The world of hackers can be roughly divided into three groups. "Black hats" break into corporate computer systems for fun and profit, taking credit card numbers and email addresses to sell and trade with other hackers, while the "white hats" help companies stop their disruptive counterparts.
But it is the third group, the "gray hats," that are the most vexing for companies. These hackers play it any number of ways, which can leave a company vulnerable to lost assets, as well as a tarnished reputation, as security breaches are exposed. (The terms are a nod to westerns, with the villain wearing a black hat and the hero a white one.)
These gray-hat hackers surreptitiously break into corporate computers to find security weaknesses. They then choose whether to notify the company and stay silent until the hole has been patched or embarrass the company by exposing the problem.
The debate among all of these groups over the best course of action has never been settled and will be an undercurrent at the Def Con 18 hackers conference starting Friday in Las Vegas.
From The New York Times
View Full Article