Are you an EPFL student looking for a semester project?

Work with us on data science and visualisation projects, and deploy your project as an app on top of GraphSearch.

Learn more about Graph Apps.

Concept

White hat (computer security)

Summary

A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission. White-hat hackers may also work in teams called "sneakers and/or hacker clubs", red teams, or tiger teams. One of the first instances of an ethical hack being used was a "security evaluation" conducted by the United States Air Force, in which the Multics operating systems were tested for "potential use as a two-level (secret/top secret) system." The evaluation determined that while Multics was "significantly better than other conventional systems," it also had "... vulnerabilities in hardware security, software security and procedural security" that could be uncovered with "a relatively low level of effort." The authors performed their tests under a guideline of realism, so their results would accurately represent the kinds of access an intruder could potentially achieve. They performed tests involving simple information-gathering exercises, as well as outright attacks upon the system that might damage its integrity; both results were of interest to the target audience. There are several other now unclassified reports describing ethical hacking activities within the US military. By 1981 The New York Times described white-hat activities as part of a "mischievous but perversely positive 'hacker' tradition". When a National CSS employee revealed the existence of his password cracker, which he had used on customer accounts, the company chastised him not for writing the software but for not disclosing it sooner.

Official source

https://en.wikipedia.org/wiki/White_hat_(computer_security)

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (1)

Special Section: Information and Competitive Strategy in a Networked Economy

Thomas Alois Weber

The special section of 2012 Journal of Management Information Systems deals with the incentives for distributed content generation; counterintuitive network effects in the security software market, which features an intrinsic negative externality; and the ...

2012

Related concepts (8)

Security hacker

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers. Longstanding controversy surrounds the meaning of the term "hacker.

Vulnerability (computing)

Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness.

The hacker ethic is a philosophy and set of moral values within hacker culture. Practitioners believe that sharing information and data with others is an ethical imperative. The hacker ethic is related to the concept of freedom of information, as well as the political theories of anti-authoritarianism, anarchism, and libertarianism.

Related courses (1)

COM-301: Computer security and privacy

This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.

Related lectures (8)

Security Design Principles: Preliminaries

Covers basic security concepts, adversarial thinking, security mechanisms, and responsible conduct in security design principles.

Zero Days Vulnerability: Security Breaches on Personal Devices

Explores zero days vulnerability, ethical hacking, cyber attacks, and defense strategies against cyber threats.

Information Security: Communication, Calculation, Threats

Explores information security in communication, calculation, and digital threats, emphasizing data protection and access control.

Copyright © 2024 EPFL, all rights reserved