Comments on: In Layman’s Terms Issue 18- Hats http://www.pcmech.com/article/in-laymans-terms-issue-18-hats/ Tech Powered Life... Simplified Sat, 09 Feb 2013 03:19:03 +0000 hourly 1 http://wordpress.org/?v=3.4.2 By: mmseng1http://www.pcmech.com/article/in-laymans-terms-issue-18-hats/comment-page-1/#comment-78473 mmseng1 Mon, 08 Oct 2012 21:37:00 +0000 http://www.pcmech.com/?p=16427#comment-78473 I perhaps don't follow the hacking community as much as I should, but I always kind of pictured at least a subset of White Hats to be those that may perform technically unauthorized break-ins, but will still release the information in a secure manner. This could also include hacking a company's products, where there is no risk directly to the company infrastructure.Also, I generally picture a different breed of Gray Hats, who hack and release information in a secure way (i.e. not directly to Black Hats), but with potential profit in mind. Some might call that blackmail, but it depends on the circumstances. Sometimes companies offer bounties on breaking their systems, sometimes it's legitimately done with the the intention of forcing a company to be aware of the fact that their systems are vulnerable, or sometimes forcing them to ACT on the vulnerable systems that they ARE aware of, but don't WANT to act on, or deny that action is necessary. I perhaps don’t follow the hacking community as much as I should, but I always kind of pictured at least a subset of White Hats to be those that may perform technically unauthorized break-ins, but will still release the information in a secure manner. This could also include hacking a company’s products, where there is no risk directly to the company infrastructure.

Also, I generally picture a different breed of Gray Hats, who hack and release information in a secure way (i.e. not directly to Black Hats), but with potential profit in mind. Some might call that blackmail, but it depends on the circumstances. Sometimes companies offer bounties on breaking their systems, sometimes it’s legitimately done with the the intention of forcing a company to be aware of the fact that their systems are vulnerable, or sometimes forcing them to ACT on the vulnerable systems that they ARE aware of, but don’t WANT to act on, or deny that action is necessary.

]]>