White hat :: Grey Hat :: Ethical Hacking
A white hat is the hero or good guy, especially in computing slang, where it refers to an ethical hacker or penetration tester who focuses on securing and protecting IT systems. White hat hackers, also known as "ethical hackers," are computer security experts, who specialize in penetration testing, and other testing methodologies, to ensure that a company's information systems are secure. Such people are employed by companies where these professionals are sometimes called "sneakers." Groups of these people are often called tiger teams or red teams. These security experts may utilize a variety of methods to carry out their tests, including social engineering tactics, use of hacking tools, and attempts to evade security to gain entry into secured areas. The National Security Agency offers certifications such as the CNSS 4011. Such a certification covers orderly, ethical hacking techniques and team management. Aggressor teams are called "red" teams. Defender teams are called "blue" teams.
Search Engine Optimization
In recent years, the terms white hat and black hat have been applied to the Search Engine Optimization (SEO) industry. Black hat SEO tactics such as spamdexing, attempt to redirect search results to particular target pages in a fashion that is against the search engines' terms of service, whereas white hat methods are generally approved by the search engines. White hats tend to produce results that last a long time, whereas black hats anticipate that their sites may eventually be banned either temporarily or permanently once the search engines discover what they are doing.
Grey Hat
A grey hat, in the hacking community, refers to a skilled hacker who sometimes acts illegally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits. One reason a grey hat might consider himself to be grey is to disambiguate from the other two extremes: black and white. For example, a grey hat hacker may penetrate a computer system without authorization, an illegal act in most countries. However, the hacker may simply patch the security hole that allowed them access without damaging the system. In this situation, they may or may not disclose their activities, due to legal ramifications. It is possibly misleading to say that grey hat hackers do not hack for personal gain. While they do not necessarily hack for malicious purposes, grey hats do hack for a reason, a reason which more often than not remains undisclosed. A grey hat will not necessarily notify the system administrator of a penetrated system of their penetration. A grey hat will prefer anonymity at almost all cost, carrying out their penetration undetected and then leaving undetected. Consequently, grey hat penetrations of systems tend to be far more passive activities such as testing, monitoring, or less destructive forms of data transfer and retrieval.
In addition, they may be further disambiguated by their stance as it refers to the proper disclosure of computer security flaws. Whereas a white hat will generally work with a vendor to correct the flaw, within a time frame, or under certain conditions. They also may attempt to pressure vendors to release a patch for a flaw through the possibility of disclosure. Their intention is to make systems safer. A black hat will generally never disclose information to the public since doing so will cause systems to be patched and greatly reduce the effectiveness of the vulnerability. In fact there has been a long standing controversy of black hats opposed to the white hat policy of full disclosure. Grey hats may or may not release vulnerabilities to the vendor or the public. They may attempt to sell them to black hats or white hats.
Previous Post's: PHP (hypertext pre processor)
