History
The term grey hat was coined by a hacker group called L0pht in 1998. The group references it in an interview with the NY Times from 1999 describing their "gray-hat" behavior. The earliest known use of the term grey hat in the context of computer security literature may be traced back to 2001. The phrase was used to describe hackers who support the ethical reporting of vulnerabilities directly to the software vendor. He contrasted this with the full disclosure practices that were prevalent in the white hat community at the time and with the principles of the black hat, whereby no one should be made aware of security holes.
In 2002, however, the Anti-Sec community published use of the term to refer to people who work in the security industry by day, but engage in black hat activities by night. The irony was that for black hats, this interpretation was seen as a derogatory term; whereas amongst white hats it was a term that lent a sense of popular notoriety.
Following the rise and eventual decline of the full disclosure vs. anti-sec "golden era"—and the subsequent growth of an "ethical hacking" philosophy—the term grey hat began to take on all sorts of diverse meanings. The prosecution in the U.S. of Dmitry Sklyarov for activities which were legal in his home country changed the attitudes of many security researchers. As the Internet became used for more critical functions, and concerns about terrorism grew, the term white hat started referring to corporate security experts who did not support full disclosure.
Nevertheless, in 2004, Harris (et al.) published a book on grey hat methodologies. This built upon the idea that black hats have malicious intentions and do not disclose their secrets, whereas white hats always engaged in public full disclosure, freely publicising security flaws in the hope that they will be fixed. The authors espoused that grey hats fall somewhere between, in that they derive income from notifying the vendor of what needs to be fixed after they have penetrated a system.
In 2006, the term was used to describe freelance hackers who browse the Internet in search of security holes and then seek to charge the host a fee for fixing the issue.
In 2008, the EFF defined grey hats as ethical security researchers who inadvertently or arguably violate the law in an effort to research and improve security. They advocate for computer offense laws that are clearer and more narrowly drawn.
Read more about this topic: Grey Hat
Famous quotes containing the word history:
“As History stands, it is a sort of Chinese Play, without end and without lesson.”
—Henry Brooks Adams (1838–1918)
“I believe that in the history of art and of thought there has always been at every living moment of culture a “will to renewal.” This is not the prerogative of the last decade only. All history is nothing but a succession of “crises”Mof rupture, repudiation and resistance.... When there is no “crisis,” there is stagnation, petrification and death. All thought, all art is aggressive.”
—Eugène Ionesco (b. 1912)
“The history of all Magazines shows plainly that those which have attained celebrity were indebted for it to articles similar in natureto Berenice—although, I grant you, far superior in style and execution. I say similar in nature. You ask me in what does this nature consist? In the ludicrous heightened into the grotesque: the fearful coloured into the horrible: the witty exaggerated into the burlesque: the singular wrought out into the strange and mystical.”
—Edgar Allan Poe (1809–1849)