[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <67ea64530710030422s1ae1ca88p99398dc842397f7b@mail.gmail.com>
Date: Wed, 3 Oct 2007 12:22:59 +0100
From: "worried security" <worriedsecurity@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: The real motivations of vulnerability
disclosure
new-bie - hangs around web based chat: yahoo chat, msn chat. watches what
hackers are doing, hangs about with them to befriend them and gain
intelligence on how they hack, and ask for the tools from the people who
make them to hack a few yahoo or msn accounts for themselves. while this
isn't true hacker, its the beginning of a career of electronic hacking.
kool-bie - has made friends with hackers who make the tools, has gained
their trust and is welcomed into the real hacker social circles that the
newbie wasn't socially accepted into as a newbie. koolbies are poked and
probed and groomed, as in, if an insect is in your furr, then the real
hackers will tell you and remove the pest irritating their skin. koolbie is
given beta releases of the hackers tools before the newbie "general public".
curious-bie - the curiousbie,now bored with what the new-bie and kool-bie
scene had on offer, starts wanting to dismantle, the tools they've been
using. the curiousbie starts wanting to have the popularity, respect and
chicks the real-bies have in the scene. the real-bie will discover a hex
editor and start exploring the real world of infosec, may start discovering
new things by typing catchphrases into search engines, and finding security
news articles interesting. starts finding mailing lists to do with real
vulnerabilies.
real-bie - the real hacker, has finally been reading mailing lists and news
articles for a while, starts thinking about linux distros, joining internet
relay chat, joining real discussion about technical emphasis of
vulnerabilities, wants to start hacking.
true-bie - has sucessfully penetrated an online application, maybe e-mail,
gathers intelligence, gets interested in forming views of government and
other people who are active members of mailing lists. at this point the
industry discovers the person, the true-bie becomes vocal on online
communities such as lists, social media sites, and news feedback forums.
student-bie - has formed strong views and believes he is right, now wants to
make money in a career of information security. goes to collage to become
professional. hides hacking background from student peers, feels guilty
about being part of the underground, keeps it secret.
pro-bie - graduates from university, expects a full pay and a successful
life, ends up just working in the local supermarket, this person is highly
skilled hacker with knowledge of ethical stardards. doesn't get the job the
course advertised the student would get, gets frustrated about life, feels
lost and cheated, starts acting as a security professional online anyway, to
live the dream they never got, even though they put the sweat and tears into
achieving their university degree. at this point the government becomes
concerned, pro-bie sets up websites, with professional text, claming to be a
research group, or company that'll protect companies. the pro-bie will
release real vulnerabilities to mailing lists and will get attention
headlines from security journalists.
job-bie - has, through exposure of releasing vulnerabilities and getting
talked about in news articles, is offered a job at a real vendor company.
the job-bie has managed to get the job and pay the pro-bie wanted, although
admittedly, the university years ended up being a waste of time in reality.
mature-bie - has been in known named company for a while, is known as an
expert. older and more wiser, the mature-bie may start a blog, and commentry
made by the mature-bie is often seen in quotes in news articles, commenting
on security incidents and other security related current affairs. the
mature-bie is respected member of the security community, the goal of
everyones life in the industry, the mature-bie is looked on by government,
and the government actually listen to what the mature-bie says on his blog,
and quotes seen in news articles. mature-bie may be invited to
vendor-security conferences, and government meetings, and the mature-bie may
be approached by telecom companies to consult and help develop new cutting
edge technologies and initiatives.
n3td3v
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists