what is ethical hacking ?

Ethical hacking is where a person hacks to find weaknesses in a system and then usually patches them. For example, a bank may pay a hacker to hack their systems to see if it is hackable. If he gets in, then they know there is potential for other people to hack in, and usually they will work with this ethical hacker to patch these holes. If he doesn't get in, then they pray that nobody is better at hacking than him.

Let me add this. Hacking is simply exploring a computer's designed features, and learning how to exploit or take advantage of those features. As an example. a computer is designed to load instructions into memory using clearly defined rules, outlined in an RFC that spells out how to load something into memory.

A hacker (white, grey, or black) looks at it this way. The RFC says to load an instruction into memory, use 8 bits of data, and two bits of instruction, then 8 more bits of data, and two more bits of instruction.

A hacker looks at this and wonders, what if I pass 9 bits of data, what if I pass ten bits. Etc. Sooner or later the computer will not be able to deal with the amount of data being passed in a manner it understands. Maybe it can accept 9 bits, 10 bits, and just ignore the discrepancies’ from the RFC, but sooner or later; the computer will not know how to interpret the instructions. When a computer does not know what to do next, it gives up and passes control to the SYSTEM, which is all powerful.

This is a very basic description of a buffer overflow. The hacker wants to force the computer to give up, and pass control to the SYSTEM. Once this happens, the hacker has administrative control and can now start passing commands to the computer that it will follow without question.

There are three levels of hackers.

White Hats spend all their time trying to break the system, to prove it can be broke, so they can get the manufacturer to address the problem and fix it.

Grey hats do the same thing, but perhaps will try to gain from their new way of breaking the system. They may expect payment for finding a way to break the system, and they may even try to get financial gain from their knowledge or silence.

Black hats want to take the knowledge of how to break a system and use it for financial gain. They may use it to hack systems or write code that allows others to hack systems, and sell that code.

All three are doing the same thing, trying to break the systems. The difference is what they intend to DO with the information once they discover it.

Script Kiddies take the information that hackers discover, and try to use it for their own gain. They discover nothing, they just use what others have discovered, and try to copy it for their own gain.