Full Disclosure mailing list archives
Re: Fwd: Rate Stratfor's Incident Response
From: Ferenc Kovacs <tyra3l () gmail com>
Date: Tue, 10 Jan 2012 13:58:21 +0100
Albeit you didn't addressed to me, but I also called them kiddies, so here are my thoughts.
Valdis you make me curious - how do you know that most are kids, and script kiddies?
Valdis didn't stated that the majority of the hackers are kids, or script kiddies, what he did stated:
Perhaps these companies should try to hire the kids owning them instead of crying to the feds.
Most of the kids are skript kiddies,
So Laurelai implied that the companies are owned by kids, and Valdis replied that those kids are mostly script kiddies.
The label 'script kiddies' has been used for over 20 years and well, kids do grow old... aren't the script kiddies really "script men" these days?
only if you think that the current kiddies are the exact same people than back there. imo the vast majority of the kiddies will either mature and/or busted, so he/she will give up on the blackhat stuff, and/or grow in skills so he/she will be a "real" hacker(in one way, or another).
The label "script kiddie" tends to downplay their existence. It has a tone of "strong security officers, men of renown, men with beards" who look down on those petty script kiddies from their high places of arcane knowledge possessed by a mere few.
the term is and always was pejorative/derogatory by definition: "A script kiddie or skiddie,[1] occasionally skid, script bunny,[2] script kitty,[3] script-running juvenile (SRJ) or similar, is a derogatory term used to describe those who use scripts or programs developed by others to attack computer systems and networks and deface websites.[4]" http://en.wikipedia.org/wiki/Script_Kiddie
Isn't it more likely that the people who massively pwned Stratfor are indeed mature and serious?
imo most script kiddies are teens/young adults, and I also think that most teens/young adults who are interested in the IT security are only have script kiddie skills. My resons to believe this: - learning serious skills take some time, so it is fairly rare to have those at such a young age, so most of the young ones usually isn't there yet. of course if you have only to master sqlmap and xss-me then it is a different story. - kids are more likely to take serious risk for the fun or fame only: they aren't mature enough to be afraid of the consequences and they don't have an existence which they are afraid to lose. on a related note see http://www.medicinenet.com/script/main/art.asp?articlekey=51852
It's easy to establish that "the lulzboat people" for lack of a better term, are more mature than the technicians at Stratfor will ever be. Better to call them "security kiddies", I can understand that.
in what meaning are you using the word "mature" here? they(LulzSec) are/were trolling the industry, they didn't really shown anything new, just that the OWASP top10 vulns are still there and even for big companies. I would be really surprised if it would ever to discovered that the main players behind LulzSec ware over 25, or they would have a family to take care of. even if you could get away with the shit that they put up, a mature person wouldn't risk to get busted over what they achieved (fame and fun). Of course this is only my opinion on the issue, maybe somebody else with more experience on the field can come up with a better explanation or pointing out the flaws in my logic. -- Ferenc Kovács @Tyr43l - http://tyrael.hu
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Fwd: Rate Stratfor's Incident Response, (continued)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Bob Dobbs (Jan 09)
- Re: Fwd: Rate Stratfor's Incident Response Paul Schmehl (Jan 09)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response gold flake (Jan 09)
- Message not available
- Message not available
- Re: Fwd: Rate Stratfor's Incident Response Ian Hayes (Jan 08)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Dave (Jan 08)
- Re: Fwd: Rate Stratfor's Incident Response J. von Balzac (Jan 09)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 09)
- Re: Fwd: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Jeffrey Walton (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Byron Sonne (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 10)
- Message not available
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Kyle Creyts (Jan 11)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response James Smith (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 11)