I would call myself a grey hat hacker. I'm definitely not the kind of person who would go after people's credit card numbers or anything like that, and I would never do anything that would cause any harm to anyone's computers or data, but at the same time, I'm intrigued by the thought of violating security. It's the challenge that intrigues me. Over the years, black hat hacking has become increasingly difficult, as security measures become better and better. Viruses are a lot more sophisticated than they were in the 90s. And buffer overflow attacks have been replaced with convoluted return oriented programming attacks.
I've been working on several research projects, like an idea I had for how one could crack a WiFi network that's protected by WPA2 security (much harder than if it's protected by WEP, since WPA2 uses AES encryption, and there's no known efficient crack for AES, but I've thought of sort of a loophole where you wouldn't actually have to decrypt anything). I've also been working on other ideas, like virus deployment over P2P networks.
I want to do something with all of these ideas, but I like not being in jail. I don't know. I'm not that familiar with the laws regarding black hat hacking, but my understanding is that whether the authorities actually decide to prosecute you or not depends on how much damage you do. For example, I hear about script kiddies who deface web pages; they don't usually go to jail because those web pages are back up within a day and no one cares. But the script kiddie who deployed the Blaster Worm got serious jail time, because that worm caused serious damage. I mean, I guess if I deploy viruses that are ensured not to cause any actual damage, I would be scoring hacker cred by getting past virus filters without actually breaking any laws.
So I need some ideas. What do programmers usually do when they are first learning how to violate security? I know I could become a professional penetration tester. That doesn't seem like it would be completely fulfilling for some reason, though. I mean, it is just a job after all. I wonder if there are other healthier alternatives, besides being a cyber-criminal.
EDIT: It just occurred to me that this thread might be better suited for the General Computing forum.
Edited by DarkLordCthulhu, 22 December 2015 - 12:34 PM.