On Tue, Jan 10, 2012 at 7:58 AM, Ferenc Kovacs <[email protected]> wrote: > Albeit you didn't addressed to me, but I also called them kiddies, so here > are my thoughts. >> >> Valdis you make me curious - how do you know that most are kids, and >> script kiddies? > > Valdis didn't stated that the majority of the hackers are kids, or script > kiddies, what he did stated: > >>> Perhaps these companies should try to hire the kids owning them instead >>> of crying to the feds. > >> Most of the kids are skript kiddies, > > So Laurelai implied that the companies are owned by kids, and Valdis replied > that those kids are mostly script kiddies. >> >> The label 'script kiddies' has been used for over 20 >> years and well, kids do grow old... aren't the script kiddies really >> "script men" these days? > > only if you think that the current kiddies are the exact same people than > back there. > imo the vast majority of the kiddies will either mature and/or busted, so > he/she will give up on the blackhat stuff, and/or grow in skills so he/she > will be a "real" hacker(in one way, or another). >> >> The label "script kiddie" tends to downplay >> their existence. It has a tone of "strong security officers, men of >> renown, men with beards" who look down on those petty script kiddies >> from their high places of arcane knowledge possessed by a mere few. > > the term is and always was pejorative/derogatory by definition: > "A script kiddie or skiddie,[1] occasionally skid, script bunny,[2] script > kitty,[3] script-running juvenile (SRJ) or similar, is a derogatory term > used to describe those who use scripts or programs developed by others to > attack computer systems and networks and deface websites.[4]" > http://en.wikipedia.org/wiki/Script_Kiddie >> >> Isn't it more likely that the people who massively pwned Stratfor are >> indeed mature and serious? > > imo most script kiddies are teens/young adults, and I also think that most > teens/young adults who are interested in the IT security are only have > script kiddie skills. > > My resons to believe this: > - learning serious skills take some time, so it is fairly rare to have those > at such a young age, so most of the young ones usually isn't there yet. of > course if you have only to master sqlmap and xss-me then it is a different > story. > - kids are more likely to take serious risk for the fun or fame only: they > aren't mature enough to be afraid of the consequences and they don't have an > existence which they are afraid to lose. on a related note > see http://www.medicinenet.com/script/main/art.asp?articlekey=51852 >> >> It's easy to establish that "the lulzboat >> people" for lack of a better term, are more mature than the >> technicians at Stratfor will ever be. Better to call them "security >> kiddies", I can understand that. > > in what meaning are you using the word "mature" here? > they(LulzSec) are/were trolling the industry, they didn't really shown > anything new, just that the OWASP top10 vulns are still there and even for > big companies. > I would be really surprised if it would ever to discovered that the main > players behind LulzSec ware over 25, or they would have a family to take > care of. > even if you could get away with the shit that they put up, a mature person > wouldn't risk to get busted over what they achieved (fame and fun). > > Of course this is only my opinion on the issue, maybe somebody else with > more experience on the field can come up with a better explanation or > pointing out the flaws in my logic. I still remember Steve Gibson and grc.com (www.crime-research.org/library/grcdos.pdf). He was retaliated upon for calling folks script kiddies.
Don't piss off a talented adolescent with computer skills. Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
