just one question
why should they hire the "skiddies" if most of them only
know how to fire up sqlmap or whatever current app is hot
right now?
doesnt really seem like enough reason to hire anyone
besides im not buying the whole "they do it because they are
angry at society" plop
ive been there.. they do it for the lulz
Den 11. jan. 2012 06.18 skrev Laurelai
<laurelai@xxxxxxxxxxxx <mailto:laurelai@xxxxxxxxxxxx>>:
On 1/10/12 10:18 PM, Byron Sonne wrote:
>> Don't piss off a talented adolescent with computer
skills.
> Amen! I love me some stylin' pwnage :)
>
> Whether they were skiddies or actual hackers, it's
still amusing (and
> frightening to some) that companies who really should
know better, in
> fact, don't.
>
And again, if companies hired these people, most of whom
come from
disadvantaged backgrounds and are self taught they
wouldn't have as much
a reason to be angry anymore. Most of them feel like
they don't have any
real opportunities for a career and they are often
right. Microsoft
hired some kid who hacked their network, it is a safe
bet he isn't going
to be causing any trouble anymore. Talking about the
trust issue, who
would you trust more the person who has all the certs
and experience
that told you your network was safe or the 14 year old
who proved him
wrong? We all know if that kid had approached microsoft
with his exploit
in a responsible manner they would have outright ignored
him, that's why
this mailing list exists, because companies will ignore
security issues
until it bites them in the ass to save a buck.
People are way too obsessed with having certifications
that don't
actually teach practical intrusion techniques. If a
system is so fragile
that teenagers can take it down with minimal effort then
there is a
serious problem with the IT security industry. Think
about it how long
has sql injection been around? There is absolutely no
excuse for being
vulnerable to it. None what so ever. These kids are
showing people the
truth about the state of security online and that is
whats making people
afraid of them. They aren't writing 0 days every week,
they are using
vulnerabilities that are publicly available. Using tools
that are
publicly available, tools that were meant to be used by
the people
protecting the systems. Clearly the people in charge of
protecting these
system aren't using these tools to scan their systems or
else they would
have found the weaknesses first.
The fact that government organizations and large name
companies and
government contractors fall prey to these types of
attacks just goes to
show the level of hypocrisy inherent to the situation.
Especially when
their solution to the problem is to just pass more and
more restrictive
laws (as if that's going to stop them). These kids are
showing people
that the emperor has no clothes and that's whats making
people angry,
they are putting someones paycheck in danger. Why don't
we solve the
problem by actually addressing the real problem and
fixing systems that
need to be fixed? Why not hire these kids with the time
and energy on
their hands to probe for these weaknesses on a large
scale? The ones
currently in the job slots to do this clearly aren't
doing it. I bet if
they started replacing these people with these kids it
would shake the
lethargy out of the rest of them and you would see a
general increase in
competence and security. Knowing that if you get your
network owned by a
teenager will not only get you fired, but replaced with
said teenager is
one hell of an incentive to make sure you get it right.
Yes they would have to be taught additional skills to
round out what
they know, but every job requires some level of training
and there are
quite a few workplaces that will help their employees
continue their
education because it benefits the company to do so. This
would be no
different except that the employees would be younger,
and younger people
do tend to learn faster so it would likely take less
time to teach these
kids the needed skills to round out what they already
know than it would
to teach someone older the same thing. It is the same
principal behind
teaching young children multiple languages, they learn
them better than
adults.
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/