I decided to blog about the computer security industry based on what I have seen in many newsletter and in social networking sites and come up with this brief point of view.
Terms:
Blackhat = "The bad guys" (the term that media uses)
Whitehat = Good guys
Greyhat = Somewhere between Blackhat and Whitehat
Whitehat has always been the most favored in computer industry and the media. Everybody loves the ones that protect your data. Whitehat refers to an ethical computer security analyst who specializes in penetration testing. They check and analyze your server using the publicly known bugs.
Blackhat based on the media is the one who violates computer security for little reason beyond maliciousness or for personal gain. But you have to know that many of the security industry people are ex-blackhats, and they have done things that they don't want to be exposed. Blackhats are the equipped programmers and developers who write exploits and 0day then exposed the full disclosure of the vulnerability to the public. They are the ones that first discover the flaw in the operating system, daemons or software glitches. They don't enforce kiddies to `gcc exploit.c -o exploit; ./exploit`, they just give the tools in the public to help and inform the vendor to patch the vulnerability. Other Blackhat is ready to give his life to opensource.
Greyhat refer to an individual that do penetration testing on a website or server for the sole purpose of notifying the administrator. Most of them do bug bounty for profit or fame.
That's all folks, enjoy the scene.
Terms:
Blackhat = "The bad guys" (the term that media uses)
Whitehat = Good guys
Greyhat = Somewhere between Blackhat and Whitehat
Whitehat has always been the most favored in computer industry and the media. Everybody loves the ones that protect your data. Whitehat refers to an ethical computer security analyst who specializes in penetration testing. They check and analyze your server using the publicly known bugs.
Blackhat based on the media is the one who violates computer security for little reason beyond maliciousness or for personal gain. But you have to know that many of the security industry people are ex-blackhats, and they have done things that they don't want to be exposed. Blackhats are the equipped programmers and developers who write exploits and 0day then exposed the full disclosure of the vulnerability to the public. They are the ones that first discover the flaw in the operating system, daemons or software glitches. They don't enforce kiddies to `gcc exploit.c -o exploit; ./exploit`, they just give the tools in the public to help and inform the vendor to patch the vulnerability. Other Blackhat is ready to give his life to opensource.
Greyhat refer to an individual that do penetration testing on a website or server for the sole purpose of notifying the administrator. Most of them do bug bounty for profit or fame.
That's all folks, enjoy the scene.
0 comments:
Post a Comment