Jump to content

Grey hat: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
No edit summary
m Reverted edits by 51.186.224.174 (talk): not providing a reliable source (WP:CITE, WP:RS) (HG) (3.4.13)
 
(522 intermediate revisions by more than 100 users not shown)
Line 1: Line 1:
{{Short description|Type of computer hacker}}
<!-- NOTE: this line does not belong here. Create a disambiguation page if you want, but this article deals with the computer security aspect of the term grey-hat -->
{{Use dmy dates|date=March 2019}}
<!-- :''A grey hat was worn by [[Gandalf the Grey]], who is identified as the knowledgeable, wizened [[wizard]]. -->
{{Computer hacking}}
A '''grey hat''' (or '''gray hat''', in American English) in the [[computer security]] community, refers to a skilled [[hacker]] who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between [[white hat|white]] and [[black hat]] hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.


A '''grey hat''' ('''greyhat''' or '''gray hat''') is a [[Hacker|computer hacker]] or [[computer security]] expert who may sometimes violate laws or typical [[Hacker ethic|ethical standards]], but usually does not have the malicious intent typical of a [[black hat (computer security)|black hat]] hacker.
==Disambiguation==
One reason a grey hat might consider himself to be grey might be to disambiguate from the other two extremes: black and white. It might be a little misleading to say that grey hat hackers do not hack for personal gain. While they do not necessarily hack for malicious purposes, grey hats do hack for a reason, a reason which more often than not remains undisclosed. A grey hat will not necessarily notify the sys admin of a penetrated system of their penetration. Such a hacker will prefer anonymity at almost all cost, carrying out their penetration undetected and then exiting said system undetected with minimal damages. Consequently, grey hat penetrations of systems tend to be for far more passive activities such as testing, monitoring, or less destructive forms of data transfer and retrieval.


The term came into use in the late 1990s, and was derived from the concepts of "[[white hat (computer security)|white hat]]" and "black hat" hackers.<ref name="De 2002">{{cite web|url=http://www.ddth.com/showthread.php/200-ENG-White-Hat-Black-Hat-Grey-Hat | title=White Hat? Black Hat? Grey Hat? | last=De| first=Chu | date=2002 | website=ddth.com | publisher=Jelsoft Enterprises | access-date=19 February 2015}}</ref> When a white hat hacker discovers a [[Vulnerability (computing)|vulnerability]], they will exploit it only with permission and not divulge its existence until it has been fixed, whereas the black hat will illegally exploit it and/or tell others how to do so. The grey hat will neither illegally exploit it, nor tell others how to do so.<ref name="Grey Hat Hacking: The Ethical Hacker's Handbook">{{cite book | last = Regalado |display-authors=etal | year = 2015 | title =Grey Hat Hacking: The Ethical Hacker's Handbook | edition=4th | publisher = McGraw-Hill Education | location=New York | page=18 }}</ref>
A person who breaks into a computer system and simply puts their name there while doing no damage can also be classified as a grey hat.


A further difference among these types of hacker lies in their methods of discovering vulnerabilities. The white hat breaks into systems and networks at the request of their employer or with explicit permission for the purpose of determining how secure it is against hackers, whereas the black hat will break into any system or network in order to uncover sensitive information for personal gain. The grey hat generally has the skills and intent of the white hat but may break into any system or network without permission.<ref>{{cite web |url=http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/3/html/Security_Guide/ch-risk.html |title=Red Hat Enterprise Linux 3 Security Guide |last1=Fuller |first1=Johnray |last2=Ha |first2=John |last3=Fox |first3=Tammy |date=2003 |website=Product Documentation |publisher=Red Hat |at=Section (2.1.1) |access-date=16 February 2015 |archive-url=https://web.archive.org/web/20120729122043/http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/3/html/Security_Guide/ch-risk.html |archive-date=29 July 2012 |url-status=dead }}</ref><ref>{{cite web|url=http://www.symantec.com/connect/articles/intrusion-detection-systems-terminology-part-one-h |archive-url=https://web.archive.org/web/20110608065500/http://www.symantec.com/connect/articles/intrusion-detection-systems-terminology-part-one-h |url-status=dead |archive-date=8 June 2011 |title=Intrusion Systems Detection Terminology, Part one: A-H |last=Cliff |first=A |website=Symantec Connect |publisher=Symantec |access-date=16 February 2015}}</ref>
==Examples==
===Trudy===
Alice sets up a site for Bob on a server run by Isaac. Isaac's server is on a network with Trudy. Unknown to Isaac, his server has a security flaw. Trudy finds the flaw and uses it to monitor Bob's site, because his server runs a different OS and she wants to find out how it's configured. But Isaac has had problems with Mallory. Mallory finds the flaw and uses it to gain access to the server. Mallory then uploads a complex [[logic bomb]] that would fry Isaac's server in three days...literally.


