...it's easier to know how to break into a system/box/whatever, than it is to learn exactly what happened and take measures to prevent it.
Sure, some items are fairly obvious, but I'm willing to wager that there are a lot of exploits that even dedicated security officials aren't aware of, simply because the exploit was found and put to use, but never reported.
As it applies to 9/11, I'm fairly certain that OBL and his boys are more willing to shell out the cash for the folks who can find undiscovered vulns
To paraphase Gene Spafford when he talked about the idea of hiring hackers as security experts, an arsonist isn't necessarily well-qualified to be on a fire department.
An arsonist just pours some gas and lights a match. That's more like what a script kiddie does. They just throw some exploits at random machines and try to install subseven. Obviously they don't know jack about security. A skilled hacker is more like an experienced thief. They use complex techiques to avoid detection, make surgical strikes at predetermined targets, and learn about their targets' security measures to more effectively neutralize them. Those people make good security experts.
One real security problem is that the complexity of attacks is increased, but the difficulty of launching them has decreased. The more skilled hackers create scripts or point-and-click tools, and the script kiddies can use them without having to know much about what they're doing. One book had a transcript of a conversation from an irc hacking channel, and some of the "hackers" seemed to be lacking in basic knowledge. For example, one of them wasn't too sure how to mount a second hard drive in Linux.
It's usually to encourage people to patch their systems or to make it easier on themselves to use the exploits. If there are 4 blackhats who know how to break into my system and there never will be others, I'm not too likely to care. If there are 6,302,466 script kiddies who know how to break into my system, more are on the way, and they are choosing systems at random, I'm going to be frickin scared and patch my system as soon as possible.
Also, if I'm a blackhat, and I'm ticked off at some message board o
It's hard to swallow the idea that blackhats are only concerned about encouraging admins to patch their systems. It's like vandalizing someone's property and then claming that you were only trying to motivate them to improve their security. I mean, how heartwarming.
As far as the message board exploit, sure, most people would prefer the path of least resistance. However, not everyone has the skill to write customized exploits - it sounds like most script kiddies don't. The prepackaged scripts and blac
I guess you're right about blackhats' altruism, so scratch that argument. Howver, I think most blackhats make the simple exploits for their own use and publish them to gain notoriety. What's the point of writing a brilliant piece of code if nobody knows it? Besides, maybe someone else will find a problem with it and ix it, and it'll work even better! Yay!
Just one thing that very few learn... (Score:5, Interesting)
Sure, some items are fairly obvious, but I'm willing to wager that there are a lot of exploits that even dedicated security officials aren't aware of, simply because the exploit was found and put to use, but never reported.
As it applies to 9/11, I'm fairly certain that OBL and his boys are more willing to shell out the cash for the folks who can find undiscovered vulns
Re:Just one thing that very few learn... (Score:5, Insightful)
Re:Just one thing that very few learn... (Score:3, Insightful)
Re:Just one thing that very few learn... (Score:3, Insightful)
I'
Re:Just one thing that very few learn... (Score:1)
Re:Just one thing that very few learn... (Score:1)
As far as the message board exploit, sure, most people would prefer the path of least resistance. However, not everyone has the skill to write customized exploits - it sounds like most script kiddies don't. The prepackaged scripts and blac
Re:Just one thing that very few learn... (Score:1)