Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

7/27/2020
07:30 AM
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Block/Allow: The Changing Face of Hacker Linguistics

Terms such as "whitelist," "blacklist," "master," and "slave" are being scrutinized again and by a wider range of tech companies than ever before.

Hackers generally love to embrace change, from executing new exploits to reconsidering past paradigms. But like most of technology, the cybersecurity companies that use it have been slow to abandon exclusionary language that has returned to the spotlight thanks to the Black Lives Matter protests.

Terms such as "whitelist" and "blacklist," which refer to lists of approved or blocked websites, IP addresses, privileges, and services, or "master" and "slave" when talking about one device that controls another are being scrutinized again and by a wider range of tech companies than ever before. 

Several major companies and tech development organizations have announced their intentions to replace those words in professional and development settings, including Apple, Google's Android, Microsoft's GitHub, Splunk, Red Hat, and GitLab. Several cybersecurity organizations are also making the change, including Cisco's Talos research division and the UK National Cyber Security Centre

They're not the first to do so, an honor that many believe belongs to Los Angeles County, which in 2003 began requiring its computer suppliers to use terms other than "master" and "slave." The most recent wave of changes demonstrates that more, and more powerful, tech organizations take watching their language as a serious concern, even though the history of the terms predates their use in computing, says Christina Dunbar-Hester, an associate professor of communication at the University of Southern California and the author of "Hacking Diversity: The Politics of Inclusion in Open Technology Cultures."

"Language is symbolic and powerful but can also feel superficial. Certainly in the moment we're in, some people are asking to abolish the police, not to change unfortunate computer terms," she says. "But Black Lives Matter and the current moment gives people the ammunition to say that language does matter."

However, there's a difference between changing word choices in documentation and getting people to change the words they use on a daily basis. Convincing developers, hackers, and other professionals to switch to more inclusive language has been a long struggle that predates the current norms.

Tech has long faced a serious imbalance in how it pays and promotes white men more than women and black, indigenous, and people of color. There's a gender pay gap of 17% in the US and 19% in the UK, according to Tessian's Opportunity in Cybersecurity Report published in March. But the racial pay gap is significantly worse, with Black Americans facing a difference of 46% in some states and up to 91% in others, according to a June study by employment research company Zippia.

So shouldn't cybersecurity and other tech companies focus on improving their hiring and promotion practices rather than what language they use in production environments?

"It would be all too easy to make certain changes to a technical handbook, a conference website, or even an API, and leave some of the other questions unanswered," Dunbar-Hester argues. "Diversity itself is a protean concept, but especially in corporate and work spaces it can be a mushy and market-friendly term that draws attention away from conversations about justice and equity." 

Changing language can help frame those workplace equity conversations, says Brianne Hughes, a linguistics expert and the lead editor on Bishop Fox's Cybersecurity Style Guide. Language, especially the kinds of technical terms that cybersecurity professionals use every day, needs to be accurate, consistent, and usable by people — and so do any changes made to it if those changes are to have an impact.

"We have a rule [at Bishop Fox] that we don't use 'hack' in a report. Instead, we explain what happened with more specific verbs. We also don't use 'abuse' as a verb. It's vague, but for the people that it matters to it's another microaggression, another miserable part of their day," she says. "We also include guidance for abort. If you have a choice, you could say 'force quit,' or 'interrupt.' As verbs, there are better words you can use than abort and abuse."

Eventually, says Dunbar-Hester, the terms will change just as online communities advocating for codes of conduct finally got the changes they were seeking. The challenge for most companies will be in changing their workplace cultures and business practices to be more inclusive, as well as updating the language they use.

"If we're talking about changes in technology and technical language, in relative isolation without other kinds of equity we are perpetuating a system that serves people with more power than those initiating those conversations," she says. "If there was greater social equity, the language questions wouldn't be so important."

Related Content:

 

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Seth is editor-in-chief and founder of The Parallax, an online cybersecurity and privacy news magazine. He has worked in online journalism since 1999, including eight years at CNET News, where he led coverage of security, privacy, and Google. Based in San Francisco, he also ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/31/2020 | 11:47:32 AM
Re: Interesting comments
Wow, someone really said trying to avenge. This conversation was not about avenging, it was about being sick and tired of people standing on our necks (ala George Floyd) and doing something about it. All we want is an equal opportunity and not being put at the bottom of the barrel, especially when we are talking about the "Just-US" system.

Because for me, I am not waiting for people to make a move, if I see something out of hand, then they will be dealt with accordingly (I will assess every situation respectfully but if it gets out of hand, then I don't mind getting dirty). I don't have that slave mentality, I welcome adversity.

So for me, it is not about changing the past (I cannot do anything about it), but from now and into the future, I am making my own way and working hard to get there. People will be racist, so I don't depend on them, I just see a goal and pursue it, but if someone is brave enough to get in the way, then there are consequences.

In the movie Jurassic Park, when he talked about the raptor and he said his visual acuity is just as good as yours, so when you look at him, he looks back, I think that describes me.

NEW RAPTORS! Dinosaur Remodels! Return To Jurassic Park - Detailed ...

T
MarkSitkowski
50%
50%
MarkSitkowski,
User Rank: Moderator
7/31/2020 | 2:06:43 AM
Re: Interesting comments
I guess the only consolation, is that this newspeak will be limited to use in the United States, and not in our parts of the world, where the 150 year old crimes that you're all still trying to avenge were never committed. 

 
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/30/2020 | 10:36:18 PM
Re: Interesting comments
In general, I object to the prostitution of the language of Shakespeare and Milton by professional offendees to suit their political ends.
  • Interesting, I object to all of the attrocities (fact) that were terrible in nature (Master/Slave) and the lack of sensitivity and accountability It is a a fact that individuals have have applied the same concepts to technology (I think you get the point), and in this instance, there is no political gain, just being human. There is a terrible memory of American History and Savery,  I am always curious as to why is it so hard to understand the plight of people in the US (African Americans and Native Americans) and the issues associated with our plight. It is just as bad as when when people from Nazi Germany were being killed, that was one of the most abhorrent times in history but Black people are still dealing with that attorcity in America and they call it the land of the free.

Abort, stop and quit
  • I don't think they have heard those (Abort that is) words during the times of slavery (Blacklist and whitelist, but just think about all of the connotations of how they are being used, blacklist to block something that is bad, whitelist allows things are good, I do understand the reason behind it but look at the psychological effects, children are looking at while dolls and saying they are beautiful and the black dolls are ugly, it affects the psyche even at a young age). Another example , look at all of the aspects of how the words black and white are being portraiyed (snow - pure, clean, black - dark, menacing).

So it is goes beyond the scope of this conversation, that there are instances that can perceived as "sketchy" or can be identified as sensitive in nature. Indviduals don't want to be taken back in time (we - Blacks/Native Americans) don't want to be taken back to a terrible place just like the Jews, we are trying to forget such as terrible time but the George Floyds keeps reminding us of how bad it still is.

T

 

 
MarkSitkowski
50%
50%
MarkSitkowski,
User Rank: Moderator
7/30/2020 | 10:08:15 PM
Re: Interesting comments
In general, I object to the prostitution of the language of Shakespeare and Milton by professional offendees to suit their political ends. 

In particular, science and engineering are above and outside of politics and the nuances of its language are , evidently, beyond their comprehension. 'Primary' and 'Secondary' do not have the same meaning as 'Master' and 'Slave', and cannot be used interchangeably. 'Abort', 'Stop' and 'Quit' all mean totally different things and 'Blacklist' and 'Whitelist' are derived from the hats, worn by the villain and hero in ancient westerns - which were shot in black and white (not the same thing as monochrome).

Any attempt to stop the term 'abuse', from signifying hack attempts is doomed to failure, since every ISP in the world uses an email address of '[email protected]' to receive complaints about hack attempts - and most are not in English-speaking countries. 
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/30/2020 | 2:15:22 PM
Interesting comments
DarkReading - I thought that referenced issues from a computing standpoint that are surreptitious in nature or secretive, done in the dark where people can't see what is being performed, that does not bother me.

What bother's me is the fact that people try to deflect the real issues and they belittle the true facts around the pain from slavery (400 years of oppression). I do agree "master/slave" needs to be removed and replaced with primary/secondary. I have a hard time saying it from time to time because of the mental images it brings to mind.

The writer was trying to be sensitive to the nature of people of color and the comments listed below causes me to believe that the void between people of color and white America will never resolve itself, the void is too big and the hurt is too deep. We will never get beyond our simple differences because people don't want to face the truth that America's history was truly ugly and still is.

I won't see the divide bridged between the two or in my lifetime but hopefully, it will.

Thank you writer for sharing, it is greatly appreciated.

T
libertyboy
50%
50%
libertyboy,
User Rank: Apprentice
7/30/2020 | 12:04:24 PM
Bold Story from the name DARKReading!
ummm?
wessir
100%
0%
wessir,
User Rank: Apprentice
7/30/2020 | 12:02:24 PM
Sad future for the younger tech workers
This only introduces an aspect of 'racism' that wasn't there. These terms are etched into metal. It won't be long and the younger workers can't understand documentation or the letters on devices because of what? feelings?

I suppose client/server would be next to be 'cancelled' because it implies status?
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15930
PUBLISHED: 2020-09-24
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
CVE-2020-19447
PUBLISHED: 2020-09-24
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.
CVE-2020-3560
PUBLISHED: 2020-09-24
A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by s...
CVE-2020-3509
PUBLISHED: 2020-09-24
A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient error...
CVE-2020-3510
PUBLISHED: 2020-09-24
A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error h...