-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=- -= Script Kiddies and Scenwhores: How not to be one, and why we hate them =- -= By Grifter =- -= grifter@staticdischarge.com =- -= http://www.2600slc.org =- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= § Intro "Are you a Hacker?" by RedDragon, handed to newbies Take a little quiz for me today. Tell me if you fit this description. You got your net account several months ago, possibly even years. You have been surfing the net, and you laugh at those media reports of the information superhighway. You have a red box, and you don't have to pay for phone calls. You have crackerjack, and you have run it on every unix password file you ever come across. Everyone at your school is impressed by your computer knowledge, you are the one the teachers ask for help. Does this sound like you? You are not a hacker. There are thousands of you out there. You buy 2600 and you ask questions. You read phrack and you ask questions. You join #hack and you ask questions. You ask all of these questions, and you ask what is wrong with that? After all, to be a hacker is to question things, is it not? But, you do not want knowledge. You want answers. You do not want to learn how things work. You want answers. You do not want to explore. All you want to know is the answers to your damn questions. You are not a hacker. Hacking is not about answers. Hacking is about the path you take to find the answers. If you want help, don't ask for answers, ask for a pointer to the path you need to take to find out those answers for yourself. Because it is not the people with the answers that are the hackers, it is the people that are traveling along the path. -RedDragon § Personality Don't be an Asshole, Treat people with respect and they will usually do the same. This is especially important at DefCon, you will meet people you've only heard about, don't make that person think you're a total idiot, trust me, they'll talk to you if you're intelligent. § Mentality Hacking is a mentality, you don't decide to do it one day because you saw it on the news, and you want to be kool. Have you ever gotten something that was brand new and the first thing you want to do is tear it apart to see how it works? I have a friend that goes by "Fraud" that went out and bought himself a brand new cell phone. What's the first thing he did with it when he got home?, that's right, he ripped it apart just to see how it worked. If you haven't done these things, then why are you here? Why do you want to do this? What motivates you to want to be a Hacker? Do you want to be famous?, or are you in it for the money? Bragging rights? Because there are a lot of people here right now, that really would like to know why. Be honest, we can't make you leave, we just want to know who wants to learn, and who wants to waste our time. § CYA When you watch the documentaries on TV about Hackers, or you see someone who got caught on the news and they start asking them questions, how often is the person they're talking to intelligent, how often do they really know what they're talking about. They may be able to pull the wool over the medias eyes and people over 50 that only know what the media tells them, but do they fool you? Do you recognize that 90% of these people are just kiddies that didn't know their head from their ass when it came to hacking, did something stupid, and got caught. Now we all make mistakes, I'm not saying getting caught makes you a script kiddie, we've all had our brushes with different agencies I'm sure, but all I'm saying is that for the most part, the best hackers know the steps to take to cover their ass, and you better know too. § Kiddies It makes absolutely no sense to be a script kiddie. Now you're not expected to write some program on your own just because you don't want to run someone else's code. That wastes your time, and if it's out there, by all means, use it. That makes about as much sense as writing a new portscanner because you need to scan something and you don't want to use something that's already written because you'll be made fun of. That doesn't mean you shouldn't write new versions of old tools, maybe someone will like yours better than the one they're using now, my point is this, If you're using someone else's code, that's fine, but at least look at the source and know what it does, don't just compile it and go nuts. § Education Go and pick up a book, you WILL learn something, most of us (or the companies we work for) pay a ridiculous amount of money to go to schools to teach us these things, and when you get there, they hand you a book, and you read it, you're just paying to sit in a building with a fancy name on the outside. § Tools Know what a port scanner is for, or other tools like them, know what it's used for in the real world and why it was written, know how it works and what you can do with it. I was talking with a friend from 2600 the other day about Etherpeek, when someone asked, what's that? I said it was network monitoring software used by admins to watch what goes on throughout company networks, he summed it up in four words "It's a Packet Sniffer". § Ethics By breaking into an insecure system and justifying it by saying that they should have had better security is insane. We've all heard the analogy, about if you break into someone's house and look around are you not wrong because they should have had better locks?.it's the same as when you enter a foreign computer. You have not been given access to this machine, make no illusions about why you should be there, when you enter a machine you haven't been given access to you are breaking the law. I can guarantee your excuses about weak security will not hold up in court. § Website Defacement Website defacement is lame, is running a script, breaking into a site, and defacing their page hacking? No. Does it impress anyone? Maybe your friends that wouldn't know a Linux Box from a Cereal Box, but not us. Try to remember that. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=- © 2600SLC.ORG 2001 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-