lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: hmason at dbsinet.com (henry j. mason)
Subject: OT: An odd question that has arrisen within
 my household

	i agree with your assessment, basically, but:

	you say these 'uber-hackers' don't believe in full-
	disclosure, but you say they use it to learn? or,
	without full-disclosure (or any disclosure at all)
	they would learn anyway? care to posit some theories
	as to how?

	these people have tons of free time, yet a lot going
	on socially? i find those two mutually exclusive,
	unless you don't have a job, and job-less twenty-
	somethings are hardly the most motivated of people.

	i do grant you that there is a very small quiet minority
	of very skilled hackers. but they aren't t13r anything
	because they just do it because they have to, not for
	l33t recognition.

	henry
	

Joshua Levitsky wrote:

> I would add a tier before Tier I that would be hackers that do not 
> believe in full disclosure, do not share exploits outside their close 
> knit circle of friends, do not support "the man". A lot of these guys 
> are better than "The best of the best", but nobody knows because they 
> don't make themselves public. Maybe you could call it "T13r Z3r0" :) 
> Seriously... there are people out there that have tons of free time to 
> learn, and possibly monitor lists like this, and laugh at the silly 
> people that disclose vulnerabilities and share information. They aren't 
> necessarily out doing damage. They just don't play with strangers 
> because they choose not to. Some of these people are damn cool. Some are 
> just anti-social, but that really isn't the norm so far as I can tell. 
> Of the people I've ever met they seem to have personalities, and usually 
> have more going on than I do socially. If you met them you wouldn't 
> think "hacker" or even know they are in to computers.
> 
> I dunno... just my observations here in New York City. Perhaps it's 
> different elsewhere.
> 
> -Josh
> 
> 
> On Oct 13, 2003, at 1:02 AM, Joel R. Helgeson wrote:
> 
>> Tier I
>> - The best of the best
>> - Ability to find new vulnerabilities
>> - Ability to write exploit code and tools
>>
>> Tier II
>> - IT savvy
>> - Ability to program or script
>> - Understand wht the vulnerability is and how it works
>> - Intelligent enough to use the exploit code and tools with precision
>>
>> Tier III
>> - "Script Kiddies"
>> - Inexpert
>> - Ability to download exploit code and tools
>> - Very little understanding of the actual vulnerability (launching Linux
>> attacks against MS boxes)
>> - Randomly fire off scripts until something works
> 
> 
> -- 
> Joshua Levitsky, CISSP, MCSE
> System Engineer
> AOL Time Warner
> [5957 F27C 9C71 E9A7 274A  0447 C9B9 75A4 9B41 D4D1]
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