A PHC PRODUCTION: THE REAL SCRIPTKIDDIES

[full-disclosure () lists netsys com (full-disclosure () lists netsys com)]

Opps... My bad  It was Ira and it was Defcon 5

Ira Winkler - Author of Corporate Espionage - Ira contends that there is so much lameness among hackers that even an 
eliteness of 10% would be amazing. Take his Lamer Test and see if you pass!  


There appears to be real audio of it... thats about it.  But basically he listed several points such as "How many are 
versed in this or that" And actually used the "Can make their own exploit from an advisory" marker as a benchmark.  
Which I happen to agree with.


Read on...
> > 2.  The only reason they are upset with security professionals
>
> > in particular is that like they said "THE SECURITY INDUSTRY DE
> MOLISHED OUR WORLD."  Meaning we are obviously doing our job if we have pissed them off this much LOL :-).  
> >
>
> Did you happen to miss the word "corrupt" in my sentence? You p
> rofit off the gullability of others and the alleged infallibility of your products and services. So when your Nessus 
> scan or scriptkid audit gives them the all-clear, what reassurances do they have that the people out there who are 
> actually skilled, unlike yourself, can't break into their system? You invent all kinds of snake oil. You're not doing 
> your job at all -- the underground is annoyed by the amount of cash you idiots make, not because you're actually 
> making us lose root anywhere. 

First off... you have no idea what it is that *I* do.  Generalizations only help to cloud the issues that you stand for.

Personaly I profit off of corporate america.  I mean where else can you get someone to pay you 100k a year to have fun? 
 You want to see a hack?  Try hacking corporate america.  Thats what I did.   Now *they* might profit off of gullible 
people.  But hey... isnt that what blackhats do too.. profit in fun and power off of people gullible enough to trust 
software for our day to day lives?  Hell you use the gullibility of all of humanity. 

And I dont spend my time with pen-test projects anymore... I know how low of a standard there is in the industry.  Back 
in the days before the secfocus DB which did wonders for the leech community, I did pen-testing.  And after that I did 
for a while as well, until I got bored and tired of the lack of creativity involved en masse.  

These days I spend my time designing and developing defense systems that are non-signature specific.  Its much more fun 
and makes for good karma :-)

But let me restate... I think we need people like you to keep people like me in business :-)  Keep on keepin on. And 
thanks for the effort.

Don't you just love Apathy?  


"There is no good or evil, only to he who thinks it so"
-Chaos_Magician




Get your free encrypted email at https://www.hushmail.com