Hacker News new | ask | show | jobs
by anamexis 1030 days ago
> Greyhats [...] have explicit authorization from the owners of the systems to access their systems.

It sounds to me like you're describing whitehat. Greyhat do these things without authorization, but also without malicious intent.

https://en.wikipedia.org/wiki/Grey_hat
2 comments
ransackdev 1030 days ago
Ah yeah I guess it’s true they don’t have permission. At the end of the day I think it comes down to the owner choosing to press charges or not, or even detecting it and subsequently reporting it. I would guess that if the systems have ways to be hacked, the owners likely won’t see the hacks until the white/grey hat reports it to them.

Somewhat related, the hackers submitting a vulnerability disclosure to the companies are in a very “extortion-y” dynamic. I wonder how often companies get something like “pay us X amount or we let the world know today instead of waiting for you to fix it”.

link
xwdv 1030 days ago
Greyhats may or may not have malicious intent. They don’t play by anyone’s rules but their own.
link
anamexis 1030 days ago
A greyhat with malicious intent is just a blackhat.
link
xwdv 1030 days ago
Not really, because it depends on who the target is. If the greyhat for example maliciously targets a Mexican cartel or Iranian nuclear centrifuge, are they really the bad guy?
link
lvturner 1030 days ago
Which in turn depends on how many innocent bystanders get killed, maimed or injured as a result of those actions and if the means justify the end...
link
xwdv 1029 days ago
It’s a very grey area. If we knew the answers with certainty there would only be black and white.
link