“He stole from the rich to give to the poor.” We know the line
well, the quintessential line that describes the legend of the famed or
infamous (depending on which side you were on), Robin Hood. Robin Hood is a
mystery to us all, and there are many versions of the Sherwood Forrest living
outlaw. Some say he was an aristocrat turned peoples hero; others say he was an
outlawed Yeoman that made a living off of stealing from the rich, led a
faithful following of other outlaws, and married the beautiful Maid Marian. It
is legends like these that we want to believe are real, that somehow Robin Hood
actually existed, and those in corrupted power exposed. The truth is, we don’t
always know the full story behind the legend or have all the facts. It is,
after all, only legend.
By now, I am sure you know where I am going with this. I am not
here to condone breaking the law, but I am here to pose to you that we must
look at the facts.
Robin Hood
or Robert Hod or Robinhud
No one knows for sure who the “real” Robin Hood was that made the
legend. There are historical accounts of men going by the name Robin Hood or a
very similar version of the name. According to David Ross’s article, Robin Hood, on Britain Express, “By 1300 at
least 8 people were called Robinhood, and at least 5 of those were fugitives
from the law.” As you can see, having the title Robin Hood was pretty popular
among the outlaws; there are court records of a fugitive from the law named
Robert Hod, William de Grey, Sheriff of Nottingham, dealt with outlaws
constantly that were taking refuge in the forest, and etched on an old grave
stone in Kirklees Priory is the name Robin Hude.
Was he one man, or are the stories the lives of many men? We may
never know.
Hacker or
Cracker or Lawbreaker
Like the story of Robin Hood, much of the hacker world is vague
and facts skewed. Are they hackers, crackers, white hat hackers, black hat
hackers, ethical hackers, or just plain lawbreakers? I am going to take only
one term and one definition for clarity’s sake.
Ethical
hackers are those
that breach security strictly for the purpose of exposing weaknesses and
advancing technology.
The Robin
Hoods of the cyber world
Like Robin Hood of old, these individuals have not always gotten
a very good rap, but in recent years, companies have opened up their
technology to be scrutinized by these men and women that are experts at what
they do, exposing weakness.
Not long ago, these ethical hackers did not have the back up
that they have today. Most of us are familiar with Facebook’s security flaw
that was exposed by Khalil Shreateh. After finding that anyone could post on
anyone’s wall, Shreateh contacted Facebook, and when Facebook didn’t
acknowledge his findings, he hacked in to Zuckerberg’s account and posted on
his wall. Point proven. Or at least you would think. The breach was ignored,
and Shreateh never received compensation from Facebook, yet Facebook quickly
took action to fix the bug in their software.
This treatment of Shreateh did not sit well with Marc Maiffret,
the famous white hacker, and he was determined to do something about it.
Maiffret put up $3,000 of his own cash to kick-start a $10,000 bounty for
Shreateh. He eventually raised $13,000, mostly in small contributions from
individuals.” Maiffret made the journey to Palestine to deliver the raised
bounty to Shreateh himself. Maiffret said he “wanted to make a statement for
the larger community, that we need to take care of researchers like this to
make sure they continue to want to report things like this to companies like
Facebook.”
The future
of Robin Hood
On usatoday.com, Bryon Acohido states, “White hats have steadily
gained mainstream acceptance. Google and Facebook have spent millions the past
few years paying hackers "bug bounties" to point out fresh flaws,
known as zero-day vulnerabilities, in their respective products. Even
Microsoft, long opposed to paying bounties, began paying such bounties earlier
this year.” The tides are changing.
Companies are now hiring ethical hackers to go into their
systems and expose the weaknesses, but this time, they receive compensation for
their genius and are seen as doing a service for the company.
No comments:
Post a Comment