Golden Rant : Ethical Hackers? I remain to be convinced

This might sound ironic, given my own somewhat illustrious background, but am I the only person who is uncomfortable with the seeming new breed of `ethical hackers' appearing in the media to alert PC, WiFi and Internet users about security shortcomings on their systems?

There's even an organisation called CREST - the Council of Registered Ethical Security Testers - that has seemingly popped out of the woodwork to approve ethical hackers and give organisations the confidence they need to employ such people.

The idea is that CREST will certify that penetration testers meet minimum standards of ethics, methodologies and technical capabilities.

Hmmm - call me picky, but while the principles are fine enough, translating them from the altruistic world to the real one is a seriously major step.

Any organisation prepared to let an ethical hacker loose on its network to carry out penetration testing and other pseudo-hacking procedures wants its corporate head examining.

For one thing, the term `ethical hacker' is a legally grey area - what happens if the ethical hacker discovers something they shouldn't on the company network or, worse still, lets temptation get the better of themselves, and do something seriously illegal?

Would the police or the CPS have the will to investigate and prosecute? I seriously doubt it.

And you can forget about IT security insurance, as such polices are usually invalidated if the company employs an ethical hacker.

A serious potential mess, as my old boss used to say. And a legal and administrative quagmire. Just say no...