lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 6 Aug 2008 18:56:09 -0400
From: "TJ" <trejrco@...il.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Media backlash ... insane?

I'd take offense, except for that annoying ring of truth ... 
Anyway, I like to think of it more as trying to add value to an ongoing
conversation (vs anything insane).


/TJ


>-----Original Message-----
>From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-
>bounces@...ts.grok.org.uk] On Behalf Of Paul Schmehl
>Sent: Wednesday, August 06, 2008 6:14 PM
>To: full-disclosure@...ts.grok.org.uk
>Subject: Re: [Full-disclosure] Media backlash begins against HD Moore and
>I)ruid
>
>Insanity == doing the same thing repeatedly and expecting a different
>result.
>
>If this is true, then
>
>Insane == responding to n3td3v.
>
>So how many on this list meet the definition of insane?
>
>--On Wednesday, August 06, 2008 15:43:39 -0400 TJ <trejrco@...il.com>
wrote:
>
>> Note that the costs being discussed were purely financial, and you
>> rushed headlong into adding human lives.
>> That is, to be polite (if blunt) - wrong.
>>
>> The "cost" conversation is actually how real decisions are made, in
>> the real world.
>>
>>
>>
>> /TJ
>>
>>
>>> -----Original Message-----
>>> From: full-disclosure-bounces@...ts.grok.org.uk
>>> [mailto:full-disclosure- bounces@...ts.grok.org.uk] On Behalf Of
>>> n3td3v
>>> Sent: Tuesday, August 05, 2008 3:36 PM
>>> To: full-disclosure@...ts.grok.org.uk
>>> Subject: Re: [Full-disclosure] Media backlash begins against HD Moore
>>> and I)ruid
>>>
>>> On Tue, Aug 5, 2008 at 7:57 PM,  <Valdis.Kletnieks@...edu> wrote:
>>>> On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said:
>>>>
>>>>> Are you suggesting HD Moore had prior knowledge that the Austin
>>>>> Texas AT&T servers were vulnerable?
>>>>
>>>> No - simply saying that either they were vulnerable, or they weren't.
>>>> If they weren't vulnerable, HD didn't have to do anything.  And even
>>>> if they *were*, somebody would still have to actually *attack* them.
>>>>
>>>> And even if they *got* attacked, it's quite possible that the
>>>> upsides of not bothering to do something outweighed the risks.  If
>>>> you estimate that the cost (including "things you could have spent
>>>> your time doing") is more than the losses, why bother?  "Even if we
>>>> *got* whacked, we'd lose maybe $500. But in the time I'd waste
>>>> dealing with the issue, I could generate something that will get us
>>>> $2,000 in revenue.  So if I fix it, I lose $1500, and if I ignore
>>>> it, I come out
>>> $1,500 ahead if we get hit, and $2,000 if we don't".
>>>>
>>>
>>> Is what you're describing not against the law Valdis, it sure sounds
>>> like
>> it
>>> to me. Some kind of gross negligence...
>>>
>>> http://legal-dictionary.thefreedictionary.com/Gross+negligence
>>> http://legal-dictionary.thefreedictionary.com/negligence
>>>
>>> Is this what goes on at Virginia Tech on a regular basis? Maybe the
>>> authorities should be looking into you a lot more while they are
>>> looking into HD Moore. ;)
>>>
>>> I wonder if the the intelligence services thought like you before
>>> 9/11 and
>>> 7/7 eh...I get the feeling they did.
>>>
>>> For sure people like you who support this kind of activity should be
>>> investigated. It sounds criminal.
>>>
>>> Have you ever carried out this kind of activity Valdis where you put
>>> security and people at risk to make and/or save money?
>>>
>>> If cyber-terrorism is going to become a real threat, we don't need
>>> people like Valdis around and we should sure keep track of him.
>>>
>>> Would you allow a cyber-9-11 to happen Valdis if there was money
>involved?
>>> I'm starting to become worried about you dude, maybe I should be
>>> e-mailing the folks at Virginia Tech this thread, and perhaps, just
>>> perhaps the F.B.I and see what they think about what you've just told
me.
>>>
>>> You seem to be normalizing what you've just described to me as normal
>>> run- of-the-mill legal activity, when it clearly isn't.
>>>
>>> To me what you've just described is illegal, criminal and wrong.
>>>
>>> All the best,
>>>
>>> n3td3v
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
>--
>Paul Schmehl, Senior Infosec Analyst
>As if it wasn't already obvious, my opinions are my own and not those of my
>employer.
>*******************************************
>Check the headers before clicking on Reply.
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