Hi, > I can agree to some extent, but I find difficult to set the threshold > of cluelessness one can accept from a supposedly "good hacker". >
I had a go at this recently and came up with a three tier definition: 1) Script kiddie - Uses public tools and exploits, but does not understand them, and cannot fix problems 2) Proficient hacker - Uses public tools and exploits, with full understanding; can tweak tools for unusual scenarios 3) Advanced persistent threat - Has a collection of zero day exploits, and is able to develop new exploits Now this gets interesting from a defensive point of view. You can stop 1 and 2 using standard security best practices. But the standard defences break down when faced by an attacker with zero day exploits. Paul -- Pentest - The Application Security Specialists Paul Johnston - IT Security Consultant / Tiger SST PenTest Limited - ISO 9001 (44/100/107029) / ISO 27001 (IS 558982) Office: +44 (0) 161 233 0100 Mobile: +44 (0) 7817 219 072 Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy Registered Number: 4217114 England & Wales Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
