MarketGrey hat
Company Profile

Grey hat

A grey hat is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but usually does not have the malicious intent typical of a black hat hacker.

History
The phrase grey hat was first publicly used in the computer security context when DEF CON announced the first scheduled Black Hat Briefings in 1996, although it may have been used by smaller groups prior to this time. Moreover, at this conference a presentation was given in which Mudge, a key member of the hacking group L0pht, discussed their intent as grey hat hackers to provide Microsoft with vulnerability discoveries in order to protect the vast number of users of its operating system. Finally, Mike Nash, Director of Microsoft's server group, stated that grey hat hackers are much like technical people in the independent software industry in that "they are valuable in giving us feedback to make our products better". The phrase grey hat was used by the hacker group L0pht in a 1999 interview with The New York Times to describe their hacking activities. The phrase was used to describe hackers who support the ethical reporting of vulnerabilities directly to the software vendor in contrast to the full disclosure practices that were prevalent in the white hat community that vulnerabilities not be disclosed outside of their group. The irony was that for black hats, this interpretation was seen as a derogatory term; whereas amongst white hats it was a term that lent a sense of popular notoriety. Following the rise and eventual decline of the full disclosure vs. anti-sec "golden era"—and the subsequent growth of an "ethical hacking" philosophy—the term grey hat began to take on all sorts of diverse meanings. The prosecution in the U.S. of Dmitry Sklyarov for activities which were legal in his home country changed the attitudes of many security researchers. As the Internet became used for more critical functions, and concerns about terrorism grew, the term "white hat" started referring to corporate security experts who did not support full disclosure. In 2008, the EFF defined grey hats as ethical security researchers who inadvertently or arguably violate the law in an effort to research and improve security. They advocate for computer offense laws that are clearer and more narrowly drawn. ==Examples==
Examples
In April 2000, hackers known as "{}" and "Hardbeat" gained unauthorized access to Apache.org. They chose to alert Apache crew of the problems rather than try to damage the Apache.org servers. In June 2010, a group of computer experts known as Goatse Security exposed a flaw in AT&T security which allowed the e-mail addresses of iPad users to be revealed. The group revealed the security flaw to the media soon after notifying AT&T. Since then, the FBI opened an investigation into the incident and raided the house of weev, the new group's most prominent member. In August 2013, Khalil Shreateh, an unemployed computer security researcher, hacked the Facebook page of Mark Zuckerberg in order to force action to correct a bug he discovered which allowed him to post to any user's page without their consent. He had tried repeatedly to inform Facebook of this bug only to be told by Facebook that the issue was not a bug. After this incident, Facebook corrected this vulnerability which could have been a powerful weapon in the hands of professional spammers. Shreateh was not compensated by Facebook's White Hat program as he violated their policies, thus making this a grey hat incident. ==See also==
Source: Wikipedia ↗
tickerdossier.comtickerdossier.substack.com