[Full-Disclosure] Script Kiddies

From: Uncle Scrotora Balzac (scrotora_at_hushmail.com)
Date: 01/30/04

  • Next message: Michael Meier: "[Full-Disclosure] DIMVA 2004 deadline extended"
    To: full-disclosure@lists.netsys.com
    Date: Fri, 30 Jan 2004 08:23:38 -0800

    Hash: SHA1

    I love hearing security people talk about script kiddies. It's the funniest
    thing to see them walking around with their chests pushed out like peacocks,
     as they scoff the silly little kiddy.

    Funny because 99.9 percent of the people using the term so loosely have
    no idea how to *really* find vulnerabilities in systems, compromise,
    gain control, hide their presence, then use it for whatever they want.
    Hell, a significant percent of those "security [engineers/professionals/consultants/researchers]"
    (circle one) have trouble compiling exploits (if they even know where
    to find them in the first place), much less figure out offsets, return
    addresses, etc.. The same exploits those "kiddies" use!! What these people
    don't realize is that the "kiddies" they so affectionately refer to have
    learned this practice by reading comments, headers, and cryptic help
    messages in code and scripts. Not by completely out-of-touch and wickedly
    outdated texts like their CISSP study guides, vendor whitepapers, and
    books by aging whitehat hackers. Irony.

    But like I said, this practice is funny, not annoying. It's funny because
    of the false sense of superiority these people get from referring to
    95%+ of the hacking community as kiddies. It's funny because of how much
    they *really* don't know - and advertise the fact with huge neon signs
    by getting on lists like this and asking for things like SSH exploit
    code so they can "learn how exploits work!" (By the way, to the whitehat
    who was arguing with everyone after getting char grilled flamed for this
    - - if you want to learn how exploits work, there's about 1000 of them
    at www.packetstormsecurity.com.) Funny every time a box on their network
    gets whacked, and they talk about the script kiddy that did it. How ironic
    is that, and what does it say about them? But that's right, it's not
    their fault. Always someone else's, which makes me wonder why any of
    these people have jobs in the first place. I'm glad they can't hear themselves.
    Then they might stop.

    - ---
    "...we have smuggled a word into the dictionary which ought not to be
    there at all--Self-Sacrifice. It describes a thing which does not exist...
    We ignore and never mention the Sole Impulse which dictates and compels
    a man's every act: the imperious necessity of securing his own approval,
     in every emergency and at all costs." - Samuel L. Clemens
    Note: This signature can be verified at https://www.hushtools.com/verify
    Version: Hush 2.3

    -----END PGP SIGNATURE-----

    Concerned about your privacy? Follow this link to get
    FREE encrypted email: https://www.hushmail.com/?l=2

    Free, ultra-private instant messaging with Hush Messenger

    Promote security and make money with the Hushmail Affiliate Program:

    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Michael Meier: "[Full-Disclosure] DIMVA 2004 deadline extended"

    Relevant Pages

    • [Full-Disclosure] RE: [Full-Disclosure]UPX-packed body with ROT13 Script Kiddies
      ... The more I teach security and system administration the more exploits I find ... I love hearing security people talk about script kiddies. ... But like I said, this practice is funny, not annoying. ...
    • [Full-Disclosure] Reply of last "gazpa" e-mail
      ... As it seems in your last posts, you are obsessed with *kiddies* and you ... You must think that there are lots of security rsources: ... that file provides only reporting to a cgi script that is used by our RCS ... a victim that possesses that vulnerability. ...
    • Re: [Full-disclosure] Fwd: Rate Stratfors Incident Response
      ... Most of the kids are skript kiddies, and don't really understand the *defense* ... end of the security business very well. ...
    • Re: I HATE HACKERS!!! OT
      ... Let's not get hackers confused with the script kiddies... ... would have been there for a LONG time collecting as much personal ... He did say that if he couldn't get to the data, he wouldn't bill me ...
    • Re: NASA Security Audit
      ... Some of the kiddies might have missed that. ... > Security Configuration document created for Microsoft by Science ... > I think those .pdf's cover the Microsoft component. ...