lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 6 Aug 2008 15:49:24 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Media backlash begins against HD Moore and
	I)ruid

On Wed, Aug 6, 2008 at 8:15 PM, jf <jf@...glingpointers.net> wrote:
>> And even if they *got* attacked, it's quite possible that the upsides of not
>> bothering to do something outweighed the risks.  If you estimate that the
>> cost (including "things you could have spent your time doing") is more than
>> the losses, why bother?  "Even if we *got* whacked, we'd lose maybe $500. But
>> in the time I'd waste dealing with the issue, I could generate something that
>> will get us $2,000 in revenue.  So if I fix it, I lose $1500, and if I ignore
>> it, I come out $1,500 ahead if we get hit, and $2,000 if we don't".
>
> so as a student worker, thats what, like a month of your time?
>

The guy definitely needs wire tapped and perhaps a psychologist.
Especially when he started ranting about money and the value of human
life in relation to security. I just hope Virgina Tech and the F.B.I
get involved in montioring him for his comments, especially after the
Virginia Tech massacre and the likes. We could have a fruit ball
member of staff at the institute considering something criminal to cut
corners in cyber security... or even something murderous in real life
depending on what type of mental condition he has actually acquired to
make him talk like this.

On Tue, Aug 5, 2008 at 9:57 PM,  <Valdis.Kletnieks@...edu> wrote:
> They calculate a "value of a life", and use it to evaluate things like
> environmental and safety regulations:  If a life is worth $5M, and the
> regulation is projected to save 500 lives (via lower risk of cancer, fewer car
> crashes, whatever), the regulation has to cost less than $2.5B to implement to
> be worth it.  If it costs $2B, but only saves 50 lives, that's $40M per life
> and not worth it.
>

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