lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 06 Aug 2008 17:13:52 -0500 From: Paul Schmehl <pschmehl_lists@...rr.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Media backlash begins against HD Moore and I)ruid Insanity == doing the same thing repeatedly and expecting a different result. If this is true, then Insane == responding to n3td3v. So how many on this list meet the definition of insane? --On Wednesday, August 06, 2008 15:43:39 -0400 TJ <trejrco@...il.com> wrote: > Note that the costs being discussed were purely financial, and you rushed > headlong into adding human lives. > That is, to be polite (if blunt) - wrong. > > The "cost" conversation is actually how real decisions are made, in the real > world. > > > > /TJ > > >> -----Original Message----- >> From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure- >> bounces@...ts.grok.org.uk] On Behalf Of n3td3v >> Sent: Tuesday, August 05, 2008 3:36 PM >> To: full-disclosure@...ts.grok.org.uk >> Subject: Re: [Full-disclosure] Media backlash begins against HD Moore and >> I)ruid >> >> On Tue, Aug 5, 2008 at 7:57 PM, <Valdis.Kletnieks@...edu> wrote: >>> On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said: >>> >>>> Are you suggesting HD Moore had prior knowledge that the Austin Texas >>>> AT&T servers were vulnerable? >>> >>> No - simply saying that either they were vulnerable, or they weren't. >>> If they weren't vulnerable, HD didn't have to do anything. And even >>> if they *were*, somebody would still have to actually *attack* them. >>> >>> And even if they *got* attacked, it's quite possible that the upsides >>> of not bothering to do something outweighed the risks. If you >>> estimate that the cost (including "things you could have spent your >>> time doing") is more than the losses, why bother? "Even if we *got* >>> whacked, we'd lose maybe $500. But in the time I'd waste dealing with >>> the issue, I could generate something that will get us $2,000 in >>> revenue. So if I fix it, I lose $1500, and if I ignore it, I come out >> $1,500 ahead if we get hit, and $2,000 if we don't". >>> >> >> Is what you're describing not against the law Valdis, it sure sounds like > it >> to me. Some kind of gross negligence... >> >> http://legal-dictionary.thefreedictionary.com/Gross+negligence >> http://legal-dictionary.thefreedictionary.com/negligence >> >> Is this what goes on at Virginia Tech on a regular basis? Maybe the >> authorities should be looking into you a lot more while they are looking >> into HD Moore. ;) >> >> I wonder if the the intelligence services thought like you before 9/11 and >> 7/7 eh...I get the feeling they did. >> >> For sure people like you who support this kind of activity should be >> investigated. It sounds criminal. >> >> Have you ever carried out this kind of activity Valdis where you put >> security and people at risk to make and/or save money? >> >> If cyber-terrorism is going to become a real threat, we don't need people >> like Valdis around and we should sure keep track of him. >> >> Would you allow a cyber-9-11 to happen Valdis if there was money involved? >> I'm starting to become worried about you dude, maybe I should be e-mailing >> the folks at Virginia Tech this thread, and perhaps, just perhaps the F.B.I >> and see what they think about what you've just told me. >> >> You seem to be normalizing what you've just described to me as normal run- >> of-the-mill legal activity, when it clearly isn't. >> >> To me what you've just described is illegal, criminal and wrong. >> >> All the best, >> >> n3td3v >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* Check the headers before clicking on Reply. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists