Re: [Full-Disclosure] Script Kiddies

From: Andy Cuff (offthecuff_at_lineone.net)
Date: 01/31/04

  • Next message: Papp Geza: "Re[2]: [Full-Disclosure] MyDoom download info" 
    To: <full-disclosure@lists.netsys.com>, "Uncle Scrotora Balzac" <scrotora@hushmail.com>
Date: Fri, 30 Jan 2004 23:02:45 -0000

    Hi Uncle S
    I agree, the script kiddie is often foolishly disregarded as a threat. A
    person with a gun doesn't necessarily need an MSc in ballistics to make him
    a greater threat, he/she just needs to know how to pull the trigger.

    -andy
    Talisker Security Tools Directory
    http://www.securitywizardry.com
    ----- Original Message -----
    From: "Uncle Scrotora Balzac" <scrotora@hushmail.com>
    To: <full-disclosure@lists.netsys.com>
    Sent: Friday, January 30, 2004 4:23 PM
    Subject: [Full-Disclosure] Script Kiddies

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    >
    > I love hearing security people talk about script kiddies. It's the
    funniest
    > thing to see them walking around with their chests pushed out like
    peacocks,
    > as they scoff the silly little kiddy.
    >
    > Funny because 99.9 percent of the people using the term so loosely have
    > no idea how to *really* find vulnerabilities in systems, compromise,
    > gain control, hide their presence, then use it for whatever they want.
    > Hell, a significant percent of those "security
    [engineers/professionals/consultants/researchers]"
    > (circle one) have trouble compiling exploits (if they even know where
    > to find them in the first place), much less figure out offsets, return
    > addresses, etc.. The same exploits those "kiddies" use!! What these people
    > don't realize is that the "kiddies" they so affectionately refer to have
    > learned this practice by reading comments, headers, and cryptic help
    > messages in code and scripts. Not by completely out-of-touch and wickedly
    > outdated texts like their CISSP study guides, vendor whitepapers, and
    > books by aging whitehat hackers. Irony.
    >
    > But like I said, this practice is funny, not annoying. It's funny because
    > of the false sense of superiority these people get from referring to
    > 95%+ of the hacking community as kiddies. It's funny because of how much
    > they *really* don't know - and advertise the fact with huge neon signs
    > by getting on lists like this and asking for things like SSH exploit
    > code so they can "learn how exploits work!" (By the way, to the whitehat
    > who was arguing with everyone after getting char grilled flamed for this
    > - - if you want to learn how exploits work, there's about 1000 of them
    > at www.packetstormsecurity.com.) Funny every time a box on their network
    > gets whacked, and they talk about the script kiddy that did it. How ironic
    > is that, and what does it say about them? But that's right, it's not
    > their fault. Always someone else's, which makes me wonder why any of
    > these people have jobs in the first place. I'm glad they can't hear
    themselves.
    > Then they might stop.
    >
    >
    > - ---
    > "...we have smuggled a word into the dictionary which ought not to be
    > there at all--Self-Sacrifice. It describes a thing which does not exist...
    > We ignore and never mention the Sole Impulse which dictates and compels
    > a man's every act: the imperious necessity of securing his own approval,
    > in every emergency and at all costs." - Samuel L. Clemens
    > -----BEGIN PGP SIGNATURE-----
    > Note: This signature can be verified at https://www.hushtools.com/verify
    > Version: Hush 2.3
    >
    > wkYEARECAAYFAkAahQUACgkQpAmIRgfdb/ytTQCfZagWBV6alvBEHpLGKCbQQ3HTvKgA
    > n1dSi3KEF+5gBwJsD6YT4jx5+XpS
    > =++DK
    > -----END PGP SIGNATURE-----
    >
    >
    >
    >
    > Concerned about your privacy? Follow this link to get
    > FREE encrypted email: https://www.hushmail.com/?l=2
    >
    > Free, ultra-private instant messaging with Hush Messenger
    > https://www.hushmail.com/services.php?subloc=messenger&l=434
    >
    > Promote security and make money with the Hushmail Affiliate Program:
    > https://www.hushmail.com/about.php?subloc=affiliate&l=427
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Papp Geza: "Re[2]: [Full-Disclosure] MyDoom download info"
    • Quantcast