Originally posted by cperciva
Q. What's up with all these different colours of hats?
A. There are four colours you need to look out for: Black, White, Grey, and Red. The respective meanings are "Cracker", "Hacker", "Guru", and "Victim".

What does it mean if a Guru Hacker is the Victim of a Cracker? Is that the Rainbow Thoery? And really, how much could a woodchuck chuck, if a woodchuck could chuck wood? If a hacker is in the woods and no one's there to hear him crack, is he really a cracker? Are you confused yet? What was your root password again? What came first.. the... Well, we know it's the Chicken, for goodness sakes!

Originally posted by Tim_Greer
Guru Hacker

That's a contradiction in terms. A security Guru is someone who understands the field intimately, and teaches the next generation of Hackers and Crackers, while not getting involved directly themselves.

The distinction between the four is more or less on par with the distinction between the Good, the Evil, the Nietzschists, and the Stupid.

Originally posted by cperciva


That's a contradiction in terms. A security Guru is someone who understands the field intimately, and teaches the next generation of Hackers and Crackers, while not getting involved directly themselves.

The distinction between the four is more or less on par with the distinction between the Good, the Evil, the Nietzschists, and the Stupid.

But if a "Guru" knew everything and was truly a "Guru", s/he must certainly posses the ability to be able to "Hack" or engage in the act of Hacking around, yes? I.e., an intelligent person can do poorly at something if they wish. Or, are you saying, once that Guru actually participates in Hacking or Cracking, that they are no longer a Guru? How do you go down in rank, if you still know everything well enough? I didn't combine or compare the four, but only one "A Guru Hacker" -- someone that is so well skilled at Hacking, that they are a Guru at hacking. Some once a teacher does the act of something, they are no longer the teacher?

Dictionary.com:

"guru

n. [Unix] An expert. Implies not only wizard skill but also a history of being a knowledge resource for others. Less often, used (with a qualifier) for other experts on other systems, as in `VMS guru'. See source of all good bits. "

How can someone not be a Guru hacker? A hacker being a programming, that is. Someone can have a wizard/expert skill at hacking and knowledge of all that is involved, correct? So, they are still a Hacker, even if they are a Guru at it. Did you ever expect this response to your original post? Now, I need answers, damn it!

A Guru *could* Hack, if he so wished. But they don't, and that is part of what makes them Gurus... they, as a general rule, don't get directly involved.

<edit>Oh, now I see your point. No, hacking and cracking are two sides of the same coin, named "security". You can't be a guru of one without being a guru of the other. And that would make you a "security Guru".</edit>

Originally posted by cperciva
A Guru *could* Hack, if he so wished. But they don't, and that is part of what makes them Gurus... they, as a general rule, don't get directly involved.

That's true wisdom!

Interesting, is that sort of like the old adage, "Those who cannot do, teach". The field of security is a constant changing field, if you are not hacking constantly, how can you maintain a guru status? For example, suppose you disern a possible security hole in a program, shouldn't you attempt to hack it before proclaiming the security hole? Or do you just expect the world to take your word for it?

Security is not changing nearly as rapidly as you think. Oh, there are new security holes discovered on a daily basis, but the field as a whole doesn't change much. Gurus are generally more concerned with the processes responsible for creating security holes than with the security holes themselves.

It's like arithmetic vs. mathematics. Most mathematicians are horrible at arithmetic... but if you describe the method you're using to perform some arithmetic, the mathematician will be able to tell you immediately if you're going to get the right answer.

Because if I really understood one thing they were saying, I would be tempted to have myself committed.

I've just made my reservations at the psych ward!! :D I actually followed parts of this.. Maybe my wife was correct I spend too much time with the computer!!! :laugh:

Tim's got a good point. But why can't you wear a different hat at different times, or wear more than one hat at a time? And if you're not supposed to do that, then why use the analogy of a hat?

You should use something like a brain. You can't have more than one brain, and you can't change it. Yet.

:)

Originally posted by cperciva
Security is not changing nearly as rapidly as you think. Oh, there are new security holes discovered on a daily basis, but the field as a whole doesn't change much. Gurus are generally more concerned with the processes responsible for creating security holes than with the security holes themselves.


Hmm...that's an interesting observation, but I am not sure I completely agree. On the one hand, general security theory has remained relatively constant (ie a security model developed 5 years ago is still relevent today), on the hand, if you are going to be able to effectively guage potential security holes -- even if you are not going to exploit them -- you have to hack at something to see how it works.

I think bitserv is correct, I think the hats are not exclusive, I think people can wear different hats at different times...not everyone does this, but I imagine there people that do, especially when you are talking about moving between guru and hacker.

Of course I am neither a Guru or a Hacker...I'm a jockey :D

Wow, you guys... I was totally not serious about my response to his .sig. I truly didn't expect this would turn into a thread about it. I lost interest since last night anyway. I already found new stuff to debate -- get with it, guys! :-)

PS: I B da hackin'est, mozt crackin'est, guru of a mofo' y'all evr d1d kno! (yo).

Originally posted by Tim_Greer

PS: I B da hackin'est, mozt crackin'est, guru of a mofo' y'all evr d1d kno! (yo).

Poser :D. If you were really an 31337 4/\x04 you would never spell it hackin'est :D

Originally posted by uuallan


Poser :D. If you were really an 31337 4/\x04 you would never spell it hackin'est :D

Uh, no, it was just that... uh.. my s,[k3yb0R1>],, was broke, n' stuff... naw, I'm just an Ebonical-H4x0r is all. Yo!

PS: I b havin' da mad skillz, yo!

Originally posted by Tim_Greer

PS: I b havin' da mad skillz, yo!

Okay, as long as your skillz are mad :D