See black hat.
Grey hat
| Hacker Slang: gray hat |
| 5min Related Video: Grey hat |
| Wikipedia: Grey hat |
 |
This article needs additional citations for verification. Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (March 2009) |
This article is about computing culture. For other uses of grey hats and hats of other colours, see Coloured hat.
A grey hat, in the hacking community, refers to a skilled hacker who sometimes acts illegally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.[1]
Contents |
Disambiguation
One reason a grey hat might consider himself to be grey is to disambiguate from the other two extremes: black and white. For example, a grey hat hacker may penetrate a computer system without authorization, an illegal act in most countries. However, the hacker may simply patch the security hole that allowed them access without damaging the system. In this situation, they may or may not disclose their activities, due to legal ramifications. It is possibly misleading to say that grey hat hackers do not hack for personal gain. While they do not necessarily hack for malicious purposes, grey hats do hack for a reason, a reason which more often than not remains undisclosed. A grey hat will not necessarily notify the system administrator of a penetrated system of their penetration. A grey hat will prefer anonymity at almost all cost, carrying out their penetration undetected and then leaving undetected. Consequently, grey hat penetrations of systems tend to be far more passive activities such as testing, monitoring, or less destructive forms of data transfer and retrieval.[2][3]
In addition, they may be further disambiguated by their stance as it refers to the proper disclosure of computer security flaws. Whereas a white hat will generally work with a vendor to correct the flaw, within a time frame, or under certain conditions. They also may attempt to pressure vendors to release a patch for a flaw through the possibility of disclosure. Their intention is to make systems safer. A black hat will generally never disclose information to the public, since doing so will cause systems to be patched and greatly reduce the effectiveness of the vulnerability. In fact there has been a long standing controversy of black hats opposed to the white hat policy of full disclosure. Grey hats may or may not release vulnerabilities to the vendor or the public. They may attempt to sell them to black hats or white hats.[4][5]
The apache.org hack. by {} and Hardbeat
In April 2000, grey hat hackers gained unauthorized access to apache.org.[6] These people could have tried to damage apache.org servers, write text offensive to Apache crew, or distribute trojans or other malicious actions. Instead, they chose just to alert Apache crew of the problems and then to publish,[7] beginning with:
This paper does _not_ uncover any new vulnerabilities. It points out common (and slightly less common) configuration errors, which even the people at apache.org made. This is a general warning. Learn from it. Fix your systems, so we won't have to :) This paper describes how, over the course of a week, we succeeded in getting root access to the machine running www.apache.org, and changed the main page to show a 'Powered by Microsoft BackOffice' logo instead of the default 'Powered by Apache' logo (the feather). No other changes were made, except to prevent other (possibly malicious) people getting in.
See also
References
- ^ http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/ch-risk.html
- ^ http://www.hackingalert.com/hacking-articles/grey-hat-hackers.php
- ^ http://www.eff.org/issues/coders/grey-hat-guide
- ^ http://www.securityfocus.com/news/11363
- ^ http://www.windowsecurity.com/articles/Different-Shades-Hackers.html
- ^ http://www.wired.com/politics/law/news/2000/05/36170
- ^ http://web.textfiles.com/ezines/HWA/hwa-hn53.txt this article
External links
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
Learn More
 | Persian hat |
| Hacker (computer security) |
| Hackweiser |
Help us answer these
 | I have aVazquez parra oil portrait of man with hat grey beardhas a rolled cig in mouth signed 1957 is it worth money? |
| How do you get grey? |
| What does a hat do? |
Post a question - any question - to the WikiAnswers community:
Copyrights:
 |
 | Hacker Slang. The Jargon File. Copyright © 2007. Read more |
 |
| Wikipedia. This article is licensed under the Creative Commons Attribution/Share-Alike License. It uses material from the Wikipedia article "Grey hat". Read more |
Related answers
- What is Grey?
- How do you get hat?
- What's a hat?
- I hat you?
- WHY IS HAT?
- If the seas grey the sky is grey?
- Who is Meredith Grey on Grey's Anatomy?
ADVERTISEMENT
