September 23rd, 2004, 11:51 PM
There are two valuable points that can be made from this statement.... and I'll make them....
But not everybody's a script kiddie, and the worst mistake any security professional could do is underestimate like such.
1. We all know that computers/networks are complex. We all know that when dealing with complex systems we often look too deeply into the issue and miss the obvious. We all know that idiots are better at finding the obvious than we are......
2. In security you must never underestimate the enemy.... be he a genius or an idiot..... You are the one that makes the mistakes.... He only capitalizes on them..... (before you discuss software not written by you that is vulnerable.... think about the possibility that you can write your own software to do everthing your users can do now.... The only safe software is that which you write yourself.... If you know how to code securely.... Otherwise it is no better then the third party stuff we all use).
Lets discuss what it is that makes a virus author successful and from that we should be able to determine whether a book or a course is really of any use to a virus writer. Fair?
Read the book, then try to say that the information in that book isn't still extremely usefull.
A successful virus writer needs:-
1. A reasonable working knowledge of the OS he is attacking.
2. A reasonable knowledge of a coding system that is understood by the OS
3. An understanding of which attack vectors might succeed while others might fail, (attack something that everyone uses rather than something no-one uses).
4. A reasonable understanding of human nature. (Sufficient to socially engineer a user into clicking on the attachment)
Really, that's about it..... It doesn't require an in depth book or course about it.... there are a few basic principles involved. After that it's imagination onthe part of the author to meld all those parts together to create a successful virus. If he fails in any one he will probebly create an unsuccessful virus. Books and courses cannot teach imagination, but the underlying principle in every successful virus has been imagination.
The problem is that if you stifle imagination in geeks you stop the progress they will eventually bring..... Catch 22?
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides