| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Aug 2008 15:43:39 -0400 From: "TJ" <trejrco@...il.com> To: <full-disclosure@...ts.grok.org.uk> Subject: Re: Media backlash begins against HD Moore and I)ruid Note that the costs being discussed were purely financial, and you rushed headlong into adding human lives. That is, to be polite (if blunt) - wrong. The "cost" conversation is actually how real decisions are made, in the real world. /TJ >-----Original Message----- >From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure- >bounces@...ts.grok.org.uk] On Behalf Of n3td3v >Sent: Tuesday, August 05, 2008 3:36 PM >To: full-disclosure@...ts.grok.org.uk >Subject: Re: [Full-disclosure] Media backlash begins against HD Moore and >I)ruid > >On Tue, Aug 5, 2008 at 7:57 PM, <Valdis.Kletnieks@...edu> wrote: >> On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said: >> >>> Are you suggesting HD Moore had prior knowledge that the Austin Texas >>> AT&T servers were vulnerable? >> >> No - simply saying that either they were vulnerable, or they weren't. >> If they weren't vulnerable, HD didn't have to do anything. And even >> if they *were*, somebody would still have to actually *attack* them. >> >> And even if they *got* attacked, it's quite possible that the upsides >> of not bothering to do something outweighed the risks. If you >> estimate that the cost (including "things you could have spent your >> time doing") is more than the losses, why bother? "Even if we *got* >> whacked, we'd lose maybe $500. But in the time I'd waste dealing with >> the issue, I could generate something that will get us $2,000 in >> revenue. So if I fix it, I lose $1500, and if I ignore it, I come out >$1,500 ahead if we get hit, and $2,000 if we don't". >> > >Is what you're describing not against the law Valdis, it sure sounds like it >to me. Some kind of gross negligence... > >http://legal-dictionary.thefreedictionary.com/Gross+negligence >http://legal-dictionary.thefreedictionary.com/negligence > >Is this what goes on at Virginia Tech on a regular basis? Maybe the >authorities should be looking into you a lot more while they are looking >into HD Moore. ;) > >I wonder if the the intelligence services thought like you before 9/11 and >7/7 eh...I get the feeling they did. > >For sure people like you who support this kind of activity should be >investigated. It sounds criminal. > >Have you ever carried out this kind of activity Valdis where you put >security and people at risk to make and/or save money? > >If cyber-terrorism is going to become a real threat, we don't need people >like Valdis around and we should sure keep track of him. > >Would you allow a cyber-9-11 to happen Valdis if there was money involved? >I'm starting to become worried about you dude, maybe I should be e-mailing >the folks at Virginia Tech this thread, and perhaps, just perhaps the F.B.I >and see what they think about what you've just told me. > >You seem to be normalizing what you've just described to me as normal run- >of-the-mill legal activity, when it clearly isn't. > >To me what you've just described is illegal, criminal and wrong. > >All the best, > >n3td3v > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists