| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: offthecuff at lineone.net (Andy Cuff) Subject: Script Kiddies Hi Uncle S I agree, the script kiddie is often foolishly disregarded as a threat. A person with a gun doesn't necessarily need an MSc in ballistics to make him a greater threat, he/she just needs to know how to pull the trigger. -andy Talisker Security Tools Directory http://www.securitywizardry.com ----- Original Message ----- From: "Uncle Scrotora Balzac" <scrotora@...hmail.com> To: <full-disclosure@...ts.netsys.com> Sent: Friday, January 30, 2004 4:23 PM Subject: [Full-Disclosure] Script Kiddies > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > I love hearing security people talk about script kiddies. It's the funniest > thing to see them walking around with their chests pushed out like peacocks, > as they scoff the silly little kiddy. > > Funny because 99.9 percent of the people using the term so loosely have > no idea how to *really* find vulnerabilities in systems, compromise, > gain control, hide their presence, then use it for whatever they want. > Hell, a significant percent of those "security [engineers/professionals/consultants/researchers]" > (circle one) have trouble compiling exploits (if they even know where > to find them in the first place), much less figure out offsets, return > addresses, etc.. The same exploits those "kiddies" use!! What these people > don't realize is that the "kiddies" they so affectionately refer to have > learned this practice by reading comments, headers, and cryptic help > messages in code and scripts. Not by completely out-of-touch and wickedly > outdated texts like their CISSP study guides, vendor whitepapers, and > books by aging whitehat hackers. Irony. > > But like I said, this practice is funny, not annoying. It's funny because > of the false sense of superiority these people get from referring to > 95%+ of the hacking community as kiddies. It's funny because of how much > they *really* don't know - and advertise the fact with huge neon signs > by getting on lists like this and asking for things like SSH exploit > code so they can "learn how exploits work!" (By the way, to the whitehat > who was arguing with everyone after getting char grilled flamed for this > - - if you want to learn how exploits work, there's about 1000 of them > at www.packetstormsecurity.com.) Funny every time a box on their network > gets whacked, and they talk about the script kiddy that did it. How ironic > is that, and what does it say about them? But that's right, it's not > their fault. Always someone else's, which makes me wonder why any of > these people have jobs in the first place. I'm glad they can't hear themselves. > Then they might stop. > > > - --- > "...we have smuggled a word into the dictionary which ought not to be > there at all--Self-Sacrifice. It describes a thing which does not exist... > We ignore and never mention the Sole Impulse which dictates and compels > a man's every act: the imperious necessity of securing his own approval, > in every emergency and at all costs." - Samuel L. Clemens > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Version: Hush 2.3 > > wkYEARECAAYFAkAahQUACgkQpAmIRgfdb/ytTQCfZagWBV6alvBEHpLGKCbQQ3HTvKgA > n1dSi3KEF+5gBwJsD6YT4jx5+XpS > =++DK > -----END PGP SIGNATURE----- > > > > > Concerned about your privacy? Follow this link to get > FREE encrypted email: https://www.hushmail.com/?l=2 > > Free, ultra-private instant messaging with Hush Messenger > https://www.hushmail.com/services.php?subloc=messenger&l=434 > > Promote security and make money with the Hushmail Affiliate Program: > https://www.hushmail.com/about.php?subloc=affiliate&l=427 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists