lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 06 Aug 2008 17:13:52 -0500
From: Paul Schmehl <pschmehl_lists@...rr.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Media backlash begins against HD Moore and
	I)ruid

Insanity == doing the same thing repeatedly and expecting a different result.

If this is true, then

Insane == responding to n3td3v.

So how many on this list meet the definition of insane?

--On Wednesday, August 06, 2008 15:43:39 -0400 TJ <trejrco@...il.com> wrote:

> Note that the costs being discussed were purely financial, and you rushed
> headlong into adding human lives.
> That is, to be polite (if blunt) - wrong.
>
> The "cost" conversation is actually how real decisions are made, in the real
> world.
>
>
>
> /TJ
>
>
>> -----Original Message-----
>> From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-
>> bounces@...ts.grok.org.uk] On Behalf Of n3td3v
>> Sent: Tuesday, August 05, 2008 3:36 PM
>> To: full-disclosure@...ts.grok.org.uk
>> Subject: Re: [Full-disclosure] Media backlash begins against HD Moore and
>> I)ruid
>>
>> On Tue, Aug 5, 2008 at 7:57 PM,  <Valdis.Kletnieks@...edu> wrote:
>>> On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said:
>>>
>>>> Are you suggesting HD Moore had prior knowledge that the Austin Texas
>>>> AT&T servers were vulnerable?
>>>
>>> No - simply saying that either they were vulnerable, or they weren't.
>>> If they weren't vulnerable, HD didn't have to do anything.  And even
>>> if they *were*, somebody would still have to actually *attack* them.
>>>
>>> And even if they *got* attacked, it's quite possible that the upsides
>>> of not bothering to do something outweighed the risks.  If you
>>> estimate that the cost (including "things you could have spent your
>>> time doing") is more than the losses, why bother?  "Even if we *got*
>>> whacked, we'd lose maybe $500. But in the time I'd waste dealing with
>>> the issue, I could generate something that will get us $2,000 in
>>> revenue.  So if I fix it, I lose $1500, and if I ignore it, I come out
>> $1,500 ahead if we get hit, and $2,000 if we don't".
>>>
>>
>> Is what you're describing not against the law Valdis, it sure sounds like
> it
>> to me. Some kind of gross negligence...
>>
>> http://legal-dictionary.thefreedictionary.com/Gross+negligence
>> http://legal-dictionary.thefreedictionary.com/negligence
>>
>> Is this what goes on at Virginia Tech on a regular basis? Maybe the
>> authorities should be looking into you a lot more while they are looking
>> into HD Moore. ;)
>>
>> I wonder if the the intelligence services thought like you before 9/11 and
>> 7/7 eh...I get the feeling they did.
>>
>> For sure people like you who support this kind of activity should be
>> investigated. It sounds criminal.
>>
>> Have you ever carried out this kind of activity Valdis where you put
>> security and people at risk to make and/or save money?
>>
>> If cyber-terrorism is going to become a real threat, we don't need people
>> like Valdis around and we should sure keep track of him.
>>
>> Would you allow a cyber-9-11 to happen Valdis if there was money involved?
>> I'm starting to become worried about you dude, maybe I should be e-mailing
>> the folks at Virginia Tech this thread, and perhaps, just perhaps the F.B.I
>> and see what they think about what you've just told me.
>>
>> You seem to be normalizing what you've just described to me as normal run-
>> of-the-mill legal activity, when it clearly isn't.
>>
>> To me what you've just described is illegal, criminal and wrong.
>>
>> All the best,
>>
>> n3td3v
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
Check the headers before clicking on Reply.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists