Friday, September 7, 2007

Six Hacker Thinking Hats

The six hats are:

  1. White Hat Hacker
  2. Red Hat Hacker
  3. Yellow Hat Hacker
  4. Black Hat Hacker
  5. Green Hat Hacker
  6. Blue Hat Hacker
  7. (Others) Grey Hat Hacker

White Hat Hacker

A white hat hacker, also rendered as ethical hacker, is, in the realm of information technology, a person who is ethically opposed to the abuse of computer systems. The term is derived from American western movies, where the good cowboy typically wore a white cowboy hat and the bad cowboy wore a black one. Realizing that the Internet now represents human voices from all around the world makes the defense of its integrity an important pastime for many. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them — but this is a simplification. A black hat will wish to secure his own machine, and a white hat might need to break into a black hat's machine in the course of an investigation. What exactly differentiates white hats and black hats is open to interpretation, but white hats tend to cite altruistic motivations.

The term white hat hacker is also often used to describe those who attempt to break into systems or networks in order to help the owners of the system by making them aware of security flaws, or to perform some other altruistic activity. Many such people are employed by computer security companies; these professionals are sometimes called sneakers. Groups of these people are often called tiger teams.

The primary difference between white and black hat hackers is that a white hat hacker claims to observe the hacker ethic. Like black hats, white hats are often intimately familiar with the internal details of security systems, and can delve into obscure machine code when needed to find a solution to a tricky problem.



Red Hat Hacker

This simply means how the Red Hat Hacker thinks :

  • Hat (Fire)
  • Intuition
  • Opinion
  • Emotion (subjective)


Yellow Hat Hacker

This simply means how the Yellow Hat Hacker thinks:

  • Hat (Sun)
  • Praise
  • Positive aspects (objective)


Black Hat Hacker

A black hat (also called a cracker or Darkside hacker) is a malicious or criminal hacker. This term is seldom used outside of the security industry and by some modern programmers. The general public use the term hacker to refer to the same thing. In computer jargon the meaning of "hacker" can be much more broad. The name comes from the opposite of White Hat hackers.

Usually a Black hat is a person who maintains knowledge of the vulnerabilities and exploits they find as secret for private advantage, not revealing them either to the general public or the manufacturer for correction. Many Black Hats promote individual freedom and accessibility over privacy and security. Black Hats may seek to expand holes in systems; any attempts made to patch software are generally to prevent others from also compromising a system they have already obtained secure control over. A Black Hat hacker may have access to 0-day exploits (private software that exploits security vulnerabilities; 0-day exploits have not been distributed to the public). In the most extreme cases, Black Hats may work to cause damage maliciously, and/or make threats to do so for blackmail purposes.

Black-hat hacking is the act of compromising the security of a system without permission from an authorized party, usually with the intent of accessing computers connected to the network (the somewhat similar activity of defeating copy prevention devices in software - which may or may not be illegal depending on the laws of the given country - is actually software cracking).

The term cracker was coined by Richard Stallman to provide an alternative to abusing the existing word hacker for this meaning. This term's use is limited (as well as "black hat") mostly to some areas of the computer and security field and even there is considered controversial. One group that refers to themselves as hackers consists of skilled computer enthusiasts. The other, and more common usage, refers to people who attempt to gain unauthorized access to computer systems. Many members of the first group attempt to convince people that intruders should be called crackers rather than hackers, but the common usage remains ingrained.



Green Hat Hacker

This simply means how the Green Hat Hacker thinks:

  • Hat (Plant)
  • Alternatives
  • New approaches
  • Everything goes (speculative)


Blue Hat Hacker

This simply means how the Blue Hat Hacker thinks:

  • Hat (Sky)
  • Big Picture
  • Conductor hat
  • Thinking about thinking
  • Overall process (overview)
  • Refers to outside computer security consulting firms that are used to bug test a system prior to its launch, looking for exploits so they can be closed.



(Other) Gray Hat Hacker

Grey hat in the computer security community, is a skilled hacker who sometimes acts legally and in good will and sometimes not. They are a hybrid between white and black hat hackers. They hack for no personal gain and do not have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.

For example, attacking corporate businesses with unethical practices could be regarded as highly unethical and would normally be considered black hat activity. However, to a grey hat, it may not appear bad even though it is against that local law. So instead of tagging it black hat, it is a grey hat hack. A person who breaks into a computer system and simply "plants his flag" while doing no damage, is usually classified as a grey hat.

2 comments:

lukasz hacking said...

you should check out [URL="http://hackerxaga.com"]http://hackerxaga.com[/URL] it's probably one of the most comprehensive tools I've seen out there. they compiled tutorials, tools, videos, pretty much everything you need to get started in hacking. it's where I got my start.

Unknown said...

I want to be a White Hat when I grow up, I love helping people deal with viruses, and when they thank me for fixing their computer I swell up with pride. I've lost a computer to a Rogue-AV before and I wouldn't wish that on anyone else. That's why now my PC is up-to-date with all of the newest Anti-Virus/Malware definitions. Also, I use Linux Mint if I want to go to a site that seems a bit suspicious. Still, helping to prevent Malware from being spread would be great.