Grey hat

Grey hat

A grey hat, in the hacking community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.

Disambiguation

One reason a grey hat might consider himself to be grey is to disambiguate from the other two extremes: black and white. It is possibly misleading to say that grey hat hackers do not hack for personal gain. While they do not necessarily hack for malicious purposes, grey hats do hack for a reason, a reason which more often than not remains undisclosed. A grey hat will not necessarily notify the system admin of a penetrated system of their penetration. A grey hat will prefer anonymity at almost all cost, carrying out their penetration undetected and then leaving undetected. Consequently, grey hat penetrations of systems tend to be far more passive activities such as testing, monitoring, or less destructive forms of data transfer and retrieval.

A person who breaks into a computer system and simply puts their name there whilst doing no damage (such as in wargaming) can also be classified as a grey hat. A person who hacks for comedic value, may also be classified as a grey hat. However, he would have found his own security flaw, rather than using someone else's. See Script Kiddie for details.

Examples

Trudy

Isaac's server is on a network with Trudy. Unknown to Isaac, his server has a security flaw. Trudy finds the flaw and uses it to monitor the site, because his server runs a different OS and she wants to find out how it's configured. But Isaac has had problems with Mallory. Mallory finds the flaw and uses it to gain access to the server. Mallory then uploads a complex logic bomb that would fry Isaac's server in three days.

Trudy catches Mallory uploading the doom-code. She waits until Mallory leaves, and then proceeds to remove the logic bomb so that she can continue to learn how the server was configured. Trudy's actions may be qualified as grey hat hacking.

John

The local library server runs on a basic public network. John finds a security flaw within the system, and uses it to remotely access different computers within the network. From this, John sets up a series of pranks, such as making the computer speak, opening random files, even taking control of the computer's User Interface through a Remote Access Tool (RAT). Though these pranks may annoy the victims of these computers, in no way are the files nor the drive of these computers harmed in anyway. John's actions may be viewed as a form of grey hat hacking.

The apache.org hack. by {} and Hardbeat

In April 2000, grey hat hackers gained unauthorized access to apache.org [http://www.wired.com/politics/law/news/2000/05/36170] . These people could have tried to damage apache.org servers, write text offensive to apache crew, or distribute trojans or other malicious actions. Instead, they chose just to alert apache crew of the problems and then to publish [http://web.textfiles.com/ezines/HWA/hwa-hn53.txt this article] , beginning with:

This paper does _not_ uncover any new vulnerabilities. It points out common (and slightly less common) configuration errors, which even the people at apache.org made. This is a general warning. Learn from it. Fix your systems, so we won't have to :) This paper describes how, over the course of a week, we succeeded in getting root access to the machine running www.apache.org, and changed the main page to show a 'Powered by Microsoft BackOffice' logo instead of the default 'Powered by Apache' logo (the feather). No other changes were made, except to prevent other (possibly malicious) people getting in.

ee also

*Hacker ethic
*Hacktivism
*Black hat
*White hat

References

External links

* [http://news.com.com/The+thin+gray+line/2009-1001_3-958129.html The thin gray line]
* [http://www.theregister.co.uk/2005/03/14/bahnhof_bust/ The Register - Bahnhof Bust]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Grey Hat — Pour les articles homonymes, voir Grey. Un grey hat (chapeau gris), dans la communauté de la sécurité de l information, et généralement de l informatique, est un hacker compétent, qui agit parfois dans un bon esprit, et parfois non. C est un… …   Wikipédia en Français

  • Grey-Hat — Hacker aus dem Bereich der Computersicherheit beschäftigen sich mit Sicherheitsmechanismen und deren Schwachstellen. Während der Begriff auch diejenigen beinhaltet, die Sicherheitslücken suchen, um sie aufzuzeigen oder zu korrigieren, wird er von …   Deutsch Wikipedia

  • Grey Hat — Hacker aus dem Bereich der Computersicherheit beschäftigen sich mit Sicherheitsmechanismen und deren Schwachstellen. Während der Begriff auch diejenigen beinhaltet, die Sicherheitslücken suchen, um sie aufzuzeigen oder zu korrigieren, wird er von …   Deutsch Wikipedia

  • Grey hat — Pour les articles homonymes, voir Grey. Un grey hat (en français, « chapeau gris »), dans la communauté de la sécurité de l information, et généralement de l informatique, est un hacker compétent, qui agit parfois dans un bon esprit, et …   Wikipédia en Français

  • Grey-Hat-Hacker — Hacker aus dem Bereich der Computersicherheit beschäftigen sich mit Sicherheitsmechanismen und deren Schwachstellen. Während der Begriff auch diejenigen beinhaltet, die Sicherheitslücken suchen, um sie aufzuzeigen oder zu korrigieren, wird er von …   Deutsch Wikipedia

  • Grey — Cette page d’homonymie répertorie les différents sujets et articles partageant un même nom.  Pour l’article homophone, voir Gray. Grey signifie gris en anglais. Patronyme Le nom de Grey est celui de plusieurs personnalités (par ordre alphab …   Wikipédia en Français

  • Grey (Agentur) — Grey Group Germany Unternehmensform Unternehmenssitz Düsseldorf, Deutschland Unternehmensleitung Frank Dopheide (Chairman), Uli Veigel (CEO) …   Deutsch Wikipedia

  • Grey Group Germany — Unternehmensform Unternehmenssitz Düsseldorf, Deutschland Unternehmensleitung Frank Dopheide (Chairman), Uli Veigel (CEO) …   Deutsch Wikipedia

  • Grey G2 Group Germany — Rechtsform GmbH Sitz Düsseldorf, Deutschland, Frankfurt, Berl …   Deutsch Wikipedia

  • Grey-Box-Test — Grey Box Tests sind Softwaretests, die im Rahmen der testgetriebenen Entwicklung (siehe auch Extreme Programming) die Vorteile von Black Box und White Box Tests miteinander verbinden sollen. Der Grey Box Test hat mit dem White Box Test gemeinsam …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”