Re: Fwd: Rate Stratfor's Incident Response

[Ferenc Kovacs <tyra3l () gmail com>]

Albeit you didn't addressed to me, but I also called them kiddies, so here
are my thoughts.


> Valdis you make me curious - how do you know that most are kids, and
> script kiddies?


Valdis didn't stated that the majority of the hackers are kids, or script
kiddies, what he did stated:

> > Perhaps these companies should try to hire the kids owning them instead
> > of crying to the feds.

> Most of the kids are skript kiddies,

So Laurelai implied that the companies are owned by kids, and Valdis
replied that those kids are mostly script kiddies.



> The label 'script kiddies' has been used for over 20
> years and well, kids do grow old... aren't the script kiddies really
> "script men" these days?


only if you think that the current kiddies are the exact same people than
back there.
imo the vast majority of the kiddies will either mature and/or busted, so
he/she will give up on the blackhat stuff, and/or grow in skills so he/she
will be a "real" hacker(in one way, or another).


> The label "script kiddie" tends to downplay
> their existence. It has a tone of "strong security officers, men of
> renown, men with beards" who look down on those petty script kiddies
> from their high places of arcane knowledge possessed by a mere few.

the term is and always was pejorative/derogatory by definition:
"A script kiddie or skiddie,[1] occasionally skid, script bunny,[2] script
kitty,[3] script-running juvenile (SRJ) or similar, is a derogatory term
used to describe those who use scripts or programs developed by others to
attack computer systems and networks and deface websites.[4]"
http://en.wikipedia.org/wiki/Script_Kiddie


> Isn't it more likely that the people who massively pwned Stratfor are
> indeed mature and serious?


imo most script kiddies are teens/young adults, and I also think that most
teens/young adults who are interested in the IT security are only have
script kiddie skills.

My resons to believe this:
- learning serious skills take some time, so it is fairly rare to have
those at such a young age, so most of the young ones usually isn't there
yet. of course if you have only to master sqlmap and xss-me then it is a
different story.
- kids are more likely to take serious risk for the fun or fame only: they
aren't mature enough to be afraid of the consequences and they don't have
an existence which they are afraid to lose. on a related note see
http://www.medicinenet.com/script/main/art.asp?articlekey=51852



> It's easy to establish that "the lulzboat
> people" for lack of a better term, are more mature than the
> technicians at Stratfor will ever be. Better to call them "security
> kiddies", I can understand that.

in what meaning are you using the word "mature" here?
they(LulzSec) are/were trolling the industry, they didn't really shown
anything new, just that the OWASP top10 vulns are still there and even for
big companies.
I would be really surprised if it would ever to discovered that the main
players behind LulzSec ware over 25, or they would have a family to take
care of.
even if you could get away with the shit that they put up, a mature person
wouldn't risk to get busted over what they achieved (fame and fun).

Of course this is only my opinion on the issue, maybe somebody else with
more experience on the field can come up with a better explanation or
pointing out the flaws in my logic.


-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/