Re: The good and bad of computer hacking

[InfoSec News <isn () c4i org>]

Forwarded from: Thomas C. Greene <tcgreene () bellatlantic net>

i've always been dissatisfied with the vagueness of both terms,
hacking and cracking.  neither says anything about motivation.  since
i used to write about this stuff a great deal, i came up with a scheme
that makes sense - at least to me.  i'd like to share it for what it's
worth.  to give my own column some consistency, i decided that both
words should be neutral in terms of motive.  that is, hacker or
cracker is not a synonym for 'computer criminal', but malicious hacker
or malicious cracker might be.

we could distinguish between a hacker and a cracker by saying that
hacking is a very general term referring to any exploration of
software or hardware or a system where one hasn't got the source code,
the schematics, or the layout.  so hacking is learning about a closed
system by essentially 'fiddling about in the dark' until something
unexpected happens, followed by an analysis of why that should be,
leading to further experimenting and ultimately to insight about how
the thing we're looking at works. thus hacking is both empirical and
analytical, sharing much with the scientific method.  often, hacking
leads to useful modifications of existing software, hardware or
systems, which the designers didn't anticipate.  this can be good or
bad depending on the hacker's motives.

'cracker' was a poor attempt at distinguishing 'hacker' from
'criminal' - an association the mainstream press was all too eager to
make.  to me a cracker is an offensively-white dork like trent lott,
but that's a topic for another rant.  i never thought we needed the
term cracking in the technology lexicon, but we're stuck with it now
so i suppose we can use it to indicate a particular subset of hacking,
that is to defeat electronic security measures.  we've always spoken
of 'cracking' a passfile, say, or a cipher, so it makes sense to use
cracking to indicate the electronic equivalent of picking locks.  
again, this can be done merely to illustrate security flaws, or to
steal something protected electronically.  a cracker can do good or
bad depending on his motives.

we still need a modifier to indicate motive.  'black hat' and 'white
hat' are already cluttering the lexicon, so why not put them to use?  
thus one might be a black hat hacker, or a white hat cracker,
depending on what one hopes to accomplish.

t.


On Thursday 12 December 2002 3:50 am, InfoSec News wrote:
> Forwarded from: Robert G. Ferrell <rferrell () texas net>
>
> At 02:23 AM 12/11/02 -0600, you wrote:
> > In early October, I wrote a column about how words influence the way
> > we view and act upon situations. I made specific reference to the
> > word "hacker" and how the word seems innocent, even cute. But I said
> > it actually describes an action that is criminal.
>
> If you think "hacker" is innocent or cute, you need to spend some
> time with Mr. Webster:
>
> "One who cuts or severs with repeated irregular or unskillful blows"
> "One who cuts or shapes by or as if by crude or ruthless strokes"
>
> Charming.
>
> Of course, the same dictionary now lists hacking as "gaining
> access to a computer illegally," but that is the direct result of the
> persistent misuse of the term by a careless and lazy press,
> more interested in sensationalism than, say, accuracy.

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.