Re: New member asking question...

[n3td3v <xploitable () gmail com>]

On 6/30/06, Reynolds, Joseph R <Joseph.R.Reynolds () erac com> wrote:
> Question for everyone on the board?
>
> I have been reading the posts over the past few weeks, and am wondering
> how the heck you guy discover these vulnerabilities.  Granted, I am
> still very new to the IS world, but I cannot begin to understand how you
> discover weaknesses.  After reading these posts, the explanation always
> makes since, but are you guys actively seeking weaknesses, or just
> happen to come across them?
>
> Also, are there any good "Hacking" books that I could read?  I have had
> a Hackers Tool and Techniques class at school, but all of the programs
> are very outdated, like l0phtcrack, JTR, ethereal or wireshark, and
> such.  I am looking to actually enter systems or find ways to enter
> systems and understand the weakness that allows it so I can avoid it
> later.
>
> Thanks everyone.
>
>
> Joseph K. Reynolds
> Systems Support Analyst - Intermediate
> Enterprise Rent-A-Car
> Email JR Reynolds
> 314-512-2370
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Two kinds of hackers:

1. Homemade hackers, typically loners with social problems who spend
their time infront of computers to feed their social stimulation via
the international wide area network. They have so much free time that
they've learned how to hack on their own steam. Because of the lack of
social background, advanced users in this group, have the time to
discover and research ground breaking security and penetration
techniques of major vendors, with a real threat to the single mom and
retired couple commmity, as well as a threat to corporate and
government interests.

2. The guy who went to high school past grades, have friends, socail
circles, go out and live a great life.

They all of a sudden decide they want to goto university, they goto a
computer science course dedicated to ethical hacking, where they learn
the in's and out's of hacking corporate infrastructure. They often
post to the internet on college computers, showing off skills they've
just recently learnt by the lecturer, (Matthew Murphy, *cough*) and
get full media coverage by all the major security outlets (*cough*
Robert Lemos). This is of course a great mis justice to the real
people who dedicate their entire social and educational life to the
subject as noted in example 1.

Additionally - Theres always going to be a balance between home made
hackers (example 1) and manufactured hackers (example 2).

Finally - The very fact you've asked the question you've stated leads
me to believe you fall into example 2, as someone who falls into
example 2 would never post this kind of message to the international
WAN security community, respectively.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/