In a recent post at Security Ripcord, Cutaway says:
Let me elaborate on the second topic a little more. The days of hacking for fun are over. I think it is safe to say that nearly everybody has come to that realization (there may be a few holdouts in upper management but they will not last long). This means that the stakes are higher for the good guys and the bad guys.
Sure, the stakes might be higher, but don’t always equate hacking with security research. Hacking is fun. Research is work. Sometimes they overlap. Let’s not take the sense of wonder out of hacking, which is an exercise in exploration, just because the term also applies to the occasional transgressions of bad guys.
Of course I know Cutaway knows this (Mystery Challenge and all), but like any good blogger I’m taking something out of context to have a little fun and make a point.
Reader interactions
6 Replies to “Sorry Cutaway, Hacking is Still For Fun”
WHY YOU SONOFABI……Oh, wait, I knew what you were talking about right off the bat. 8)
Actually, I did and you were right. Sometimes when you write in haste these things slip in. For some things this is acceptable, but when you are trying to be a part of a movement that helps people understand the difference, you need to be careful. Not understanding the difference is what gets the executives mad at the security researchers or worse, labeled by some inconsiderate and unprofessional security software as malicious (see http://ha.ckers.org/blog/20070830/hackersorg-breaches-browser-security-says-mcafee/).
So, point taken.
Cutaway
I’‘m not calling for a redefinition, as much as I’‘d like one. Cutaway (a friend, so no flaming intended) mixed his contexts in his post and that’s what I was responding to. He talked about good and bad hacking in the same sentence.
My post was nothing more than a friendly reminder to:
a) be clear on the context
b) remind people that hacking, in and of itself, isn’‘t evil.
If anything, I’‘d like to see _more_ confusion around use of the term, since it’s mostly being used by the outside world to describe the bad guys. I’‘m tired of people calling the FBI when I tell them I’‘m a hacker…
(I’‘m a good hacker, but a shitty security researcher)
I see both your points, but I think what Cutaway is getting at is the practical viewpoint of the CSO protecting his organization’s information.
While it is a romantic notion that hackers may be lovable guys who just want to “understand their world better” (not that anyone on this thread has romantic tendencies towards hackers, as far as we know), but its such a convenient term to describe the threat agent these days (due to its overuse in that context) that you can’‘t flame someone for using it to describe bad guys any more.
Conversely, if you are using the term to describe an endearing stereotype, then the threat agent view is not really relevant to you.
Some people use tomatoes as part of a balanced diet (a good thing), while others use them to throw at people they don’‘t like (part of a threat scenario). I don’‘t think we need a new word for them if tomatoes start to be used more for attacks than meals.
People can use the terms “hacker” or “hacking” whichever way they want and we will generally know by the context which meaning applies. I don’‘t think we need to redefine anything at this point.
It is a better term, but I think we’‘ve long lost the battle to control the word hacker. Makes me sad.
I think a better term is “cybertheft”.
It is hacking for profit and the meaning is obvious even to non technical people and anal retentive security people.
s/hacking/cracking/||s/hacking/malicious hacking/
“50 lashes” > cutaway
Cutaway