According to one definition of a grey-hat hacker, when they discover a vulnerability, instead of telling the vendor how the exploit works, they may offer to repair it for a small fee. When one gains illegal access to a system or network, they may suggest to the system administrator that one of their friends be hired to fix the problem; however, this practice has been declining due to the increasing willingness of businesses to prosecute. Another definition of grey hat maintains that grey hat hackers only arguably violate the law in an effort to research and improve security: legality being set according to the particular ramifications of any hacks they participate in.<ref name="Cybercrime: investigating high-technology computer crime">{{cite book | last =Moore |first=Robert | year = 2011 |title=Cybercrime: investigating high-technology computer crime | edition=2nd | publisher = Anderson Publishing | location=Burlington, MA | page=25 }}</ref>
Trudy catches Mallory uploading the doom-code. She waits until Mallory leaves then proceeds to remove the logic bomb so that she can continue to learn how the server was configured.


In the [[search engine optimization]] (SEO) community, grey hat hackers are those who manipulate websites' search engine rankings using improper or unethical means but that are not considered [[search engine spam]].<ref>{{cite book | author= A E | title=Grey Hat SEO 2014: The Most Effective and Safest Techniques of 10 Web Developers. Secrets to Rank High including the Fastest Penalty Recoveries. | url=https://www.amazon.com/dp/B0C83N8B8B | year=2014 | asin=B0C83N8B8B | publisher=Research & Co}}</ref>
===The apache.org hack. by <nowiki>{}</nowiki> and Hardbeat===
In April 2004, grey hat [[Hacker (computer security)|hackers]] gained unauthorized access to apache.org. These people could have tried to damage apache.org servers, write text offensive to apache crew, or distribute [[Trojan horse (computing)|trojans]] or other malicious actions. Instead, they chose just to alert apache crew of the problems and then to publish [http://web.textfiles.com/ezines/HWA/hwa-hn53.txt this article], beginning with:


A 2021 research study looked into the [[Psychology|psychological]] characteristics of individuals that participate in hacking in the workforce. The findings indicate that grey hat hackers typically go against authority, black hat hackers have a strong tendency toward thrill-seeking, and white hat hackers often exhibit [[Narcissism|narcissistic]] traits.<ref>{{Cite journal |date=2021-07-09 |title=Dark Traits and Hacking Potential |url=https://articlegateway.com/index.php/JOP/article/view/4307 |journal=Journal of Organizational Psychology |language=en |volume=21 |issue=3 |doi=10.33423/jop.v21i3.4307 |issn=2158-3609}}</ref>
This paper does _not_ uncover any new vulnerabilities. It points out common
(and slightly less common) configuration errors, which even the people at
apache.org made. This is a general warning. Learn from it. Fix your systems,
so we won't have to :)
This paper describes how, over the course of a week, we succeeded in
getting root access to the machine running www.apache.org, and changed
the main page to show a 'Powered by Microsoft BackOffice' logo instead
of the default 'Powered by Apache' logo (the feather). No other changes
were made, except to prevent other (possibly malicious) people getting in.


