the WLAN is secure. Things like this are posted in even the cwnp.com forums.

A cracker may post only about the attacking methods and not the prevention methods.

 

[dlukin]

But I will have to post security related stuff. For example - I may post about 802.11X security and WEP cracking methods to check if the WLAN is secure. Things like this are posted in even the cwnp.com forums.

A cracker may post only about the attacking methods and not the prevention methods.

You see, that is the problem.
You are going to post on how to attack an undefended site.
You are not going to tell people how to protect themselves.
I don't care if you aren't going to use the information to compromise networks. You are handing the information to the black hats.
Please correct me if I am wrong.

 

[binil]

~~ What we've got here is failure to communicate.

What I talk about is both of them - the attacks they are about to encounter - and how to prevent them effectively. Most companies attack their own networks to test if its secure.

The information on how to attack is much more common - black hats don't have to come to our site to learn them.. but prevention is much less - thats where this site should step in.

Look if I wanted to have a warez site here, I could create it maybe even without the admins noticing it. You could hide it from plain sight with restricted entry given to the people.. But I am not doing such a thing - thats why I am asking politely. Dear dlukin, Will I use my real name (Binil) if I were to do something illegally.

 

[dlukin]

What I talk about is both of them - the attacks they are about to encounter - and how to prevent them effectively.

I was going by : "A cracker may post only about the attacking methods and not the prevention methods."

Dear dlukin, Will I use my real name (Binil) if I were to do something illegally.

You don't have to convince me, you have to convince Corey. If I had questions (and questions about your first response), don't you think the owner of this host will have them?

 

[Livewire]

I'll be blunt, unless I get told otherwise I'd assume it's 100% against TOS and considered a Zero Tolerance violation permanent suspension.

Warez: Includes pirated software, ROMS, emulators, phreaking, hacking, password cracking, IP spoofing, etc... This also includes any sites which provide "links to" or "how to" information about such material.


I know it's in the Warez section but that's where it's got the "hacking and password cracking" stuff. As for being able to run a warez site without getting caught: huh? The admins have direct file access. As in "bypass folder protection and view what you're storing directly, should suspicion arise," and it probably -would- raise some flags when a mysterious folder starts getting all the traffic.


My thinking on this? White hat VS Black hat hardly matters. Get caught either way and the person getting hacked presses charges, and you're in the same boat whether it was with good intentions or not. I don't believe the US Court system recognizes a difference between white/black hats, which could put this in the section of the TOS regarding information illegal in any Federal, State, or Local legislations.

 

[TechAsh]

Hi,

We cannot accept a site about hacking (Even if it is white hat). As Livewire pointed out it is against our TOS, and would cause too much hassle for staff trying to work out whether a site is white or black hat.
Sorry, but the answer is no.

You could create a site just telling people how to protect from attacks, however you cannot publish any details on how to perform attacks.

 

[dlukin]

Well, to argue the other side:

If I am giving a tutorial on dynamic sites, should I include information on MySQL injection attacks and cross site scripting? Should I be restricted to just "This is how you prevent it" or should I educate people on "This is what the bad guys do and this is what you should do to thwart them" ?

How better to test a network than to use a tool that attacks it? It is one thing to say "Do A, B, and C" and another to say "You forgot D and did E incorrectly".

 

[TechAsh]

@dlukin - You can give general information such as "By entering specific code into a form an attacker can change the results returned". However giving information like "First find a site with a login form, then enter XYZ into the username field and click login" would be against our TOS.

 

[Corey]

Do you have this content posted anywhere else currently or is this a new site?

I will discuss this with Bryon and come back with an answer later today.

 

[dlukin]

Example of what I was talking about:

Wikipedia

Yes, it shows an attacker how to target a poorly written script. But unless you drive the point home to the "programmer" coding a PHP/MySQL script, he will be indifferent to basic security measures and leave security holes.

P.S. Maybe this thread belongs in another Forum?

 

[Bryon]

It's all good, teach people! You shouldn't use the term "hacking" - Say something like learn how to design applications securely, prevent common vulnerabilities, that sort of thing.

 

[binil]

Do you have this content posted anywhere else currently or is this a new site?

I will discuss this with Bryon and come back with an answer later today.

We had a blog started a couple of days ago - See an eg: http://www.accel-india.co.cc/2010/06/why-not-use-windows-2003-server-as.html