I kind of get what you are on about. I think that in most cases the most serious security breaches are down to social engineering, where someone is fooled into installing a piece of software, opening a port or giving out a password. Winning that battle is probably half of winning the war. I think it has to be a two pronged approach, where you secure the systems using tools and help people avoid being fooled into revealing information to unauthorized persons. My 2c. On Monday, August 4, 2014, Kinpro Computers-All IT soutions via skunkworks < skunkworks@lists.my.co.ke> wrote:
Teh teh.
Sound like you want us to investin in using hand hoe to win production awards in grain markets.
NSA use tools, scipt kids use tools first to plan their security breach, cars come compuerized for easy diagnosis.If a street mechanics want me invest in tool box, eyes to see problem, and ears to analyze noises on modern posh cars, i dont think it sounds serious.
If you cant notice then nowhere you can start to think,ask or plan on something...that that you feel it exists.
why need to write un tested scripts to check every parameters just to trace warning signs?
I thing you have to be aware of your environment by using tools,you should also know limitations of your tools,then where you need scripts and what would be appropriate.
--
Regards, Nicholas Peter.* Kinpro Computers.*
>>>>>>>>>>>>>>>>>>>>>>>>>>
Date: Mon, 4 Aug 2014 12:53:19 +0300 From: Gichuki John Chuksjonia <chuksjonia@gmail.com> To: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke>, Skunkworks Mailing List <skunkworks@lists.my.co.ke>, "Security Forum All information security discussions in Africa are done here (Hacking, Decryptions, Security management, physical security, Disastor Recovery, Security Assessments etc etc)" <security@lists.my.co.ke> Subject: [Skunkworks] HACKING IS NOT ABOUT TOOLS Message-ID: < CAF0qi-Ny9iF2uZviwA33MHv0B1OxhiS_YmeTzfzbUtZd52HvvA@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1
There is this notion i have seen with different Security Firms which believe as long as they have tools, they can do penetration testing for everyone. This is wrong, since real blackhat hackers, the ones whom are defending your clients from don't use automation to break into these infrastructures. Script Kids will do that, and if a Security Firm is doing that too, then you hired script-kids-company (quarks) too.
I think its important people start doing things with passion especially with the service industry, get into extra miles, show these organizations how real blackhats will bypass restrictions and security, not nmap an metasplout snapshots. Lets stop failing our country, especially with Cyber Warfare already backing each door in our infrastructures.
./Chucks
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
------------------------------
Message: 3 Date: Mon, 4 Aug 2014 13:19:21 +0300 From: Jangita Nyagudi <jangita.nyagudi@gmail.com> To: Gichuki John Chuksjonia <chuksjonia@gmail.com>, Skunkworks Mailing List <skunkworks@lists.my.co.ke> Cc: "Security Forum All information security discussions in Africa are done here \(Hacking, Decryptions, Security management, physical security, Disastor Recovery, Security Assessments etc etc\)" <security@lists.my.co.ke>, KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Subject: Re: [Skunkworks] HACKING IS NOT ABOUT TOOLS Message-ID: < CA+C-RFF2KTGhQ+uVpTKSN_uNeuFAent7akAnpCYJfmFWsvopQA@mail.gmail.com> Content-Type: text/plain; charset="utf-8"
+1
On 4 August 2014 12:53, Gichuki John Chuksjonia via skunkworks < skunkworks@lists.my.co.ke> wrote:
There is this notion i have seen with different Security Firms which believe as long as they have tools, they can do penetration testing for everyone. This is wrong, since real blackhat hackers, the ones whom are defending your clients from don't use automation to break into these infrastructures. Script Kids will do that, and if a Security Firm is doing that too, then you hired script-kids-company (quarks) too.
I think its important people start doing things with passion especially with the service industry, get into extra miles, show these organizations how real blackhats will bypass restrictions and security, not nmap an metasplout snapshots. Lets stop failing our country, especially with Cyber Warfare already backing each door in our infrastructures.
./Chucks
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
_________________________________
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke