Penetration Testing mailing list archives
Re: Professional Scrpt Kiddies vs Real Talent
From: Vikram Dhillon <dhillonv10 () gmail com>
Date: Mon, 8 Mar 2010 20:42:56 -0500
On Thu, Mar 04, 2010 at 09:08:40PM -0500, Adriel Desautels wrote:
The Good Guys in the security world are no different from the Bad Guys; most of them are nothing more than glorified Script Kiddies. The fact of the matter is that if you took all of the self-proclaimed hackers in the world and you subjected them to a litmus test, very few would pass as actual hackers. This is true for both sides of the proverbial Black and White hat coin. In the Black Hat world, you have script-kids who download programs that are written by other people then use those programs to “hack” into networks. The White Hat’s do the exact same thing; only they buy the expensive tools instead of downloading them for free. Or maybe they’re actually paying for the pretty GUI, who knows? What is pitiable is that in just about all cases these script kiddies have no idea what the programs actually do. Sometimes that’s because they don’t bother to look at the code, but most of the time its because they just can’t understand it. If you think about it that that is scary. Do you really want to work with a security company that launches attacks against your network with tools that they do not fully understand? I sure wouldn’t. This is part of the reason why I feel that it is so important for any professional security services provider to maintain an active research team. I’m not talking about doing market research and pretending that its security research like so many security companies do. I’m talking about doing actual vulnerability research and exploit development to help educate people about risks for the purposes of defense. After all, if a security company can’t write an exploit then what business do they have launching exploits against your company? I am very proud to say that Everything Channel recently released the 2010 CRN Security Researchers list and that Netragard’s Kevin Finisterre was on the list. Other people that were included in the list are people that I have the utmost respect for. As far as I am concerned, these are the top security experts: * Dino Dai Zovi * Kevin Finisterre * Landon Fuller * Robert Graham * Jeremiah Grossman * Larry Highsmith * Billy Hoffman * Mikko Hypponen * Dan Kaminsky * Paul Kocher * Nate Lawson * David Litchfield * Charles Miller * Jeff Moss * Jose Nazario * Joanna Rutkowska
Thanks for that awesome email, I suppose you are right that in most cases the script kiddies are just being an annoyance, imagine though if they did know and fully understood what those tools did. Wouldn't that be scarier :) Then again, that's just my opinion, but I do strongly believe that ignorance is benifiting us one way or the other. With the advent of linux however, things have changed a lot, the code is open so its harder to make it vulnerable and since we have a lot of people wokring in the community to make it even better. We look forward to a "script-kiddies" free future and a true challenge would then begin against the "real" hackers at that time. -- Regards, Vikram Dhillon A Computer Engineer was asked by his five-year-old son: "Dad, what is Windows 95?". "Well, it's 32-bit extensions and a graphical shell for a 16-bit patch to an 8-bit operating system originally coded for a 4-bit microprocessor, written by a 2-bit company that can't stand 1 bit of competition."
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Professional Scrpt Kiddies vs Real Talent Adriel Desautels (Mar 08)
- RE: Professional Scrpt Kiddies vs Real Talent Ron.Southworth (Mar 08)
- Re: Professional Scrpt Kiddies vs Real Talent Adriel T. Desautels (Mar 11)
- RE: Professional Scrpt Kiddies vs Real Talent Porttikivi, Anssi (Mar 15)
- Re: Professional Scrpt Kiddies vs Real Talent Wim Remes (Mar 08)
- Re: Professional Scrpt Kiddies vs Real Talent Adriel T. Desautels (Mar 09)
- RE: Professional Scrpt Kiddies vs Real Talent Craig S. Wright (Mar 11)
- Re: Professional Scrpt Kiddies vs Real Talent Adriel T. Desautels (Mar 11)
- Re: Professional Scrpt Kiddies vs Real Talent Wim Remes (Mar 11)
- RE: Professional Scrpt Kiddies vs Real Talent Ron.Southworth (Mar 08)
- Re: Professional Scrpt Kiddies vs Real Talent Vikram Dhillon (Mar 09)
- Re: Professional Scrpt Kiddies vs Real Talent Omar Herrera (Mar 09)
- Re: Professional Scrpt Kiddies vs Real Talent chr1x (Mar 11)
- Re: Professional Scrpt Kiddies vs Real Talent 5.K1dd (Mar 11)
- Re: Professional Scrpt Kiddies vs Real Talent R. DuFresne (Mar 18)
- Re: Professional Scrpt Kiddies vs Real Talent trains (Mar 23)
- Re: Professional Scrpt Kiddies vs Real Talent chr1x (Mar 11)
- Re: Professional Scrpt Kiddies vs Real Talent Eric Milam (Mar 11)
- Re: Professional Scrpt Kiddies vs Real Talent Adriel T. Desautels (Mar 11)
- Re: Professional Scrpt Kiddies vs Real Talent Mike (Mar 11)
- Re: Professional Scrpt Kiddies vs Real Talent Steve Pinkham (Mar 15)