You are viewing a single comment's thread.

view the rest of the comments →

2
5

[–] Bobsentme 2 points 5 points (+7|-2) ago 

While those are technically true, you're not really explaining black, white, and grey very well.

White Hats are the security researchers. They are legitimately researching software for exploits that COULD be used. If they find one, they report it, get professional credit and bragging rights, and move on. They tend to be non-intrusive, non-destructive, and work with companies or vendors to help patch holes before the bad guys find them.

Black Hats are the "Hackers" who will practically use ANY MEANS NECESSARY (even destructive ones) to obtain access to what they want. They don't ask permission, they can and will destroy systems, all for their amusement or benefit. This includes selling exploits to other hackers before White Hats find out about them. If they manage to create exploits, they get street cred, not professional cred.

Grey Hats are the Pentesters, as they will only attack targets they've been given explicit permission to attack, but they'll also use the same methods your average hacker would use. Grey hats get both Professional credit and street cred if they find something new and document / work with the people it could affect.

It used to be white vs black, but now that both sides are dipping into research AND actual exploits, everyone's hat is getting cleaner or dirtier, and thus we're all becoming grey.

0
0

[–] pessimisticsteel ago 

Thank you, great response.