Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Fwd: Rate Stratfor's Incident Response
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 10 Jan 2012 11:52:27 -0500

On Tue, Jan 10, 2012 at 7:58 AM, Ferenc Kovacs <tyra3l () gmail com> wrote:
Albeit you didn't addressed to me, but I also called them kiddies, so here
are my thoughts.

Valdis you make me curious - how do you know that most are kids, and
script kiddies?

Valdis didn't stated that the majority of the hackers are kids, or script
kiddies, what he did stated:

Perhaps these companies should try to hire the kids owning them instead
of crying to the feds.

Most of the kids are skript kiddies,

So Laurelai implied that the companies are owned by kids, and Valdis replied
that those kids are mostly script kiddies.

The label 'script kiddies' has been used for over 20
years and well, kids do grow old... aren't the script kiddies really
"script men" these days?

only if you think that the current kiddies are the exact same people than
back there.
imo the vast majority of the kiddies will either mature and/or busted, so
he/she will give up on the blackhat stuff, and/or grow in skills so he/she
will be a "real" hacker(in one way, or another).

The label "script kiddie" tends to downplay
their existence. It has a tone of "strong security officers, men of
renown, men with beards" who look down on those petty script kiddies
from their high places of arcane knowledge possessed by a mere few.

the term is and always was pejorative/derogatory by definition:
"A script kiddie or skiddie,[1] occasionally skid, script bunny,[2] script
kitty,[3] script-running juvenile (SRJ) or similar, is a derogatory term
used to describe those who use scripts or programs developed by others to
attack computer systems and networks and deface websites.[4]"

Isn't it more likely that the people who massively pwned Stratfor are
indeed mature and serious?

imo most script kiddies are teens/young adults, and I also think that most
teens/young adults who are interested in the IT security are only have
script kiddie skills.

My resons to believe this:
- learning serious skills take some time, so it is fairly rare to have those
at such a young age, so most of the young ones usually isn't there yet. of
course if you have only to master sqlmap and xss-me then it is a different
- kids are more likely to take serious risk for the fun or fame only: they
aren't mature enough to be afraid of the consequences and they don't have an
existence which they are afraid to lose. on a related note
see http://www.medicinenet.com/script/main/art.asp?articlekey=51852

It's easy to establish that "the lulzboat
people" for lack of a better term, are more mature than the
technicians at Stratfor will ever be. Better to call them "security
kiddies", I can understand that.

in what meaning are you using the word "mature" here?
they(LulzSec) are/were trolling the industry, they didn't really shown
anything new, just that the OWASP top10 vulns are still there and even for
big companies.
I would be really surprised if it would ever to discovered that the main
players behind LulzSec ware over 25, or they would have a family to take
care of.
even if you could get away with the shit that they put up, a mature person
wouldn't risk to get busted over what they achieved (fame and fun).

Of course this is only my opinion on the issue, maybe somebody else with
more experience on the field can come up with a better explanation or
pointing out the flaws in my logic.
I still remember Steve Gibson and grc.com
(www.crime-research.org/library/grcdos.pdf). He was retaliated upon
for calling folks script kiddies.

Don't piss off a talented adolescent with computer skills.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]