lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200401301623.i0UGNdMW042667@mailserver1.hushmail.com>
From: scrotora at hushmail.com (Uncle Scrotora Balzac)
Subject: Script Kiddies

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I love hearing security people talk about script kiddies. It's the funniest
thing to see them walking around with their chests pushed out like peacocks,
 as they scoff the silly little kiddy.

Funny because 99.9 percent of the people using the term so loosely have
no idea how to *really* find vulnerabilities in systems, compromise,
gain control, hide their presence, then use it for whatever they want.
Hell, a significant percent of those "security [engineers/professionals/consultants/researchers]"
(circle one) have trouble compiling exploits (if they even know where
to find them in the first place), much less figure out offsets, return
addresses, etc.. The same exploits those "kiddies" use!! What these people
don't realize is that the "kiddies" they so affectionately refer to have
learned this practice by reading comments, headers, and cryptic help
messages in code and scripts. Not by completely out-of-touch and wickedly
outdated texts like their CISSP study guides, vendor whitepapers, and
books by aging whitehat hackers. Irony.

But like I said, this practice is funny, not annoying. It's funny because
of the false sense of superiority these people get from referring to
95%+ of the hacking community as kiddies. It's funny because of how much
they *really* don't know - and advertise the fact with huge neon signs
by getting on lists like this and asking for things like SSH exploit
code so they can "learn how exploits work!" (By the way, to the whitehat
who was arguing with everyone after getting char grilled flamed for this
- - if you want to learn how exploits work, there's about 1000 of them
at www.packetstormsecurity.com.) Funny every time a box on their network
gets whacked, and they talk about the script kiddy that did it. How ironic
is that, and what does it say about them? But that's right, it's not
their fault. Always someone else's, which makes me wonder why any of
these people have jobs in the first place. I'm glad they can't hear themselves.
Then they might stop.


- ---
"...we have smuggled a word into the dictionary which ought not to be
there at all--Self-Sacrifice. It describes a thing which does not exist...
We ignore and never mention the Sole Impulse which dictates and compels
a man's every act: the imperious necessity of securing his own approval,
 in every emergency and at all costs." - Samuel L. Clemens
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAkAahQUACgkQpAmIRgfdb/ytTQCfZagWBV6alvBEHpLGKCbQQ3HTvKgA
n1dSi3KEF+5gBwJsD6YT4jx5+XpS
=++DK
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