Gray hat

This article does not cite any references or sources. Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed. (September 2008)

This article or section appears to contradict itself. Please help fix this problem.

A grey hat, in the hacking community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.

Contents 1 Disambiguation 1.1 The apache.org hack. by {} and Hardbeat 2 See also 3 References 4 External links

Disambiguation

One reason a grey hat might consider himself to be grey is to disambiguate from the other two extremes: black and white. It is possibly misleading to say that grey hat hackers do not hack for personal gain. While they do not necessarily hack for malicious purposes, grey hats do hack for a reason, a reason which more often than not remains undisclosed. A grey hat will not necessarily notify the system admin of a penetrated system of their penetration. A grey hat will prefer anonymity at almost all cost, carrying out their penetration undetected and then leaving undetected. Consequently, grey hat penetrations of systems tend to be far more passive activities such as testing, monitoring, or less destructive forms of data transfer and retrieval.

A person who breaks into a computer system and simply puts their name there whilst doing no damage (such as in wargaming) can also be classified as a grey hat. A person who hacks for comedic value, may also be classified as a grey hat. However, he would have found his own security flaw, rather than using someone else's. See Script Kiddie for details.

The apache.org hack. by {} and Hardbeat

In April 2000, grey hat hackers gained unauthorized access to apache.org[1]. These people could have tried to damage apache.org servers, write text offensive to apache crew, or distribute trojans or other malicious actions. Instead, they chose just to alert apache crew of the problems and then to publish this article, beginning with:

     This paper does _not_ uncover any new vulnerabilities. It points out common
     (and slightly less common) configuration errors, which even the people at
     apache.org made. This is a general warning. Learn from it. Fix your systems,
     so we won't have to :)
     This paper describes how, over the course of a week, we succeeded in
     getting root access to the machine running www.apache.org, and changed
     the main page to show a 'Powered by Microsoft BackOffice' logo instead
     of the default 'Powered by Apache' logo (the feather). No other changes
     were made, except to prevent other (possibly malicious) people getting in.

See also

• Hacker ethic
• Hacktivism
• Black hat
• White hat

References

External links

• The thin gray line
• The Register - Bahnhof Bust

---

No comments have been added.

Your name:
City:
Country:	USA UK India Pakistan UAE Saudi Arabia Germany Afghanistan Albania Algeria Andorra Angola Antigua Barbuda Argentina Armenia Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bhutan Bolivia Bosnia Herzegovina Botswana Brazil Brunei Bulgaria Burkina Faso Burma Burund Cambodia Cameroon Canada Central African Rep Chad Chile China Columbia Comoros Congo Costa Rica Croatia Cuba Cyprus Czech Republic DR Congo Denmark Djiboutil Dominica Dominican Rep Ecuador Egypt El Salvador Eq Guinea Eritrea Estonia Ethiopia Fiji Finland France Gabon Gambia Georgia Germany Ghana Greece Grenada Grenadines Guatemala Guinea Bissau Guinea Guyana Haiti Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Ivory Coast Jamaica Japan Jordan Kazakhstan Kenya Kiribati Kuwait Kyrgyzstan Laos Latvia Lebanon Liberia Libya Liechtenstein Lithuania Luxembourg Macedonia Macau Madagascar Malawi Malaysia Maldives Mali Malta Mauritania Mauritius Mexico Micronesia Moldova Monaco Mongolia Morocco Mozambique Namibia Nauru Nepal Neth Antilles Netherlands New Zealand Nicaragua Niger Nigeria North Korea Norway Oman Pakistan Panama Papua New Guinea Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Rawanda Romania Russia Sao Tome Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Korea South Africa Spain Sri Lanka St Kitts_Nevis St Lucia Sudan Suriname Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Togo Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Tuvala UAE Uganda Ukraine Uruguay Uzbekistan Vanuatu Venezuela Vietnam Western Samoa Yemen Yugoslavia Zaire Zambia Zimbabwe
Your comments:
Security check * (Please enter the number into adjoining box)