Your Thoughts on White Hat/Black Hat/Gray Hat

[Zugzwang152]

A common saying in the security community is that the only thing that separates a hacker from a security professional is permission/authorization/(insert your favorite synonym here). We think the same, we use the same techniques, we have the same knowledge and skills, and we use the same tools. We may even browse the same websites :Q

And so these three terms were coined: white hat (us), black hat (them), and gray hat for those in between. Where do you lie? Have you used your knowledge for less than noble purposes? Would you? Whether it be to steal credit card numbers or prank your friends, what's the worst you would use your knowledge of security to do?

 

[Zugzwang152]

Well I forgot to post my own opinion.

At work, I try very hard to stay within the rules, and encourage others to do the same.

However, at home, I'm not opposed to showing friends some minor tricks, such as cracking WEP on their wireless router or running a brute force on their SAM database, without actually training them how to do it themselves (or where to get the tools to do it for them). It's a good illustration of just how vulnerable your computer or network can be. It's also something that keeps your skills sharp.

Also, I think having an extra computer at home to practice your black hat skills on makes you more effective as a white hat at work.

 

[Reel]

I have a pretty strong conscience that keeps me "white hat" though I admit sometimes I have done things that may not have been completely harm-free but they seemed amusing at the time and had no truly lasting effects. However, I have not caused financial harm or done anything destructive to any entity.

I still feel guilty about the whole thing with LoKe getting out of hand. I wish I could have done more than just post in this thread but unfortunately I was not able to and I guess things got out of hand. I do believe I explained the risks and I had hoped that a more rapid response would occur but unfortunately it did not and LoKe behaved as a "black hat" using the FuseTalk bug and apparently attempting blackmail.

 

[Zugzwang152]

Originally posted by: Reel
I have a pretty strong conscience that keeps me "white hat" though I admit sometimes I have done things that may not have been completely harm-free but they seemed amusing at the time and had no truly lasting effects. However, I have not caused financial harm or done anything destructive to any entity.

I still feel guilty about the whole thing with LoKe getting out of hand. I wish I could have done more than just post in this thread but unfortunately I was not able to and I guess things got out of hand. I do believe I explained the risks and I had hoped that a more rapid response would occur but unfortunately it did not and LoKe behaved as a "black hat" using the FuseTalk bug and apparently attempting blackmail.

I wasn't aware he attempted blackmail. In his goodbye thread posted as AnandTech Moderator, he actually said he was nominated for admin or mod by either Jason or one of the senior mods. They voted him down though. That's actually a good example of gray hat-type activity.

 

[Reel]

Originally posted by: Zugzwang152

Originally posted by: Reel
I have a pretty strong conscience that keeps me "white hat" though I admit sometimes I have done things that may not have been completely harm-free but they seemed amusing at the time and had no truly lasting effects. However, I have not caused financial harm or done anything destructive to any entity.

I still feel guilty about the whole thing with LoKe getting out of hand. I wish I could have done more than just post in this thread but unfortunately I was not able to and I guess things got out of hand. I do believe I explained the risks and I had hoped that a more rapid response would occur but unfortunately it did not and LoKe behaved as a "black hat" using the FuseTalk bug and apparently attempting blackmail.

I wasn't aware he attempted blackmail. In his goodbye thread posted as AnandTech Moderator, he actually said he was nominated for admin or mod by either Jason or one of the senior mods. They voted him down though. That's actually a good example of gray hat-type activity.

I wasn't aware either until one of those recent open mod vs members discussions. Apparently moshquerade pushed them too far and one of them pointed that aspect out.

 

[Zugzwang152]

Originally posted by: Reel

Originally posted by: Zugzwang152

Originally posted by: Reel
I have a pretty strong conscience that keeps me "white hat" though I admit sometimes I have done things that may not have been completely harm-free but they seemed amusing at the time and had no truly lasting effects. However, I have not caused financial harm or done anything destructive to any entity.

I still feel guilty about the whole thing with LoKe getting out of hand. I wish I could have done more than just post in this thread but unfortunately I was not able to and I guess things got out of hand. I do believe I explained the risks and I had hoped that a more rapid response would occur but unfortunately it did not and LoKe behaved as a "black hat" using the FuseTalk bug and apparently attempting blackmail.

I wasn't aware he attempted blackmail. In his goodbye thread posted as AnandTech Moderator, he actually said he was nominated for admin or mod by either Jason or one of the senior mods. They voted him down though. That's actually a good example of gray hat-type activity.

I wasn't aware either until one of those recent open mod vs members discussions. Apparently moshquerade pushed them too far and one of them pointed that aspect out.

No proof of that, except the word of the Mod. He was a smart guy, and pretty cool from the threads I've been in with him. I wouldn't be surprised if he still trolls here, or has created a new account by now either.

 

[EQTitan]

So, my question to all of you is...

What would you consider this, I work for a rather large cable company (not Comcrap) and I work in the field a lot and use my personal laptop to connect to "Open" wireless signals all around town. Now I only use these to check gmail, and sometimes to get an address/phone number, check on a job status. I have never done anything blackhat while on someone else network, only my own.

I have a database of almost all wireless devices, their specs, and vulnerabilities, common default settings....etc....

I'd love to learn more about all of this stuff, but I'm not very good at retaining info by reading books etc. I learn best by doing or someone who cares enough to share some points to peak my interest to try/learn.

Thanks all

"It's not what color your hat is, it's how you wear it"

 

[GenHoth]

I used to screw around with my friends through their computers, but then I realized that I didn't want to get stuck in the tech world. So I stopped reading about stuff that deep.

 

[EQTitan]

I'm more of the unfortunate but true script kiddie crowd but I am slowly trying to learn on my own....takes forever

 

[Zugzwang152]

Originally posted by: EQTitan
So, my question to all of you is...

What would you consider this, I work for a rather large cable company (not Comcrap) and I work in the field a lot and use my personal laptop to connect to "Open" wireless signals all around town. Now I only use these to check gmail, and sometimes to get an address/phone number, check on a job status. I have never done anything blackhat while on someone else network, only my own.

I have a database of almost all wireless devices, their specs, and vulnerabilities, common default settings....etc....

I'd love to learn more about all of this stuff, but I'm not very good at retaining info by reading books etc. I learn best by doing or someone who cares enough to share some points to peak my interest to try/learn.

Thanks all

"It's not what color your hat is, it's how you wear it"

I'd be careful connecting to random access points, especially if you're accessing work-related information. We disable the wireless cards on our company notebooks to prevent people from doing just this.