Why we are so obsessed with the newest exploit and attack developments while forgetting that the world hasn’t changed much since the last time we looked at it and laughed.
I think it is because very few of us, if anyone, are capable of looking into the entire security landscape with an open eyes and clear mind. I think that most security experts are too much about the technology and its inner workings (the geekyness) that they forget that the there are other factors that contribute to overall problem. The reason we are so much into this is because it makes sense for most of us. It is logical. It is easy to learn and you know how it feels when you get into your comfort zone. It is hard to get back on track.
The reason I am wasting time writing a post on this topic is because I find it funny when certifications and standards are drivers of the infosec field but not the tools. I find it funny to look how people fight over who knows the most about a particular technology. Who is the biggest, the ugliest, the baddest hacker of all? Well, it is not you. Nor me! It is the script-kiddie next door! You don’t agree? Perhaps we forget that it is always about opportunities and script-kiddies are nothing more but the best opportunists. The entry level for getting into hacking today is practically zero. All you need is the opportunity window. It happens all the time. Perhaps too often to admit to ourselves.
We thrive off of new exploits and exploitation ideas because it gives us knew knowledge. I my self never like to see new exploits but the “script skiddies” do. I on the other hand are all in favor for either reporting the exploit (if its big enough) or keeping it underground.