Re: [Full-Disclosure] Script Kiddies

From: mike king (ngiles_at_hushmail.com)
Date: 01/30/04

  • Next message: Marko Rogge | German-Secure: "AW: [Full-Disclosure] Vulnerability ZoneAlarm Pro 4.5.532.000" 
    To: full-disclosure@lists.netsys.com, scrotora@hushmail.com
Date: Fri, 30 Jan 2004 11:06:31 -0800

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I typically don’t respond to posts, but I will say that you basically
    hit the nail on the head security has and is starting to become the next
    level of mcse's. I don’t proclaim to be any sort of hacker although I
    am lumped into this category by the nature of my job. I help secure networks
    and make it so people can do their jobs in the online world.

    just an avg guy

    On Fri, 30 Jan 2004 08:23:38 -0800 Uncle Scrotora Balzac <scrotora@hushmail.com>
    wrote:
    >
    >I love hearing security people talk about script kiddies. It's the
    >funniest
    >thing to see them walking around with their chests pushed out like
    >peacocks,
    > as they scoff the silly little kiddy.
    >
    >Funny because 99.9 percent of the people using the term so loosely
    >have
    >no idea how to *really* find vulnerabilities in systems, compromise,

    >>
    >gain control, hide their presence, then use it for whatever they
    >want.
    >Hell, a significant percent of those "security [engineers/professionals/consultants/researchers]"
    >(circle one) have trouble compiling exploits (if they even know
    >where
    >to find them in the first place), much less figure out offsets,
    >return
    >addresses, etc.. The same exploits those "kiddies" use!! What these
    >people
    >don't realize is that the "kiddies" they so affectionately refer
    >to have
    >learned this practice by reading comments, headers, and cryptic
    >help
    >messages in code and scripts. Not by completely out-of-touch and
    >wickedly
    >outdated texts like their CISSP study guides, vendor whitepapers,
    > and
    >books by aging whitehat hackers. Irony.
    >
    >But like I said, this practice is funny, not annoying. It's funny
    >because
    >of the false sense of superiority these people get from referring
    >to
    >95%+ of the hacking community as kiddies. It's funny because of
    >how much
    >they *really* don't know - and advertise the fact with huge neon
    >signs
    >by getting on lists like this and asking for things like SSH exploit
    >code so they can "learn how exploits work!" (By the way, to the
    >whitehat
    >who was arguing with everyone after getting char grilled flamed
    >for this
    >- - if you want to learn how exploits work, there's about 1000 of
    >them
    >at www.packetstormsecurity.com.) Funny every time a box on their
    >network
    >gets whacked, and they talk about the script kiddy that did it.
    >How ironic
    >is that, and what does it say about them? But that's right, it's
    >not
    >their fault. Always someone else's, which makes me wonder why any
    >of
    >these people have jobs in the first place. I'm glad they can't hear
    >themselves.
    >Then they might stop.
    >
    >
    >- ---
    >"...we have smuggled a word into the dictionary which ought not
    >to be
    >there at all--Self-Sacrifice. It describes a thing which does not
    >exist...
    >We ignore and never mention the Sole Impulse which dictates and
    >compels
    >a man's every act: the imperious necessity of securing his own approval,

    >>
    > in every emergency and at all costs." - Samuel L. Clemens
    >
    -----BEGIN PGP SIGNATURE-----
    Note: This signature can be verified at https://www.hushtools.com/verify
    Version: Hush 2.3

    wkYEARECAAYFAkAaqn8ACgkQUjm7xSZSd8E4KACgj0kVB0gtE4vRzGyzC2UxVfpK9swA
    n2duTmAfFlvfDxNwjkHBjiMAiV6Z
    =9ZJk
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Marko Rogge | German-Secure: "AW: [Full-Disclosure] Vulnerability ZoneAlarm Pro 4.5.532.000"