lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 10 Jan 2012 11:52:27 -0500
From: Jeffrey Walton <noloader@...il.com>
To: Ferenc Kovacs <tyra3l@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Rate Stratfor's Incident Response

On Tue, Jan 10, 2012 at 7:58 AM, Ferenc Kovacs <tyra3l@...il.com> wrote:
> Albeit you didn't addressed to me, but I also called them kiddies, so here
> are my thoughts.
>>
>> Valdis you make me curious - how do you know that most are kids, and
>> script kiddies?
>
> Valdis didn't stated that the majority of the hackers are kids, or script
> kiddies, what he did stated:
>
>>> Perhaps these companies should try to hire the kids owning them instead
>>> of crying to the feds.
>
>> Most of the kids are skript kiddies,
>
> So Laurelai implied that the companies are owned by kids, and Valdis replied
> that those kids are mostly script kiddies.
>>
>> The label 'script kiddies' has been used for over 20
>> years and well, kids do grow old... aren't the script kiddies really
>> "script men" these days?
>
> only if you think that the current kiddies are the exact same people than
> back there.
> imo the vast majority of the kiddies will either mature and/or busted, so
> he/she will give up on the blackhat stuff, and/or grow in skills so he/she
> will be a "real" hacker(in one way, or another).
>>
>> The label "script kiddie" tends to downplay
>> their existence. It has a tone of "strong security officers, men of
>> renown, men with beards" who look down on those petty script kiddies
>> from their high places of arcane knowledge possessed by a mere few.
>
> the term is and always was pejorative/derogatory by definition:
> "A script kiddie or skiddie,[1] occasionally skid, script bunny,[2] script
> kitty,[3] script-running juvenile (SRJ) or similar, is a derogatory term
> used to describe those who use scripts or programs developed by others to
> attack computer systems and networks and deface websites.[4]"
> http://en.wikipedia.org/wiki/Script_Kiddie
>>
>> Isn't it more likely that the people who massively pwned Stratfor are
>> indeed mature and serious?
>
> imo most script kiddies are teens/young adults, and I also think that most
> teens/young adults who are interested in the IT security are only have
> script kiddie skills.
>
> My resons to believe this:
> - learning serious skills take some time, so it is fairly rare to have those
> at such a young age, so most of the young ones usually isn't there yet. of
> course if you have only to master sqlmap and xss-me then it is a different
> story.
> - kids are more likely to take serious risk for the fun or fame only: they
> aren't mature enough to be afraid of the consequences and they don't have an
> existence which they are afraid to lose. on a related note
> see http://www.medicinenet.com/script/main/art.asp?articlekey=51852
>>
>> It's easy to establish that "the lulzboat
>> people" for lack of a better term, are more mature than the
>> technicians at Stratfor will ever be. Better to call them "security
>> kiddies", I can understand that.
>
> in what meaning are you using the word "mature" here?
> they(LulzSec) are/were trolling the industry, they didn't really shown
> anything new, just that the OWASP top10 vulns are still there and even for
> big companies.
> I would be really surprised if it would ever to discovered that the main
> players behind LulzSec ware over 25, or they would have a family to take
> care of.
> even if you could get away with the shit that they put up, a mature person
> wouldn't risk to get busted over what they achieved (fame and fun).
>
> Of course this is only my opinion on the issue, maybe somebody else with
> more experience on the field can come up with a better explanation or
> pointing out the flaws in my logic.
I still remember Steve Gibson and grc.com
(www.crime-research.org/library/grcdos.pdf). He was retaliated upon
for calling folks script kiddies.

Don't piss off a talented adolescent with computer skills.

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