Recently, "Gray Hat" crackers have been garnering a fair amount of publicity, exposing holes for nothing more than notoriety and a sense of self-fulfillment. These individuals seek out corporate networks and servers to pick them apart, find weaknesses the site administrators might have missed and make them public.. . .
Recently, "Gray Hat" crackers have been garnering a fair amount of publicity, exposing holes for nothing more than notoriety and a sense of self-fulfillment. These individuals seek out corporate networks and servers to pick them apart, find weaknesses the site administrators might have missed and make them public.

However, the attention these people have been receiving is stirring debate. Are the good intentions of an attacker enough to exempt them from "Black Hat" status?

The terms "White" and "Black Hat" can be traced back to old Westerns where the good guys wore white hats and the villains, black. Not only did this allow for quick identification of who's who, it also played on the good/light, evil/darkness concepts. When one speaks of "White Hats" in the information security realm, the consensus is you are referring to network and system administrators (and perhaps security researchers). The "Black Hats" are the evildoers, the persons intent on breaking into the system or causing it to perform in a manner contrary to its design.

A newcomer to this arrangement is the "Gray Hat", a cross between good and evil; a person with no authority to access the systems they test but tends to portray himself as a well-meaning "researcher". The fundamental difference between the Black and the Gray would seem to be the individual's motivations for attacking the system. It should also be noted that most gray hat attackers are not looking to vandalize or otherwise alter the data of the systems they compromise, only modifying data when necessary to prove a point or leave a mark.

The link for this article located at kill-hup is no longer available.