- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
The term 'hack' originally meant to make something work better or to make it do something that it wasn't meant to do. Later, 'hackers' gained a reputation for breaking something or worse, and the industry began color-coding hackers into white, black or grey hats to separate hackers into good, bad and something in between. According to security experts, all hackers use the same hacking tools; it's they way the use them that separates the good from the bad.
White hat hackers, a.k.a. ethical hackers: They are experienced security professionals who are paid by governments and commercial companies to carry out penetration testing of their networks to pinpoint vulnerabilities. They will usually have a background in hacking but they steer away from doing anything illegal or malicious. They keep abreast of hacking techniques by attending hacking conferences and participating in hacking groups. Experienced ethical hackers are often well known in the security sector and share their knowledge by publishing security papers and speaking at conferences.
Black hat hackers: They can be young "joy rider" hackers who like to test their own skills and view hacking as a challenge and a game, but are not out to do damage. They also can be hackers who are out to do real harm, often for monetary gain through phishing attempts or stealing personal identification details. They may be part of a criminal syndicate and are considered by some security experts as highly technical and sophisticated.
Gray hat hackers: There doesn't appear to be a standard definition for gray hats, but according to Shon Harris, president of Logical Security and a former engineer in the Information Warfare unit of the Air Force, gray hats are usually interested in finding vulnerabilities with products. Once they find them they are met with an ethical or moral choice: Should they post the vulnerability on the Web and build an exploit tool, or should they keep the exploit under wraps and work with the vendor and security groups to create a fix? "It's the black hats who put the vulnerability on the Web. Gray hats work with CERT and the vendors directly," Harris says.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
see the colour coding racistBy Anonymous on May 21, 2008, 11:16 pmwhy is a black had the bad guys and the white the good guys. time to change your colour code as well
Reply | Read entire comment
View all comments