Black & White

What is right? Is there right? Are you right?

Black & White

Post by cyberdrain on Wed Apr 23, 2014 6:22 pm
([msg=80347]see Black & White[/msg])

So, I've been thinking about this a lot lately and I could use some input. Basically what I see around me is that the people trying to protect data and report vulnerabilities (the white hats) are more likely to be caught/targeted by legal means than those trying to destroy or misuse that information (the black hats).

Let me explain: what I see as white hats includes those that make what I said above their jobs and those that don't but use the same ethic. The same for black hats. Now, say a white hat reports a vulnerability to a client, he/she will use his/her own name and might be under an NDA. A black hat will never report it, just exploit it. Most white hats believe they do nothing wrong (example), while it's in the black hats' nature to protect and hide their interests at all costs. Therefore by nature of the ethic, a white hat is more vulnerable to retaliation from the legal system.

While black hats working for the government are being paid to exploit instead of fix (example), white hats are being prosecuted for trying to fix instead of exploiting. This creates a situation where black hats are favored more by the government and the legal system. My questions are; is it even possible to be a white hat without necessary protection (for legal reasons), am I even correct in assuming that the current course favors those who set out to harm instead of fix and lastly does it ultimately work in favor of or against the protection of systems and data?

I deliberately left out the grey hats, you'll probably understand why. I'm interested in any and all differences of opinions or definitions.
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1378
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Black & White

Post by 0phidian on Thu Apr 24, 2014 8:31 pm
([msg=80352]see Re: Black & White[/msg])

My thoughts. The government just does whatever is in it's best interest, not the peoples. It is in their best interest to use black hat tactics. However they do not want said tactics used against them. One tactic to prevent this is to make examples out of people and white hats are much easier targets. Like you said black hats take lots of precautions not to be caught where as white hats often take none since they dont think theyre doing anything wrong.

Also, I never really liked the whole hat thing. I feel like the labels are too simple.
User avatar
0phidian
Poster
Poster
 
Posts: 270
Joined: Sat Jun 16, 2012 7:04 pm
Blog: View Blog (0)


Re: Black & White

Post by cyberdrain on Sun Apr 27, 2014 6:02 pm
([msg=80445]see Re: Black & White[/msg])

0phidian wrote:My thoughts. The government just does whatever is in it's best interest, not the peoples. It is in their best interest to use black hat tactics. However they do not want said tactics used against them. One tactic to prevent this is to make examples out of people and white hats are much easier targets. Like you said black hats take lots of precautions not to be caught where as white hats often take none since they dont think theyre doing anything wrong.

So you're basically saying one should be protecting themselves no matter which 'side' they're on? If the risks are lower when acting like a black hat, higher when acting like a white hat and acting like either black or white hat will get you into jail, how is it even possible white hats still exist? This would mean you get screwed by the system either way. When fixing software takes on a (much) lower priority than exploiting it and this occurs on a massive scale, usability, stability and protection of data will suffer. I wonder if that is the intention of whoever decided to start this policy. Hmm, I have to think about this some more, thanks for the input :)

0phidian wrote:Also, I never really liked the whole hat thing. I feel like the labels are too simple.

I agree, but for the sake of argument it makes for an easier comparison.
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1378
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Black & White

Post by pretentious on Mon Apr 28, 2014 3:53 am
([msg=80451]see Re: Black & White[/msg])

there's a bit of intellectual discussion going on. without thinking too hard, I've got 2 points to throw into the ring.

I think it's a good idea to think of government as a corporation, People do work and then get paid, I also think the government works for the best interest of the country, not the people.

How is it even possible that white hats still exist? well I havn't checked my birth cert for a while but I'm pretty sure my given name isn't pretentious.Even though the powers that be have nothing on me. *goatboy, take it away* I still don't generally throw my name around when i can avoid it and vice versa, few people who aren't 'in' on the whole info sec shebangabang know about the extent of my badassness behind a gnome-terminal
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Contributor
Contributor
 
Posts: 687
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Black & White

Post by cyberdrain on Mon Apr 28, 2014 8:28 am
([msg=80454]see Re: Black & White[/msg])

pretentious wrote:I think it's a good idea to think of government as a corporation, People do work and then get paid, I also think the government works for the best interest of the country, not the people.

There is only one problem with that, if a corporation is completely ignoring its customers and does not deliver what is promised, it will eventually go bankrupt or be taken over by its competitor. By definition there is no market for governments, so the only influence people have in a democracy, is voting for the other guy/girl hoping he/she won't do the same. Though I wonder, what do you see as 'the country' in this regard? Because if it's not the people, I assume you mean the governing body itself. If that is true, what we call democracy doesn't exist any-more.

pretentious wrote:How is it even possible that white hats still exist? well I haven't checked my birth cert for a while but I'm pretty sure my given name isn't pretentious.Even though the powers that be have nothing on me. *goatboy, take it away* I still don't generally throw my name around when I can avoid it and vice versa, few people who aren't 'in' on the whole info sec shebangabang know about the extent of my badassness behind a gnome-terminal

Hmm, if I understand you correctly: in order to be safe, white hats still have to protect their identity. That does however cause problems if you're under contract (which usually goes by name, not handle), it either limits the extend of what can be done compared to black hats (giving them an edge which can't be tested for) or it means having to use the same black hat tactics to protect the white hat's identity (causing legal problems). Meanwhile any black hats can do as they please without interference from either government or white hats (assuming the latter don't use black hat tactics). Interesting world this is going to be :)
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1378
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Black & White

Post by tremor77 on Mon Apr 28, 2014 8:49 am
([msg=80456]see Re: Black & White[/msg])

I'll start with a question, where would you put a guy like Luigi Auriemma as far as a label. (https://www.blackhat.com/eu-13/speakers/Luigi-Auriemma.html) - He's prolific, extremely well known, independent contractor, his methods and his work are the tools of many a good blackhat, but he's an obvious whitehat. He's pissed off many a government and large corporation (sic microsoft RDP exploit that after he exposed somehow got leaked to the Chinese after he reported it to microsoft).

I think the case is, that if you're going to be a whitehat, either be really good and prolific as an independent, or be sponsored / work for a government or corporation. That way you're under the umbrella of the companies protection or in aluigi's case, the whole goddamn hacker world and the media.

The blackhat is always going to be the more danger laden venture, you work to remain as anonymous as possible, but if/when you do get hit, you'll get hit hard because there will be no one to protect you. At least a whitehat has a fighting chance in the legal world.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 899
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Black & White

Post by pretentious on Tue Apr 29, 2014 4:15 am
([msg=80471]see Re: Black & White[/msg])

cyberdrain wrote:
pretentious wrote:I think it's a good idea to think of government as a corporation, People do work and then get paid, I also think the government works for the best interest of the country, not the people.

There is only one problem with that, if a corporation is completely ignoring its customers and does not deliver what is promised, it will eventually go bankrupt or be taken over by its competitor. By definition there is no market for governments, so the only influence people have in a democracy, is voting for the other guy/girl hoping he/she won't do the same. Though I wonder, what do you see as 'the country' in this regard? Because if it's not the people, I assume you mean the governing body itself. If that is true, what we call democracy doesn't exist any-more.

I'm only making shit up that's sounds about right in my head.I get regularly schooled by my arts degree mate. "the country" in this context is.more of an economic progress, aquire resources, keep people alive kinda thing
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Contributor
Contributor
 
Posts: 687
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Black & White

Post by cyberdrain on Sat May 03, 2014 8:18 pm
([msg=80522]see Re: Black & White[/msg])

tremor77 wrote:I'll start with a question, where would you put a guy like Luigi Auriemma as far as a label?

I guess I should change my perspective a bit then, as I would call him a grey hat, albeit one with more white than black.

tremor77 wrote:... either be really good and prolific as an independent, or be sponsored / work for a government or corporation.

or
tremor77 wrote:... remain as anonymous as possible, but if/when you do get hit, you'll get hit hard because there will be no one to protect you.


So I guess you're saying a white hat should be as known as possible (whether corporately, by government or by skill), compared to a black hat being as hidden as possible, both for their own protection based on their actions. Does that basically come down to: don't piss off the wrong people no matter what and try never getting caught for anything illegal no matter which side one is on?

pretentious wrote:I'm only making shit up that's sounds about right in my head.I get regularly schooled by my arts degree mate. "the country" in this context is more of an economic progress, acquire resources, keep people alive kinda thing

I wasn't trying to school you, though I guess reading it back I could read it like that (my apologies). It was more or less voicing my thoughts without adding question-marks everywhere as I noticed I do a lot. I would've never seen a country as just an economy of assets and resources, though thinking about it, that does make sense. It's a different way to view the world.
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1378
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)



Return to Ethics

Who is online

Users browsing this forum: No registered users and 0 guests