==History==
===Arga Unga Hackare vs Antipiratbyrån===
The phrase ''grey hat'' was first publicly used in the computer security context when [[DEF CON]] announced the first scheduled [[Black Hat Briefings]] in 1996, although it may have been used by smaller groups prior to this time.<ref name="De 2002"/><ref>{{cite web | title=Def Con Communications Presents The Black Hat Briefings | url=https://www.blackhat.com/html/bh-usa-97/bh-1-index.html | website=blackhat.com. | date=1996 | publisher=blackhat.com }}</ref> Moreover, at this conference a presentation was given in which Mudge, a key member of the hacking group [[L0pht]], discussed their intent as grey hat hackers to provide Microsoft with vulnerability discoveries in order to protect the vast number of users of its operating system.<ref>{{cite web|url=https://www.blackhat.com/media/bh-usa-97/black-hat-eetimes-3.html | title=Microsoft Opens Dialogue With NT Hackers | last=Lange| first=Larry | date=15 July 1997 | website=blackhat.com | access-date=31 March 2015}}</ref> Finally, Mike Nash, Director of Microsoft's server group, stated that grey hat hackers are much like technical people in the independent software industry in that "they are valuable in giving us feedback to make our products better".<ref>{{cite web|url=https://www.blackhat.com/media/bh-usa-97/blackhat-eetimes.html | title=The Rise of the Underground Engineer | last=Lange| first=Larry | date=22 September 1997 | website=blackhat.com | access-date=31 March 2015}}</ref>
In 2005, a Swedish [[Internet service provider|ISP]] was raided and [[Server (computing)|servers]] were seized that contained torrent files which provided users the ability to download [[warez]] (illegal software) and some legitimate content. This move was applauded by international media industry, such as the [[Motion Picture Association of America|MPAA]].


The phrase ''grey hat'' was used by the hacker group [[L0pht]] in a 1999 interview with ''[[The New York Times]]''<ref>{{cite news
A few days later, a swedish hacker group known as '''AUH''' (Arga Unga Hackare, translates to "Angry Young Hackers") [[Defacement (vandalism)|defaced]] the website of [[Svenska antipiratbyrån|Antipiratbyrån]] (Anti-Piracy Bureau), Sweden's biggest organisation working to stop [[Copyright infringement of software|piracy]]. Arga Unga Hackare is generally regarded as a group of black hats. However, in this case, it may be argued that this particular action was '''grey'''.
| url=https://www.nytimes.com/library/magazine/home/19991003mag-hackers.html
| title=HacK, CouNterHaCk
| work = New York Times Magazine
| date=3 October 1999
| access-date=6 January 2011 }}</ref> to describe their hacking activities.


The phrase was used to describe hackers who support the [[security through obscurity|ethical reporting]] of [[vulnerability (computing)|vulnerabilities]] directly to the software vendor in contrast to the [[Full disclosure (computer security)|full disclosure]] practices that were prevalent in the [[white hat (computer security)|white hat]] community that vulnerabilities not be disclosed outside of their group.<ref name="Grey Hat Hacking: The Ethical Hacker's Handbook"/>
The defacement was unusual, because AUH published information which became the basis for a nation wide discussion regarding abuse of Swedish legal resources, and possibly criminal acts supervised by international anti-piracy industry. The servers of the raided ISP was found containing warez, but as AUH was hacking Antipiratbyrån, they found evidence in the form of private emails that showed that Antipiratbyrån had used an infiltrator to put the illegal software on the ISP's servers. The infiltrator worked under the nickname '''rouge''', but AUH identified him with real name, address and Swedish personal identification number. He was shown to be wanted by Swedish authorities for criminal acts. AUH also published e-mails that loosely linked international anti-piracy agencies to these actions, but the e-mails did not show to which extent the case was known outside of Sweden.


In 2002, however, the [[Operation AntiSec|Anti-Sec]] community published use of the term to refer to people who work in the security industry by day, but engage in black hat activities by night.<ref>[http://www.digitalsec.net/stuff/website-mirrors/pHC/old/greyhat-IS-whitehat.txt Digitalsec.net] {{Webarchive|url=https://web.archive.org/web/20171226234448/http://www.digitalsec.net/stuff/website-mirrors/pHC/old/greyhat-IS-whitehat.txt |date=26 December 2017 }} #Phrack High Council. 20 August 2002. "The greyhat-IS-whitehat List"</ref> The irony was that for black hats, this interpretation was seen as a derogatory term; whereas amongst white hats it was a term that lent a sense of popular notoriety.
In the next few days, other sources provided evidence that strongly suggested that:
*Antipiratbyrån funded the warez servers, making Antipiratbyrån the source of the illegal software - not the ISP.
*Antipiratbyrån knew that the ISP owners were not aware that the servers were being used for warez.
*Antipiratbyrån put effort into moving the warez servers from a former location to the raided ISP, because the raided ISP had a very good [[Bandwidth#Web Hosting|bandwidth]] (high speed internet connection).
*Antipiratbyrån had been able to influence legal system into not following proper procedures: the raided ISP owners were not interviewed by a judge before the raid. The raid was needlessly intrusive and caused downtime to critical infrastructure for systems which did not serve illegal content. The Antipiratbyrån staff had supervised and instructed Swedish authorities on place what to do.
*Antipiratbyrån's hurry to raid the ISP may have been initiated by the fact that the ISP recently before the raid had performed an inventory, in which the warez servers had been notified as unknown servers to be investigated.


