Terms 12Terms 12

Definitions and QuestionsDefinitions and Questions

HackerHackerHacker is a term used to describe different types of computer Hacker is a term used to describe different types of computer experts. The meaning of the term, when used in a computer context, experts. The meaning of the term, when used in a computer context, has changed somewhat over the decades since it first came into has changed somewhat over the decades since it first came into use, as it has been given additional and clashing meanings by new use, as it has been given additional and clashing meanings by new users of the word.users of the word.Currently, "hacker" is used in two main ways, one complimentary Currently, "hacker" is used in two main ways, one complimentary and one negative. It can be used in the computing community to and one negative. It can be used in the computing community to describe a particularly brilliant programmer or technical expert (for describe a particularly brilliant programmer or technical expert (for example: "Linus Torvalds, the creator of Linux, is a genius hacker."). example: "Linus Torvalds, the creator of Linux, is a genius hacker."). In popular usage and in the media, however, it generally describes In popular usage and in the media, however, it generally describes computer intruders or criminals. computer intruders or criminals. A possible middle ground position observes that "hacking" describes A possible middle ground position observes that "hacking" describes a collection of skills, and that these skills are utilized by hackers of a collection of skills, and that these skills are utilized by hackers of both descriptions, though for differing reasons. The companion both descriptions, though for differing reasons. The companion situation which illustrates this is the skills involved in locksmithing, situation which illustrates this is the skills involved in locksmithing, specifically picking locks, which is a skill which can be used for good specifically picking locks, which is a skill which can be used for good or evil. or evil.

CrackerCrackerA cracker is someone who breaks into someone A cracker is someone who breaks into someone else's computer system, often on a network; else's computer system, often on a network; bypasses passwords or licenses in computer bypasses passwords or licenses in computer programs; or in other ways intentionally programs; or in other ways intentionally breaches computer security. breaches computer security. A cracker can be doing this for profit, A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, maliciously, for some altruistic purpose or cause, or because the challenge is there. or because the challenge is there. Some breaking-and-entering has been done Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's ostensibly to point out weaknesses in a site's security system.security system.

Hacker / Cracker Q/AHacker / Cracker Q/A

Q: What is l33t speak?Q: What is l33t speak?A: Pronounced “leet speak”, from “elite”. A A: Pronounced “leet speak”, from “elite”. A system of spellings of English words or phrases system of spellings of English words or phrases using numbers and symbols to replace common using numbers and symbols to replace common letters and featuring deliberate misspellings. letters and featuring deliberate misspellings. Supposedly the “language of hackers”, in reality Supposedly the “language of hackers”, in reality it’s used more seriously by the “script kiddie” it’s used more seriously by the “script kiddie” crowd, although it is commonly used jokingly by crowd, although it is commonly used jokingly by experienced Internet users.experienced Internet users.http://www.bbc.co.uk/dna/h2g2/A787917http://www.bbc.co.uk/dna/h2g2/A787917

l33tl33t

Some common l33t words/phrases:Some common l33t words/phrases: 0wn3d0wn3d – beaten in a humiliating fashion, compromised – beaten in a humiliating fashion, compromised h4x0rh4x0r - hacker, can be used for a real hacker or simply a very - hacker, can be used for a real hacker or simply a very

skillful person. skillful person. l4m3rl4m3r - Lamer, someone who is lame, someone who uses an - Lamer, someone who is lame, someone who uses an

unfair tactic or generally makes the things around him or her less unfair tactic or generally makes the things around him or her less fun. fun.

n00bn00b - Short for noobie, misspelling of newbie; someone who is - Short for noobie, misspelling of newbie; someone who is new to something, or just not very good at it. new to something, or just not very good at it.

L33t was brought into the height of its popularity by the L33t was brought into the height of its popularity by the webcomic “Megatokyo”, with the following early strip:webcomic “Megatokyo”, with the following early strip:

l33tl33t

HactivismHactivism

Formed by combining “hack” with “activism,” Formed by combining “hack” with “activism,” hacktivismhacktivism is the act of is the act of hackinghacking into a into a Web siteWeb site or computer system in order to communicate a or computer system in order to communicate a politically or socially motivated message. politically or socially motivated message. Unlike a malicious hacker, who may disrupt a Unlike a malicious hacker, who may disrupt a system for financial gain or out of a desire to system for financial gain or out of a desire to cause harm, the cause harm, the hacktivisthacktivist performs the same performs the same kinds of disruptive actions (such as a kinds of disruptive actions (such as a DoSDoS attack attack) in order to draw attention to a cause. ) in order to draw attention to a cause. For the hacktivist, it is an For the hacktivist, it is an InternetInternet-enabled way -enabled way to practice civil disobedience and protest.to practice civil disobedience and protest.

Hactivism Q/AHactivism Q/AQ: Give me 1 pro and 1 con to hactivism, Q: Give me 1 pro and 1 con to hactivism, in terms of the person doing it.in terms of the person doing it.A: A: Pro: Their message is seen by all the people Pro: Their message is seen by all the people

who would normally use a resource (it’s down who would normally use a resource (it’s down in the case of DoS, a web page is defaced, in the case of DoS, a web page is defaced, etc.)etc.)

Con: Hactivism is illegal. In addition to Con: Hactivism is illegal. In addition to potentially getting you arrested, it links your potentially getting you arrested, it links your cause to criminal actions and vandalism, cause to criminal actions and vandalism, which can have negative PR.which can have negative PR.

White HatsWhite Hats

The term is derived from American western The term is derived from American western movies, where the good cowboy always wore movies, where the good cowboy always wore the white cowboy hat and the bad cowboy the white cowboy hat and the bad cowboy always wore a black one. always wore a black one. "White Hat" usually refers to hackers who don't "White Hat" usually refers to hackers who don't break the law, commit any offense or engage in break the law, commit any offense or engage in any malicious activity as part of their hacking. any malicious activity as part of their hacking. The term is now commonly used by security The term is now commonly used by security consultants who offer hacking/penetration consultants who offer hacking/penetration testing as part of their services.testing as part of their services.When they find a hole in the system they alert When they find a hole in the system they alert the operators so they can fix it.the operators so they can fix it.

Black HatsBlack Hats

A malicious or criminal hacker. This term A malicious or criminal hacker. This term is seldom used outside of the security is seldom used outside of the security industry and by some modern industry and by some modern programmers. The general public use the programmers. The general public use the term term hackerhacker to refer to the same thing. to refer to the same thing.

““Black hat” hackers steal information, plant Black hat” hackers steal information, plant viruses, and wreak havoc.viruses, and wreak havoc.

Grey HatsGrey Hats"Grey Hat" is the term often given to hackers whose actions are not "Grey Hat" is the term often given to hackers whose actions are not malicious but whose hacking methods may cross legal or ethical malicious but whose hacking methods may cross legal or ethical lines. It's also used to categorize hackers who may at one stage lines. It's also used to categorize hackers who may at one stage have broken the law in their hacking activities, but who have since have broken the law in their hacking activities, but who have since come across to the more ethical white side.come across to the more ethical white side.““Gray Hat” describes a Gray Hat” describes a crackercracker who exploits a security weakness in who exploits a security weakness in a computer system or product in order to bring the weakness to the a computer system or product in order to bring the weakness to the attention of the owners. Unlike a attention of the owners. Unlike a black hatblack hat, a gray hat acts without , a gray hat acts without malicious intent. The goal of a gray hat is to improve system and malicious intent. The goal of a gray hat is to improve system and network security. network security. However, by publicizing a vulnerability, the gray hat may give other However, by publicizing a vulnerability, the gray hat may give other crackers the opportunity to exploit it. This differs from the crackers the opportunity to exploit it. This differs from the white hatwhite hat who alerts system owners and vendors of a vulnerability without who alerts system owners and vendors of a vulnerability without actually exploiting it in public.actually exploiting it in public.““Grey Hat” Hackers don’t commit crimes but may give information to Grey Hat” Hackers don’t commit crimes but may give information to Black Hat Hackers who will.Black Hat Hackers who will.

Hat colors Q / AHat colors Q / A

Q: Why (as a grey hat) post flaws publicly?Q: Why (as a grey hat) post flaws publicly?

A: Many times, white hats say that when A: Many times, white hats say that when they notify a company privately of a they notify a company privately of a security flaw, the company ignores them security flaw, the company ignores them or attempts to silence them. By posting the or attempts to silence them. By posting the flaw publicly, the company is forced to flaw publicly, the company is forced to take action to correct the flaw, lest it leave take action to correct the flaw, lest it leave a known security hole in place.a known security hole in place.

Script KiddiesScript Kiddies

In In computingcomputing, a script kiddie (occasionally , a script kiddie (occasionally script bunnyscript bunny, , script kittyscript kitty or or skiddieskiddie) is a derogatory term for inexperienced ) is a derogatory term for inexperienced crackerscrackers who use who use scripts and programs developed by others, without knowing what scripts and programs developed by others, without knowing what they are or how they work, for the purpose of compromising they are or how they work, for the purpose of compromising computer accounts and files, and for launching attacks on whole computer accounts and files, and for launching attacks on whole computer systemscomputer systems (see (see DoSDoS). ). In general, they do not have the ability to write these kinds of In general, they do not have the ability to write these kinds of programs on their own. Such programs have included programs on their own. Such programs have included WinNukeWinNuke applications, applications, Back OrificeBack Orifice, and , and Sub7Sub7.Script kiddies, instead of .Script kiddies, instead of attacking an individual system, often scan thousands of computers attacking an individual system, often scan thousands of computers looking for vulnerable targets before initiating an attack. This is looking for vulnerable targets before initiating an attack. This is similar to similar to wardialingwardialing and and wardrivingwardriving in which the attacker isn't in which the attacker isn't looking at one specific system, but instead anything that is open and looking at one specific system, but instead anything that is open and looks interesting. The term is also often used as a derogatory looks interesting. The term is also often used as a derogatory moniker for individuals who do not contribute to the development of moniker for individuals who do not contribute to the development of new security-related programs, especially exploits, but rather benefit new security-related programs, especially exploits, but rather benefit from the work of others.from the work of others.

Sys AdminSys Admin

The term system administrator, abbreviated The term system administrator, abbreviated sysadmin, designates an employment position of sysadmin, designates an employment position of those people responsible for running technically those people responsible for running technically enchanced information systems or some aspect enchanced information systems or some aspect of them. They often deal with the setup and of them. They often deal with the setup and maintenance of computers and networks. maintenance of computers and networks.

System Administators also work on more than System Administators also work on more than just computers, such as the interaction between just computers, such as the interaction between humans and technology, and the enhancement humans and technology, and the enhancement of business process's through technology. of business process's through technology.