Grey Hat - History

History

The term grey hat was coined by a hacker group called L0pht in 1998. The group references it in an interview with the NY Times from 1999 describing their "gray-hat" behavior. The earliest known use of the term grey hat in the context of computer security literature may be traced back to 2001. The phrase was used to describe hackers who support the ethical reporting of vulnerabilities directly to the software vendor. He contrasted this with the full disclosure practices that were prevalent in the white hat community at the time and with the principles of the black hat, whereby no one should be made aware of security holes.

In 2002, however, the Anti-Sec community published use of the term to refer to people who work in the security industry by day, but engage in black hat activities by night. The irony was that for black hats, this interpretation was seen as a derogatory term; whereas amongst white hats it was a term that lent a sense of popular notoriety.

Following the rise and eventual decline of the full disclosure vs. anti-sec "golden era"—and the subsequent growth of an "ethical hacking" philosophy—the term grey hat began to take on all sorts of diverse meanings. The prosecution in the U.S. of Dmitry Sklyarov for activities which were legal in his home country changed the attitudes of many security researchers. As the Internet became used for more critical functions, and concerns about terrorism grew, the term white hat started referring to corporate security experts who did not support full disclosure.

Nevertheless, in 2004, Harris (et al.) published a book on grey hat methodologies. This built upon the idea that black hats have malicious intentions and do not disclose their secrets, whereas white hats always engaged in public full disclosure, freely publicising security flaws in the hope that they will be fixed. The authors espoused that grey hats fall somewhere between, in that they derive income from notifying the vendor of what needs to be fixed after they have penetrated a system.

In 2006, the term was used to describe freelance hackers who browse the Internet in search of security holes and then seek to charge the host a fee for fixing the issue.

In 2008, the EFF defined grey hats as ethical security researchers who inadvertently or arguably violate the law in an effort to research and improve security. They advocate for computer offense laws that are clearer and more narrowly drawn.

Read more about this topic:  Grey Hat

Famous quotes containing the word history:

    No matter how vital experience might be while you lived it, no sooner was it ended and dead than it became as lifeless as the piles of dry dust in a school history book.
    Ellen Glasgow (1874–1945)

    For a transitory enchanted moment man must have held his breath in the presence of this continent, compelled into an aesthetic contemplation he neither understood nor desired, face to face for the last time in history with something commensurate to his capacity for wonder.
    F. Scott Fitzgerald (1896–1940)

    It is true that this man was nothing but an elemental force in motion, directed and rendered more effective by extreme cunning and by a relentless tactical clairvoyance .... Hitler was history in its purest form.
    Albert Camus (1913–1960)