Following the rise and eventual decline of the full disclosure vs. anti-sec "golden era"—and the subsequent growth of an "ethical hacking" philosophy—the term ''grey hat'' began to take on all sorts of diverse meanings. The prosecution in the U.S. of [[Dmitry Sklyarov]] for activities which were legal in his home country changed the attitudes of many security researchers. As the Internet became used for more critical functions, and concerns about terrorism grew, the term "white hat" started referring to corporate security experts who did not support full disclosure.<ref>{{cite news
The credibility of Antipiratbyrån was badly injured, and they did not deny the allegations. Eventually, Antipiratbyrån and the ISP reached a settlement, and did not publicly debate the incident further.
| url=http://news.cnet.com/2100-1001-958129.html
| title=The thin gray line
| work=[[CNET News]]
| date=23 September 2002
| access-date=6 January 2011 }}
</ref>


In 2008, the [[Electronic Frontier Foundation|EFF]] defined grey hats as ethical security researchers who inadvertently or arguably violate the law in an effort to research and improve security. They advocate for computer offense laws that are clearer and more narrowly drawn.<ref>[https://www.eff.org/issues/coders/grey-hat-guide EFF.org] Electronic Frontier Foundation (EFF). 20 August 2008. "A 'Grey Hat' Guide"</ref>
So, black hat tactics and skills were used by AUH, but they were used to unravel what many consider to be an unethical and criminal conspiracy, which possibly has international ties. This is typically grey shades of ethics; while the methods employed by AUH can be considered unacceptable and unethical, they were used to uncover even more unethical and possibly criminal actions on the part of Antipiratbyrån.


==Examples==
The current website of Antipiratbyrån is located at http://www.antipiratbyran.com/ .
In April 2000, hackers known as "<nowiki>{}</nowiki>" and "Hardbeat" gained unauthorized access to [[Apache HTTP Server|Apache.org]].<ref>{{cite magazine|author=Michelle Finley |url=https://www.wired.com/politics/law/news/2000/05/36170 |title=Wired.com |magazine=Wired |publisher=Wired.com |date=28 March 2013 |access-date=1 November 2013}}</ref> They chose to alert Apache crew of the problems rather than try to damage the Apache.org servers.<ref>{{cite web|url=http://web.textfiles.com/ezines/HWA/hwa-hn53.txt |title=Textfiles.com |access-date=1 November 2013}}</ref>

In June 2010, a group of computer experts known as [[Goatse Security]] exposed a flaw in [[AT&T]] security which allowed the e-mail addresses of [[iPad]] users to be revealed.<ref>[https://www.wsj.com/articles/SB10001424052748704312104575299111189853840?mod=WSJ_hpp_LEFTWhatsNewsCollection FBI Opens Probe of iPad Breach] Wall Street Journal, Spencer Ante and Ben Worthen. 11 June 2010.</ref> The group revealed the security flaw to the media soon after notifying AT&T. Since then, the [[Federal Bureau of Investigation|FBI]] opened an investigation into the incident and raided the house of [[weev]], the new group's most prominent member.<ref>{{cite news
|first=Ryan
|last=Tate
|title=Apple's Worst Security Breach: 114,000 iPad Owners Exposed
|url=http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed
|newspaper=[[Gawker.com]]
|publisher=[[Gawker Media]]
|date=9 June 2010
|access-date=13 June 2010
|url-status=dead
|archive-url=https://web.archive.org/web/20100612222852/http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed
|archive-date=12 June 2010
}}</ref>

