lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: democowx86 at hotmail.com (democow the happy cow)
Subject: the cow responds..

>From the desk of the honorable democow


in response to my comment on methods of backhat/whitehat hackers silvo made 
note of scriptkiddes and ?trained? infosec  people and how they are 
different in their methods.
i  wholeheartedly disagree on this point.

script kiddies scan networks for vulns, so do whitehats
script kiddies exploit the target where it is most vulnerable
script kiddies cause an financial loss so to white hats(they charge a hellof 
allot for what they do when it is not needed)
scriptkiddes use premade exploits they may or may not know how they work. 
whitehats(by looking at the iss ethical hacking student guide) use premade 
exploits they may or may not know how they function

also.. the term script kiddies as silvo stated. ?A person who h4ckz into 
systems using the tools written by other people, without knowing how they 
work.? i also find this false. this statement may have been valid 5 years 
ago, but with the dawn of the whitehat age. a script kiddie can easily just 
go and pick up a text and learn allot quicker then most of you whitehats 
would want to think. they might have been kids a while ago, but they have 
grown up IMO. lets not forget that writing code to exploit 90% of vulns out 
there is not that hard of a task, most of it is very basic computer 
science.. in face i think that script kiddies are better armed then most 
whitehats want to think they after all have allot more time to discover new 
vulns to attack you with.

i would just like to add that, i think a good sysadmin is allot better at 
preventing an attacker then a doofus whitehat.. and i think the allot of the 
security industry can be stomped cold by a small addition to many IT 
courses...but today they do focus allot more on security in most classes 
so.. ;p
one more reason why the age of the whitehat will come to an end almost as 
soon as it has arrived.. i am not saying that there will be no infosec 
industry, i am just saying it will have to reinvent itself or suffer the 
fate of coke2(but then for any capitalist society to exist it must 
constantly reinvent itself.. al-la karl marx).

next silvo stated.."In any case, you know how much revenue advisories churn 
out for
a company?  Rather ALOT actually.. how much do vuln researchers make?
not THAT much in comparison?

i assume you mean vuln alert.. if not i will want to make my point on this 
issue, it may seem redundant but to get your point across you have to make 
it clear..

there are many different arguments in the black hat\whitehat battle.. but 
this is one that i think everyone will agree with. and that is how the 
infosec industry rapes the regular joe-six-pack computer hacker. lets think 
about what happens when an advasory is sent out from a whitehat org
if you want to look at this from an extreme POV you can look at how eeye 
released exploits for iis(that would be better for my old script kiddie 
argument).. but for now any old vuln alert will do..

i would like to go into much more detail.. but i have spent 5mins writing 
this.. and i want to go to sleep.. i do have a life after all

anyways.. to take an old saying ?every time a vuln alert is sent a script 
kiddie get his\her weapon?
i am sure i will talk about this more until then. be happy, have fun, stay 
safe


-love
Democow: the happy cow
?meat is murder, did you know 60million democows a year are killed just to 
feed arrogant humans with a taste for high class beef?

-CALL TO ARMS TO ALL BLACKHATS... MAKE YOUR OPPOSITION  TO THE INFO-SEC-IND 
KNOWN POST YOUR OPINIONS WHERE EVER YOU CAN, POST WHAT YOU THINK ON THIS AND 
ALL OTHER MAILING LISTS, IRC ROOMS, AND WEBSITES.. STOP FEEDING THEM..LET 
THEM STARVE-






_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail


Powered by blists - more mailing lists