Re: [ISN] The good and bad of computer hacking

From: InfoSec News (isnat_private)
Date: Fri Dec 13 2002 - 02:46:55 PST

  • Next message: InfoSec News: "RE: [ISN] Microsoft upgrades IE flaw to critical after criticism"

    Forwarded from: Thomas C. Greene <tcgreeneat_private>
    i've always been dissatisfied with the vagueness of both terms,
    hacking and cracking.  neither says anything about motivation.  since
    i used to write about this stuff a great deal, i came up with a scheme
    that makes sense - at least to me.  i'd like to share it for what it's
    worth.  to give my own column some consistency, i decided that both
    words should be neutral in terms of motive.  that is, hacker or
    cracker is not a synonym for 'computer criminal', but malicious hacker
    or malicious cracker might be.
    we could distinguish between a hacker and a cracker by saying that
    hacking is a very general term referring to any exploration of
    software or hardware or a system where one hasn't got the source code,
    the schematics, or the layout.  so hacking is learning about a closed
    system by essentially 'fiddling about in the dark' until something
    unexpected happens, followed by an analysis of why that should be,
    leading to further experimenting and ultimately to insight about how
    the thing we're looking at works. thus hacking is both empirical and
    analytical, sharing much with the scientific method.  often, hacking
    leads to useful modifications of existing software, hardware or
    systems, which the designers didn't anticipate.  this can be good or
    bad depending on the hacker's motives.
    'cracker' was a poor attempt at distinguishing 'hacker' from
    'criminal' - an association the mainstream press was all too eager to
    make.  to me a cracker is an offensively-white dork like trent lott,
    but that's a topic for another rant.  i never thought we needed the
    term cracking in the technology lexicon, but we're stuck with it now
    so i suppose we can use it to indicate a particular subset of hacking,
    that is to defeat electronic security measures.  we've always spoken
    of 'cracking' a passfile, say, or a cipher, so it makes sense to use
    cracking to indicate the electronic equivalent of picking locks.  
    again, this can be done merely to illustrate security flaws, or to
    steal something protected electronically.  a cracker can do good or
    bad depending on his motives.
    we still need a modifier to indicate motive.  'black hat' and 'white
    hat' are already cluttering the lexicon, so why not put them to use?  
    thus one might be a black hat hacker, or a white hat cracker,
    depending on what one hopes to accomplish.
    On Thursday 12 December 2002 3:50 am, InfoSec News wrote:
    > Forwarded from: Robert G. Ferrell <rferrellat_private>
    > At 02:23 AM 12/11/02 -0600, you wrote:
    > > In early October, I wrote a column about how words influence the way
    > > we view and act upon situations. I made specific reference to the
    > > word "hacker" and how the word seems innocent, even cute. But I said
    > > it actually describes an action that is criminal.
    > If you think "hacker" is innocent or cute, you need to spend some
    > time with Mr. Webster:
    > "One who cuts or severs with repeated irregular or unskillful blows"
    > "One who cuts or shapes by or as if by crude or ruthless strokes"
    > Charming.
    > Of course, the same dictionary now lists hacking as "gaining
    > access to a computer illegally," but that is the direct result of the
    > persistent misuse of the term by a careless and lazy press,
    > more interested in sensationalism than, say, accuracy.
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Dec 13 2002 - 05:17:10 PST