In April 2011, a group of experts discovered that the Apple iPhone and 3G iPads were "logging where the user visits". Apple released a statement saying that the iPad and iPhone were only logging the towers that the phone could access.<ref>{{cite web | title=Apple Q&A on Location Data | url=https://www.apple.com/pr/library/2011/04/27Apple-Q-A-on-Location-Data.html
| work=Apple Press Info. | last1=Harrison | first1=Natalie | first2=Natalie | last2=Kerris | date=27 April 2011 | publisher=Apple, Inc. }}</ref> There have been numerous articles on the matter and it has been viewed as a minor security issue. This instance would be classified as "grey hat" because although the experts could have used this for malicious intent, the issue was nonetheless reported.<ref>{{cite web | title=Is Apple Tracking You? | url=http://hackfile.org/2011/04/is-apple-tracking-you/ | work=hackfile.org | archive-url=https://web.archive.org/web/20120323183615/http://hackfile.org/is-apple-tracking-you/ | archive-date=23 March 2012 }}</ref>

In August 2013, Khalil Shreateh, an unemployed computer security researcher, hacked the Facebook page of [[Mark Zuckerberg]] in order to force action to correct a bug he discovered which allowed him to post to any user's page without their consent. He had tried repeatedly to inform Facebook of this bug only to be told by Facebook that the issue was not a bug. After this incident, Facebook corrected this vulnerability which could have been a powerful weapon in the hands of professional [[spammer]]s. Shreateh was not compensated by Facebook's White Hat program as he violated their policies, thus making this a grey hat incident.<ref>{{cite web | title=Zuckerberg's Facebook page hacked to prove security flaw | url=http://www.cnn.com/2013/08/19/tech/social-media/zuckerberg-facebook-hack | last=Gross | first=Doug | date=20 August 2013 |access-date=4 April 2015 | work=CNN }}</ref>


==See also==
==See also==
* [[Anonymous (hacker group)]]
*[[Hacker ethic]]
*[[Hacktivism]]
* [[Cybercrime]]
* [[Cyberwarfare]]
* [[Hacktivism]]
* [[IT risk]]
* [[Metasploit]]
* [[Mischief]]
* [[Penetration test]]


==References==
==References==
{{reflist|30em}}
*[http://www.theregister.co.uk/2005/03/14/bahnhof_bust/ The Register - Bahnhof Bust]
*[http://www.nyteknik.se/art/39498 "Arga unga hackare" tog över Antipiratbyrån] - article about the [[Defacement (vandalism)|defacement]].
*[http://www.nyteknik.se/art/39564 Birgersson och Nylander anmäler Kronofogden] - Two famous Swedish IT spokespersons file report (polisanmällan) with Swedish police agency regarding crimes allegedly committed by the Swedish national authority "Kronofogden".
*[http://www.nyteknik.se/art/39492 Två Bahnhofanställda utpekade som pirater] - Swedish ISP notifies media that two staff members may have been involved in warez activities.

==External links==
*[http://news.com.com/The+thin+gray+line/2009-1001_3-958129.html The thin gray line]


==Further reading==
[[Category:Computer hacking]]
* {{cite book | author= A E | title=Grey Hat SEO 2014: The Most Effective and Safest Techniques of 10 Web Developers. Secrets to Rank High including the Fastest Penalty Recoveries. | url=https://www.amazon.com/dp/B00H25O8RM | year=2014 | asin=B0C83N8B8B| publisher=Research & Co}}
* {{cite book | author= Archer Esser | title=Grey Hat SEO Unveiled | url=https://www.amazon.com/dp/B0C7T5FYN3 | year=2023| publisher=Make It Work Publishing| isbn=9798398304732 }}


[[fr:Grey hat]]
{{DEFAULTSORT:Grey Hat}}
[[Category:Hacking (computer security)]]

Latest revision as of 18:41, 10 December 2024

Part of a series on
Computer hacking
History
Hacker culture and ethic
Conferences
Computer crime
Hacking tools
Practice sites
Malware
Computer security
Groups
Publications

A grey hat (greyhat or gray hat) is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but usually does not have the malicious intent typical of a black hat hacker.

The term came into use in the late 1990s, and was derived from the concepts of "white hat" and "black hat" hackers.[1] When a white hat hacker discovers a vulnerability, they will exploit it only with permission and not divulge its existence until it has been fixed, whereas the black hat will illegally exploit it and/or tell others how to do so. The grey hat will neither illegally exploit it, nor tell others how to do so.[2]

A further difference among these types of hacker lies in their methods of discovering vulnerabilities. The white hat breaks into systems and networks at the request of their employer or with explicit permission for the purpose of determining how secure it is against hackers, whereas the black hat will break into any system or network in order to uncover sensitive information for personal gain. The grey hat generally has the skills and intent of the white hat but may break into any system or network without permission.[3][4]

According to one definition of a grey-hat hacker, when they discover a vulnerability, instead of telling the vendor how the exploit works, they may offer to repair it for a small fee. When one gains illegal access to a system or network, they may suggest to the system administrator that one of their friends be hired to fix the problem; however, this practice has been declining due to the increasing willingness of businesses to prosecute. Another definition of grey hat maintains that grey hat hackers only arguably violate the law in an effort to research and improve security: legality being set according to the particular ramifications of any hacks they participate in.[5]

In the search engine optimization (SEO) community, grey hat hackers are those who manipulate websites' search engine rankings using improper or unethical means but that are not considered search engine spam.[6]

A 2021 research study looked into the psychological characteristics of individuals that participate in hacking in the workforce. The findings indicate that grey hat hackers typically go against authority, black hat hackers have a strong tendency toward thrill-seeking, and white hat hackers often exhibit narcissistic traits.[7]

History

[edit]

The phrase grey hat was first publicly used in the computer security context when DEF CON announced the first scheduled Black Hat Briefings in 1996, although it may have been used by smaller groups prior to this time.[1][8] Moreover, at this conference a presentation was given in which Mudge, a key member of the hacking group L0pht, discussed their intent as grey hat hackers to provide Microsoft with vulnerability discoveries in order to protect the vast number of users of its operating system.[9] Finally, Mike Nash, Director of Microsoft's server group, stated that grey hat hackers are much like technical people in the independent software industry in that "they are valuable in giving us feedback to make our products better".[10]

The phrase grey hat was used by the hacker group L0pht in a 1999 interview with The New York Times[11] to describe their hacking activities.

The phrase was used to describe hackers who support the ethical reporting of vulnerabilities directly to the software vendor in contrast to the full disclosure practices that were prevalent in the white hat community that vulnerabilities not be disclosed outside of their group.[2]

In 2002, however, the Anti-Sec community published use of the term to refer to people who work in the security industry by day, but engage in black hat activities by night.[12] The irony was that for black hats, this interpretation was seen as a derogatory term; whereas amongst white hats it was a term that lent a sense of popular notoriety.

Following the rise and eventual decline of the full disclosure vs. anti-sec "golden era"—and the subsequent growth of an "ethical hacking" philosophy—the term grey hat began to take on all sorts of diverse meanings. The prosecution in the U.S. of Dmitry Sklyarov for activities which were legal in his home country changed the attitudes of many security researchers. As the Internet became used for more critical functions, and concerns about terrorism grew, the term "white hat" started referring to corporate security experts who did not support full disclosure.[13]

In 2008, the EFF defined grey hats as ethical security researchers who inadvertently or arguably violate the law in an effort to research and improve security. They advocate for computer offense laws that are clearer and more narrowly drawn.[14]

Examples

[edit]

In April 2000, hackers known as "{}" and "Hardbeat" gained unauthorized access to Apache.org.[15] They chose to alert Apache crew of the problems rather than try to damage the Apache.org servers.[16]

In June 2010, a group of computer experts known as Goatse Security exposed a flaw in AT&T security which allowed the e-mail addresses of iPad users to be revealed.[17] The group revealed the security flaw to the media soon after notifying AT&T. Since then, the FBI opened an investigation into the incident and raided the house of weev, the new group's most prominent member.[18]

In April 2011, a group of experts discovered that the Apple iPhone and 3G iPads were "logging where the user visits". Apple released a statement saying that the iPad and iPhone were only logging the towers that the phone could access.[19] There have been numerous articles on the matter and it has been viewed as a minor security issue. This instance would be classified as "grey hat" because although the experts could have used this for malicious intent, the issue was nonetheless reported.[20]

