| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3F8AAA85.4070802@dbsinet.com> From: hmason at dbsinet.com (henry j. mason) Subject: OT: An odd question that has arrisen within my household i agree with your assessment, basically, but: you say these 'uber-hackers' don't believe in full- disclosure, but you say they use it to learn? or, without full-disclosure (or any disclosure at all) they would learn anyway? care to posit some theories as to how? these people have tons of free time, yet a lot going on socially? i find those two mutually exclusive, unless you don't have a job, and job-less twenty- somethings are hardly the most motivated of people. i do grant you that there is a very small quiet minority of very skilled hackers. but they aren't t13r anything because they just do it because they have to, not for l33t recognition. henry Joshua Levitsky wrote: > I would add a tier before Tier I that would be hackers that do not > believe in full disclosure, do not share exploits outside their close > knit circle of friends, do not support "the man". A lot of these guys > are better than "The best of the best", but nobody knows because they > don't make themselves public. Maybe you could call it "T13r Z3r0" :) > Seriously... there are people out there that have tons of free time to > learn, and possibly monitor lists like this, and laugh at the silly > people that disclose vulnerabilities and share information. They aren't > necessarily out doing damage. They just don't play with strangers > because they choose not to. Some of these people are damn cool. Some are > just anti-social, but that really isn't the norm so far as I can tell. > Of the people I've ever met they seem to have personalities, and usually > have more going on than I do socially. If you met them you wouldn't > think "hacker" or even know they are in to computers. > > I dunno... just my observations here in New York City. Perhaps it's > different elsewhere. > > -Josh > > > On Oct 13, 2003, at 1:02 AM, Joel R. Helgeson wrote: > >> Tier I >> - The best of the best >> - Ability to find new vulnerabilities >> - Ability to write exploit code and tools >> >> Tier II >> - IT savvy >> - Ability to program or script >> - Understand wht the vulnerability is and how it works >> - Intelligent enough to use the exploit code and tools with precision >> >> Tier III >> - "Script Kiddies" >> - Inexpert >> - Ability to download exploit code and tools >> - Very little understanding of the actual vulnerability (launching Linux >> attacks against MS boxes) >> - Randomly fire off scripts until something works > > > -- > Joshua Levitsky, CISSP, MCSE > System Engineer > AOL Time Warner > [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists