Our March meeting was a fairly broad affair. We discussed the many facets of Ethical Hacking, then split into teams and tried our hand at some web-hacking challenges.
As everyone settled in to the warm bosom of the CBIC, hot drinks and refreshments were served. Introductions followed including new faces and some old faces, we moved onto the topic of the meet – Ethical Hacking.
Or to be more accurate, we set about defining what Ethical Hacking actually meant.We settled on the loose definition of deliberately breaking systems with a view to protect or educate ‘the people’.
Our first major discovery was that almost any topic can be included in the discussion by finishing your sentence with, “… but is it ethical?”.
We thought about the ethics of releasing vulnerabilities publicly (with some believing this was perfectly acceptable as they weren’t actually “pulling the trigger”) and discussed how personal ethics are affected by interactions with the law, society and shareholders.
After a short break, we switched gears and broke into groups to tackle the NATAS coding challenges. For some, progress was incredibly fast, others, not so much. Surprisingly though, as time went on, everyone seemed to stall out at the same challenge.
The group results were as follows:
- Team AJ, Team M, Team Experience: Challenge 9
- Team disappointment, Team J: Challenge 5
More surprisingly was that no-one opted to socially engineer passwords from other groups. Was this a question of ethics?
As the groups were so focused on solving the challenges, attempts to vote on next months topic were ignored.