Hiển thị kết quả từ 1 đến 5 / 5
  1. #1
    Tham gia
    16-07-2002
    Bài viết
    4,453
    Like
    0
    Thanked 268 Times in 55 Posts

    White Hat ? Black Hat ? Grey Hat ?

    White Hat/Black Hat

    I first became aware of the term white hat being used in reference to hackers about 1996, when the Black Hat Briefings conference was announced (see www.blackhat.com). The Black Hat Briefings conference is an annual security conference held in Las Vegas, Nevada. Topics range from introductory to heavily technical. This probably means that the term was used among a smaller group of people for a few years prior to that.

    The idea behind the conference was to allow some of the hackers, the “black hats,” to present to the security professionals, in a well-organized conference setting. The conference was organized by Jeff Moss (aka Dark Tangent), who also runs the Defcon conference (see www.defcon.org).

    Defcon is a longer-running conference that now takes place adjacent to Black Hat on the calendar, also in Las Vegas. In addition to the security talks, there are events such as Hacker jeopardy, and the L0pht TCP/IP Drinking game. You can hear many of the same speakers on the same topics at Defcon, but it’s not nearly as well organized. Many of the people who attend Black Hat would not attend Defcon because of Defcon’s reputation.

    Plus, Black Hat costs quite a bit more to attend than Defcon, which tends to keep away folks who don’t work in the security field (i.e., who can’t afford it).

    It was clearly intended as a joke from the beginning; at least, that there were black hats presenting was a joke. The term was intended to be an intuitive reference to “the bad guys.” Anyone who has seen a number of old western movies will recognize the reference to the evil gunfighters always wearing black hats, and the good guys wearing white ones.

    In the hacker world, the terms are supposed to refer to good hackers, and bad hackers. So, what constitutes a good vs. a bad hacker? Most everyone agrees that a hacker that uses his or her skills to commit a crime is a black hat. And that’s about all most everyone agrees with.

    The problem is, most hackers like to think of themselves as white hats, hackers who “do the right thing.” However, there can be opposing ideas as to what the right thing is. For example, many hackers believe that exposing security problems, even with enough information to exploit the holes, is the right way to handle them. This is often referred to as full disclosure. Some of them think that anything less is irresponsible.

    Other security professionals believe that giving enough information to exploit the problem is wrong. They believe that problems should be disclosed to the software vendor. They think that anything more is irresponsible. Here we have two groups with opposite beliefs, who both believe they’re doing the right thing, and think of themselves as white hats.


    Grey Hat
    All the disagreement has lead to the adoption of the term grey hat. This refers to the shades of grey in between white and black. Typically, people who want to call themselves a grey hat do so because they hold some belief or want to perform some action that some group of white hats condemn.

    Often times, this issue centers on full disclosure. Some folks think it’s irresponsible to report security holes to the public without waiting for the vendor to do whatever it needs to in order to patch the problem. Some folks think that not notifying vendors will put them in a defensive posture, and force them to be more proactive about auditing their code. Some folks just don’t like the vendor in question (often Microsoft), and intentionally time their unannounced release to cause maximum pain to the vendor.
    (As a side note, if you’re a vendor, then you should probably prepare as much as possible for the worstcase scenario. At present, the person who finds the hole gets to choose how he or she discloses it.)

    One of the groups most associated with the term grey hat is the hacker think-tank, the L0pht. Here’s what Weld Pond, a member of the L0pht, had to say about the term:

    First off, being grey does not mean you engage in any criminal activity or condone it. We certainly do not. Each individual is responsible for his or her actions. Being grey means you recognize that the world is not black or white.

    Is the French Govt infowar team black hat or white hat?
    Is the U.S. Govt infowar team black hat or white hat?
    Is a Chinese dissident activist black hat or white hat?
    Is a US dissident activist black hat or white hat?
    Can a black hat successfully cloak themselves as a white hat?
    Can a white hat successfully cloak themselves as a black hat?
    Could it be that an immature punk with spiked hair named “evil fukker” is really a security genius who isn’t interested in criminal activity?
    Typically, a white hat would not fraternize with him. Seems like there is a problem if you are going to be strictly white hat. How are you going to share info with only white hats?
    What conferences can you attend and not be tainted by fraternizing with black hats?
    The black hats are everywhere. We don’t want to stop sharing info with the world because some criminals may use it for misdeeds.

    —Weld
    One of the points of Weld’s statement is that it may not be possible to be totally black or white. It would be as hard for a black hat to do nothing but evil as it would for a white hat to stay totally pristine. (Some of the more strict white hats look down on associating with or using information from black hats.)

    The L0pht Web site is www.l0pht.com
    Quote Quote

  2. #2
    Tham gia
    16-07-2002
    Bài viết
    4,453
    Like
    0
    Thanked 268 Times in 55 Posts
    This is Yuna .

    And this is a good post , shouldn't be placed at the bottom of the site.

  3. #3
    Tham gia
    20-01-2008
    Bài viết
    94
    Like
    0
    Thanked 0 Times in 0 Posts
    Trời đất, ông V Khờ này phạm nội quy diễn đàn quá nha, post tiếng Anh không vậy à, có phải chuyên mục English đâu? Tự post tự trả lời luôn, hông ai hiểu ổng nói gì ráo "This is Yuna."--> Yuna là ai thế

  4. #4
    Tham gia
    01-12-2005
    Bài viết
    24
    Like
    0
    Thanked 0 Times in 0 Posts
    Vikhoa tiếng Anh hay quá, bửa nào nhờ dạy học khóa mới đc.

  5. #5
    Tham gia
    18-08-2005
    Location
    Montclair
    Bài viết
    8,709
    Like
    20
    Thanked 1,442 Times in 591 Posts
    Tomb digger.
    Topic was from 2002!!

Bookmarks

Quy định

  • Bạn không thể tạo chủ đề mới
  • Bạn không thể trả lời bài viết
  • Bạn không thể gửi file đính kèm
  • Bạn không thể sửa bài viết của mình
  •