Hacker (computer security)
Hacker in a security context refers to a type of computer hacker who is involved in computer
security/insecurity and is able to exploit systems or gain unauthorized access through skills,
tactics and detailed knowledge.
In the most common general usage, "hacker" refers to a black-hat hacker (a malicious or
criminal hacker). There are also ethical hackers (more commonly referred to as white hats),
and ethically ambiguous grey hats. The terms for these subcategories are not in the same
general use.
Terminology
Similar, synonymous and related terms, which are not mutually exclusive, or universally
accepted:

Hacker may mean simply a person with mastery of
computers; however the mass media most often uses
"hacker" as synonymous with a (usually criminal)
computer intruder. See hacker, and Hacker
definition controversy.

White hat: An ethical hacker who breaks security
but who does so for altruistic or at least nonmalicious reasons. White hats generally have a
clearly defined code of ethics, and will often attempt
to work with a manufacturer or owner to improve
discovered security weaknesses, although many
reserve the implicit or explicit threat of public
disclosure after a "reasonable" time as a prod to
ensure timely response from a corporate entity. The
term is also used to describe hackers who work to
deliberately design and code more secure systems.
To white hats, the darker the hat, the more the ethics
of the activity can be considered dubious.
Conversely, black hats may claim the lighter the hat,
the more the ethics of the activity are lost.

Grey hat: A hacker of ambiguous ethics and/or
borderline legality, often frankly admitted.

Blue Hat: Refers to outside computer security
consulting firms that are used to bug test a system
prior to its launch, looking for exploits so they can
be closed. The term has also been associated with a
roughly annual security conference by Microsoft,
the unofficial name coming from the blue color
associated with Microsoft employee badges. Also
see Big Blue.

Black Hat: Someone who subverts computer
security without authorization or who uses
technology (usually a computer or the Internet) for
terrorism, vandalism, credit card fraud, identity
theft, intellectual property theft, or many other types
of crime. This can mean taking control of a remote
computer through a network, or software cracking.

Cracker:
1. A black hat hacker. Often used to
differentiate black hat hackers and the
general (positive) sense of hacker. The use
of the term began to spread around 1983,
probably introduced both due to similar
phonetic sound and as construction from the
historical slang of safe cracker. Also
theorized by some to be a portmanteau of
the words criminal and hacker.
2. A security hacker who uses password
cracking or brute force attacks. Related to
the term safe cracker.
3. A software cracker. A person specialized in
working around copy protection
mechanisms in software. Note that software
crackers are not involved in exploiting
networks, but copy protected software.

Script kiddie: A pejorative term for a computer
intruder with little or no skill; a person who simply
follows directions or uses a book-book approach
without fully understanding the meaning of the steps
they are performing.

Hacktivist is a hacker who utilizes technology to
announce a political message. Web vandalism is not
necessarily hacktivism.
[edit] Common methods
There are several recurring tools of the trade used by computer criminals and security experts:
Security exploit
A prepared application that takes advantage of a
known weakness.
Packet sniffer
An application that captures TCP/IP data packets,
which can maliciously be used to capture passwords
and other data while it is in transit either within the
computer or over the network.
Rootkit
A toolkit for hiding the fact that a computer's
security has been compromised. Root kits may
include replacements for system binaries so that it
becomes impossible for the legitimate user to detect
the presence of the intruder on the system by
looking at process tables.
Social engineering
Convincing other people to provide some form of
information about a system, often under false
premises. A blatant example would be asking
someone for their password or account possibly over
a beer or by posing as someone else. A more subtle
example would be asking for promotional material
or technical references about a company's systems,
possibly posing as a journalist.
Trojan horse
These are programs designed so that they seem to do
or be one thing, such as a legitimate software, but
actually are or do another. They are not necessarily
malicious programs. A trojan horse can be used to
set up a back door in a computer system so that the
intruder can return later and gain access. Viruses
that fool a user into downloading and/or executing
them by pretending to be useful applications are also
sometimes called trojan horses. (The name refers to
the horse from the Trojan War, with conceptually
similar function of deceiving defenders into bringing
an intruder inside.) See also Dialer.
Virus
A virus is a self-replicating program that spreads by
inserting copies of itself into other executable code
or documents. Thus, a computer virus behaves in a
way similar to a biological virus, which spreads by
inserting itself into living cells.
Vulnerability scanner
A tool used to quickly check computers on a
network for known weaknesses. Hackers also
commonly use port scanners. These check to see
which ports on a specified computer are "open" or
available to access the computer, and sometimes
will detect what program or service is listening on
that port, and it's version number. (Note that
firewalls defend computers from intruders by
limiting access to ports/machines both inbound and
outbound, but can still be circumvented.)
Worm
Like a virus, a worm is also a self-replicating
program. The difference between a virus and a
worm is that a worm does not create multiple copies
of itself on one system: it propagates through
computer networks. After the comparison between
computer viruses and biological viruses, the obvious
comparison here is to a bacterium. Many people
conflate the terms "virus" and "worm", using them
both to describe any self-propagating program. It is
possible for a program to have the blunt
characteristics of both a worm and a virus.
Security tools

Firewall (networking) In computing, a firewall is a
piece of hardware and/or software which functions
in a networked environment to prevent some
communications forbidden by the security policy,
analogous to the function of firewalls in building
construction.
 Intrusion Detection System (IDS), generally detects
unwanted manipulations to systems. There are many
different types of IDS, some of them are described
here. The manipulations may take the form of
attacks by skilled malicious hackers, or Script
kiddies using automated tools.
 Anti-virus software consists of computer programs
that attempt to identify, thwart and eliminate
computer viruses and other malicious software
(malware).

Encryption is used to protect your message from the
eyes of others. It can be done in several ways by
switching the characters around, replacing
characters with others, and even removing
characters from the message. These have to be used
in combination to make the encryption secure
enough, that is to say, sufficiently difficult to crack.

Authorization restricts access to a computer to group
of users through the use of authentication systems.
These systems can protect either the whole
computer - such as through an interactive logon
screen - or individual services, such as an FTP
server.

Vulnerability scanner and port scanner tool used to
quickly check computers on a network for known
weaknesses and ports available to access a computer
over a network