Tools vs. talent

13/08/2007 Written by Jakub Maslowski

Today secu­rity indus­try is as inter­est­ing as never before and peo­ple are into it for dif­fer­ent rea­sons. Some of us are into it because of end­less oppor­tu­nity to learn, some are because that spe­cial knowl­edge can gain them fame, then there are peo­ple with mali­cious inten­tions, and finally there are peo­ple doing it for cash.

While its not our job to tell you who is bad and who is not we often think about future of this “busi­ness”. Research­ing takes up time, and time is cash, it also require knowl­edge and experience.

But is the tal­ent and as we called it before — spe­cial knowl­edge — really required in security?

Dif­fer­ent peo­ple have dif­fer­ent opin­ions, but you have to admit that search­ing and exploit­ing bugs or flaws has become eas­ier nowa­days, much eas­ier then it was year or two ago. Poten­tially researcher can now choose from mul­ti­ple of appli­ca­tions that were crafted to help doing that time-​consuming job.

For exam­ple, dur­ing this year Black Hat con­fer­ence Mozilla pre­sented new tool allow­ing you to play with Fire­fox and other browsers, Jesse Rud­er­man pub­lished JavaScript Fuzzer doing sim­i­lar job, we can’t for­get about appli­ca­tions like Immu­nity Debug­ger that — quot­ing from project’s website:

“Immu­nity Debug­ger is a pow­er­ful new way to write exploits, ana­lyze mal­ware, and reverse engi­neer binary files…

*Cuts exploit devel­op­ment time by 50%*Simple, under­stand­able inter­faces

*Con­nec­tiv­ity to fuzzers and exploit devel­op­ment tools…

Don’t for­get there are many of such tools doing (some of the) job for you, not to men­tion tons of on-​line guides and FAQ’s in var­i­ous top­ics in secu­rity…”

So, is “hack­ing” really that hard? Is it really meant for geeks? Or is it becom­ing a chance to get cash, fame or what­ever else with few mouse clicks?

Tal­ent, any­way, is needed in hack­ing. And no tool can replace it.