[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <009f01c3e785$2de69a60$0100a8c0@LANCASTER>
From: offthecuff at lineone.net (Andy Cuff)
Subject: Script Kiddies
Hi Uncle S
I agree, the script kiddie is often foolishly disregarded as a threat. A
person with a gun doesn't necessarily need an MSc in ballistics to make him
a greater threat, he/she just needs to know how to pull the trigger.
-andy
Talisker Security Tools Directory
http://www.securitywizardry.com
----- Original Message -----
From: "Uncle Scrotora Balzac" <scrotora@...hmail.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Friday, January 30, 2004 4:23 PM
Subject: [Full-Disclosure] Script Kiddies
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> I love hearing security people talk about script kiddies. It's the
funniest
> thing to see them walking around with their chests pushed out like
peacocks,
> as they scoff the silly little kiddy.
>
> Funny because 99.9 percent of the people using the term so loosely have
> no idea how to *really* find vulnerabilities in systems, compromise,
> gain control, hide their presence, then use it for whatever they want.
> Hell, a significant percent of those "security
[engineers/professionals/consultants/researchers]"
> (circle one) have trouble compiling exploits (if they even know where
> to find them in the first place), much less figure out offsets, return
> addresses, etc.. The same exploits those "kiddies" use!! What these people
> don't realize is that the "kiddies" they so affectionately refer to have
> learned this practice by reading comments, headers, and cryptic help
> messages in code and scripts. Not by completely out-of-touch and wickedly
> outdated texts like their CISSP study guides, vendor whitepapers, and
> books by aging whitehat hackers. Irony.
>
> But like I said, this practice is funny, not annoying. It's funny because
> of the false sense of superiority these people get from referring to
> 95%+ of the hacking community as kiddies. It's funny because of how much
> they *really* don't know - and advertise the fact with huge neon signs
> by getting on lists like this and asking for things like SSH exploit
> code so they can "learn how exploits work!" (By the way, to the whitehat
> who was arguing with everyone after getting char grilled flamed for this
> - - if you want to learn how exploits work, there's about 1000 of them
> at www.packetstormsecurity.com.) Funny every time a box on their network
> gets whacked, and they talk about the script kiddy that did it. How ironic
> is that, and what does it say about them? But that's right, it's not
> their fault. Always someone else's, which makes me wonder why any of
> these people have jobs in the first place. I'm glad they can't hear
themselves.
> Then they might stop.
>
>
> - ---
> "...we have smuggled a word into the dictionary which ought not to be
> there at all--Self-Sacrifice. It describes a thing which does not exist...
> We ignore and never mention the Sole Impulse which dictates and compels
> a man's every act: the imperious necessity of securing his own approval,
> in every emergency and at all costs." - Samuel L. Clemens
> -----BEGIN PGP SIGNATURE-----
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 2.3
>
> wkYEARECAAYFAkAahQUACgkQpAmIRgfdb/ytTQCfZagWBV6alvBEHpLGKCbQQ3HTvKgA
> n1dSi3KEF+5gBwJsD6YT4jx5+XpS
> =++DK
> -----END PGP SIGNATURE-----
>
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Free, ultra-private instant messaging with Hush Messenger
> https://www.hushmail.com/services.php?subloc=messenger&l=434
>
> Promote security and make money with the Hushmail Affiliate Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists