Full Disclosure mailing list archives
Re: Fwd: Rate Stratfor's Incident Response
From: "J. von Balzac" <jhm.balzac () gmail com>
Date: Mon, 9 Jan 2012 20:00:11 +0100
Most of the kids are skript kiddies, and don't really understand the *defense* end of the security business very well. Sure, some may be better than skript kiddies, and may be *incredible* at finding a memory overlay or an SQL injection, but do they know how to *secure* against *everything*? Does that kid know anything about "continuity of operations"? How to negotiate with network providers to guarantee diverse cable paths? How to set up proper audit trails so they can figure out what happened after the fact? How to deal with physical security issues (how do you know the guy at the door works for Oracle, and who empties your trash?) How to deal with a subpoena or a "hold evidence" order? How to secure systems against insider threats and embezzlement (still a big problem, even if hackers get more news time)? How to ensure proper backups get done (this can be very non-trivial if you have multiple petabytes of storage, and need to do point-in-time recoveries)? How to do all the other things involved in actually making a data processing facility *secure*?
Warning: my message is about semantics. Valdis you make me curious - how do you know that most are kids, and script kiddies? The label 'script kiddies' has been used for over 20 years and well, kids do grow old... aren't the script kiddies really "script men" these days? The label "script kiddie" tends to downplay their existence. It has a tone of "strong security officers, men of renown, men with beards" who look down on those petty script kiddies from their high places of arcane knowledge possessed by a mere few. Isn't it more likely that the people who massively pwned Stratfor are indeed mature and serious? It's easy to establish that "the lulzboat people" for lack of a better term, are more mature than the technicians at Stratfor will ever be. Better to call them "security kiddies", I can understand that. Of course it's common to refer to script kiddies in mailing lists and to tech savvy people. As I'm not a pro I wonder if you guys (the professional pen testers) refer to these people as script kiddies when you talk with your clients. Maybe 'penners' would be a better word, because even the word 'hacker' is too broad. I can't stand it when 'laymen' refer to 'hackers' on every occasion. Jan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Fwd: Rate Stratfor's Incident Response, (continued)
- Re: Fwd: Rate Stratfor's Incident Response Jeffrey Walton (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Bob Dobbs (Jan 09)
- Re: Fwd: Rate Stratfor's Incident Response Paul Schmehl (Jan 09)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response gold flake (Jan 09)
- Message not available
- Message not available
- Re: Fwd: Rate Stratfor's Incident Response Ian Hayes (Jan 08)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Dave (Jan 08)
- Re: Fwd: Rate Stratfor's Incident Response J. von Balzac (Jan 09)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 09)
- Re: Fwd: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Jeffrey Walton (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Byron Sonne (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 10)
- Message not available
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Kyle Creyts (Jan 11)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response James Smith (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 10)