> Or are (cr/h)ackers just 'smarter' then the average 'professional IT' crowd?
The difference between your average professional cracker and your average sysadmin is that when a cracker doesn't know his stuff, he can't get anywhere... while a sysadmin would be able to slack off all day as long as he keep appearances up. (No offense meant to good sysadmins - they are the most awesome people in the sector)
And a lot of people do that. I've seen it first hand so many times I lost count. Heck, it sometimes happens even to Google. I'm willing to bet a lot of Sony's/Microsoft's teams are filled with incompetents who barely know more than how to reboot the server they handle, let alone know about security and such.
I think the more competent you are, the less you are able to notice incompetence around you (without specifically looking for it). There's an interesting parallel to be drawn with the excellent article on the Fermi paradox currently on the front page: Nobody stops for the anthill.
One of the companies I worked for (no names here) has an absolutely worthless sysadmin. The guy manages fifty linux machines and he doesn't know how to set up SSH. He's been on the team for several years and he's getting carried by the fact that the people who can fire him don't know how to set up SSH any better than he does -- and other people end up cleaning up his messes.
Does that story sound familiar to you? If you have worked in enterprise and haven't encountered it, you've either been very lucky or very blind.
Aside from occassional incompetence, it's good to recognise that with sysadmins vs. crackers the odds are stacked in the favour of crackers. Sysadmins need to guard against all attacks to do their job, whereas crackers only need to find one attack that has been overlooked. Also, despite the image of crackers as super tech geniuses, as a group they still know that the path of least resistance is often the best, which relies heavily on social engineering, which is far easier to do.
The difference between your average professional cracker and your average sysadmin is that when a cracker doesn't know his stuff, he can't get anywhere... while a sysadmin would be able to slack off all day as long as he keep appearances up. (No offense meant to good sysadmins - they are the most awesome people in the sector)
And a lot of people do that. I've seen it first hand so many times I lost count. Heck, it sometimes happens even to Google. I'm willing to bet a lot of Sony's/Microsoft's teams are filled with incompetents who barely know more than how to reboot the server they handle, let alone know about security and such.
I think the more competent you are, the less you are able to notice incompetence around you (without specifically looking for it). There's an interesting parallel to be drawn with the excellent article on the Fermi paradox currently on the front page: Nobody stops for the anthill.
One of the companies I worked for (no names here) has an absolutely worthless sysadmin. The guy manages fifty linux machines and he doesn't know how to set up SSH. He's been on the team for several years and he's getting carried by the fact that the people who can fire him don't know how to set up SSH any better than he does -- and other people end up cleaning up his messes.
Does that story sound familiar to you? If you have worked in enterprise and haven't encountered it, you've either been very lucky or very blind.