The act of both finding and publishing information online is an interesting one.
On the one hand, sometimes I come across information I’m not supposed to have. When people discover I know something questionable, they get defensive and start trying to grill me for information about why I know this.
Case-in-point: I worked as an intern in Seattle and, one day, asked why we had several locked filing cabinets in the corner we’d never used. As it turned out, my boss had bought them at an auction for extra storage, but they came locked and without a key.
“If only you knew how to pick locks, Eric, then we could put them to use.”
“Actually, I do know how …”
A confused and slightly concerned look, and my boss gave me permission to bypass the cheap locks on the cabinets. A bent paperclip and five minutes of raking later, and I’d opened all four locks. The company had these cabinets in the office for over a year, but finally they were usable. Everyone was impressed, and my boss was happy I was good with both computers[ref]As the intern, I was responsible for most of the low-level data entry we handled. Sometimes I had the opportunity to interview customers or prepare final strategic reports, but the majority of my day-to-day job was manipulating spreadsheets or tabulating handwritten notes.[/ref] and with physical jobs, too.
Until the next Monday, when I arrived to work and was met by a local cop standing at my desk. The back window to the office had been broken out, and every computer in the office except for mine was missing. As I’d recently shown my proficiency for less-than-reputable skills, my office mates suggested he ask me if I knew anything about the break-in.[ref]First of all, I’d be out of town visiting my parents all weekend. Secondly, the thief cut himself on the window as he broke it, and the police were able to quickly identify and arrest him (though he’d already sold all of the PCs). Finally, I’d proven I could pick locks and I had a key to the office; why would I break the window to enter? Not only that, I had the worst PC in the office. Why not get rid of my POS laptop so I could get a new one from insurance like everyone else?[/ref]
Show you have a bit of knowledge, and everyone begins to question how you’ll use it.
Last week I wrote a piece on debit cards, security, and the risk you face by giving out information about your choice of banking institution too freely. The immediate response was “of course, we all know that.”
The response shortly after that was, “cool trick, can you show me how you cracked the number on a card? For … um … educational purposes.”
The final response was, “why are you writing these things that criminals can use to steal from honest people? You’re just as bad as the thieves!”
I learn things because I’m interested in them. I teach about things because I’m interested in learning more about them. I write about things because I want those around me to be well-informed, in this case about basic security.
I do all of these things while wearing a white hat – I’m in it for personal education and to try to help make the world a better place. Keep in mind, though, that for every white hat in the market, there are a hundred (or more) black hats using the exact same information, knowledge, and techniques for nefarious purposes.