Website hacking, the dark side – Part 1
I have a couple pages that discuss hacking in the "white hat" sense of business website enhancement. There is another side to this that I think should be exposed. To beat a hacker you have to think like one, and if you aren’t thinking like one then your site may be vulnerable to someone who is. Let’s look at some ways people can hack your web-based busines site, shall we?
Before I get started
I again want to clarify that "hack" by itself is a generic word which can be defined as "modify through educated analysis". There is no implicit sense of good or bad in that word, though over the years popular culture has a preference to infer that hacking is illegal, immoral, and destructive. I think this tendency is subliminally related to the way society abhors violence, though violent movies are enormously successful. Most people have a little of the dark side in them. It comes out in a voyeuristic way when we watch gangster movies like The Godfather, or in television dramas like The Sopranos – and then we identify more with the criminals – or maybe that’s just my Italian heritage showing… People like the idea of having some knowledge or connection with something that society believes to be bad, that "I know more than I’m telling" thing. (Frequently followed by "and if I told you I’d have to kill you".) I think this sense of harmless intimacy is a safety valve, a line that’s drawn for us so we know where not to cross. If we didn’t have action films to give us this primal outlet, more people might be inclined to create their own action. (Take that logic to the people who blame movies for their kids’ behaviour!)
When people voluntarily speak of hacking, I think they feel like they’re bringing themselves closer to the line, and as long as they’re in control it’s OK. When I talk about someone hacking their own website, because of the negative connocations that people themselves apply to the term, the defensive instinct kicks in, and suddenly people feel like that line is uncontrollably being brought closer to them. But that’s not the way it should be. White hat hacking should be welcomed just like any other bit of helpful information.
And black hat hacking…?
Well, for this article it’s time to get nervous because I’m going to discuss just a couple ways in which bad guys may be able to violate your website. I want people to feel better about some kinds of hacking but I also want to urge people to not be too complacent about their code. Wouldn’t you prefer to find out where your vulnerabilities are from a friend than from someone you don’t know or can’t trust?
(Side note, I was so tempted to sprinkle this article with references to 1337 |-|4x0rz (that’s "elite hackers" in Leet Speak), and images that profiled that more popular side of this topic, but I really do want to focus on the business end of understanding and addressing issues, not cultural icons.)