[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
- From: "henry j. mason" <hmason@dbsinet.com>
- Date: Mon, 13 Oct 2003 09:37:09 -0400
i agree with your assessment, basically, but:
you say these 'uber-hackers' don't believe in full-
disclosure, but you say they use it to learn? or,
without full-disclosure (or any disclosure at all)
they would learn anyway? care to posit some theories
as to how?
these people have tons of free time, yet a lot going
on socially? i find those two mutually exclusive,
unless you don't have a job, and job-less twenty-
somethings are hardly the most motivated of people.
i do grant you that there is a very small quiet minority
of very skilled hackers. but they aren't t13r anything
because they just do it because they have to, not for
l33t recognition.
henry
Joshua Levitsky wrote:
I would add a tier before Tier I that would be hackers that do not
believe in full disclosure, do not share exploits outside their close
knit circle of friends, do not support "the man". A lot of these guys
are better than "The best of the best", but nobody knows because they
don't make themselves public. Maybe you could call it "T13r Z3r0" :)
Seriously... there are people out there that have tons of free time to
learn, and possibly monitor lists like this, and laugh at the silly
people that disclose vulnerabilities and share information. They aren't
necessarily out doing damage. They just don't play with strangers
because they choose not to. Some of these people are damn cool. Some are
just anti-social, but that really isn't the norm so far as I can tell.
Of the people I've ever met they seem to have personalities, and usually
have more going on than I do socially. If you met them you wouldn't
think "hacker" or even know they are in to computers.
I dunno... just my observations here in New York City. Perhaps it's
different elsewhere.
-Josh
On Oct 13, 2003, at 1:02 AM, Joel R. Helgeson wrote:
Tier I
- The best of the best
- Ability to find new vulnerabilities
- Ability to write exploit code and tools
Tier II
- IT savvy
- Ability to program or script
- Understand wht the vulnerability is and how it works
- Intelligent enough to use the exploit code and tools with precision
Tier III
- "Script Kiddies"
- Inexpert
- Ability to download exploit code and tools
- Very little understanding of the actual vulnerability (launching Linux
attacks against MS boxes)
- Randomly fire off scripts until something works
--
Joshua Levitsky, CISSP, MCSE
System Engineer
AOL Time Warner
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html