In August 2013, Khalil Shreateh, an unemployed computer security researcher, hacked the Facebook page of Mark Zuckerberg in order to force action to correct a bug he discovered which allowed him to post to any user's page without their consent. He had tried repeatedly to inform Facebook of this bug only to be told by Facebook that the issue was not a bug. After this incident, Facebook corrected this vulnerability which could have been a powerful weapon in the hands of professional spammers. Shreateh was not compensated by Facebook's White Hat program as he violated their policies, thus making this a grey hat incident.[21]

See also

[edit]

References

[edit]
  1. ^ a b De, Chu (2002). "White Hat? Black Hat? Grey Hat?". ddth.com. Jelsoft Enterprises. Retrieved 19 February 2015.
  2. ^ a b Regalado; et al. (2015). Grey Hat Hacking: The Ethical Hacker's Handbook (4th ed.). New York: McGraw-Hill Education. p. 18.
  3. ^ Fuller, Johnray; Ha, John; Fox, Tammy (2003). "Red Hat Enterprise Linux 3 Security Guide". Product Documentation. Red Hat. Section (2.1.1). Archived from the original on 29 July 2012. Retrieved 16 February 2015.
  4. ^ Cliff, A. "Intrusion Systems Detection Terminology, Part one: A-H". Symantec Connect. Symantec. Archived from the original on 8 June 2011. Retrieved 16 February 2015.
  5. ^ Moore, Robert (2011). Cybercrime: investigating high-technology computer crime (2nd ed.). Burlington, MA: Anderson Publishing. p. 25.
  6. ^ A E (2014). Grey Hat SEO 2014: The Most Effective and Safest Techniques of 10 Web Developers. Secrets to Rank High including the Fastest Penalty Recoveries. Research & Co. ASIN B0C83N8B8B.
  7. ^ "Dark Traits and Hacking Potential". Journal of Organizational Psychology. 21 (3). 9 July 2021. doi:10.33423/jop.v21i3.4307. ISSN 2158-3609.
  8. ^ "Def Con Communications Presents The Black Hat Briefings". blackhat.com. blackhat.com. 1996.
  9. ^ Lange, Larry (15 July 1997). "Microsoft Opens Dialogue With NT Hackers". blackhat.com. Retrieved 31 March 2015.
  10. ^ Lange, Larry (22 September 1997). "The Rise of the Underground Engineer". blackhat.com. Retrieved 31 March 2015.
  11. ^ "HacK, CouNterHaCk". New York Times Magazine. 3 October 1999. Retrieved 6 January 2011.
  12. ^ Digitalsec.net Archived 26 December 2017 at the Wayback Machine #Phrack High Council. 20 August 2002. "The greyhat-IS-whitehat List"
  13. ^ "The thin gray line". CNET News. 23 September 2002. Retrieved 6 January 2011.
  14. ^ EFF.org Electronic Frontier Foundation (EFF). 20 August 2008. "A 'Grey Hat' Guide"
  15. ^ Michelle Finley (28 March 2013). "Wired.com". Wired. Wired.com. Retrieved 1 November 2013.
  16. ^ "Textfiles.com". Retrieved 1 November 2013.
  17. ^ FBI Opens Probe of iPad Breach Wall Street Journal, Spencer Ante and Ben Worthen. 11 June 2010.
  18. ^ Tate, Ryan (9 June 2010). "Apple's Worst Security Breach: 114,000 iPad Owners Exposed". Gawker.com. Gawker Media. Archived from the original on 12 June 2010. Retrieved 13 June 2010.
  19. ^ Harrison, Natalie; Kerris, Natalie (27 April 2011). "Apple Q&A on Location Data". Apple Press Info. Apple, Inc.
  20. ^ "Is Apple Tracking You?". hackfile.org. Archived from the original on 23 March 2012.
  21. ^ Gross, Doug (20 August 2013). "Zuckerberg's Facebook page hacked to prove security flaw". CNN. Retrieved 4 April 2015.

Further reading

[edit]
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Grey_hat&oldid=1262307426"