full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Media backlash begins

Re: [Full-disclosure] Media backlash begins against HD Moore and I)ruid

From: <Valdis.Kletnieks_at_nospam>
Date: Tue Aug 05 2008 - 18:57:25 GMT
To: n3td3v <xploitable@gmail.com>


On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said:

> Are you suggesting HD Moore had prior knowledge that the Austin Texas
> AT&T servers were vulnerable?

No - simply saying that either they were vulnerable, or they weren't. If they weren't vulnerable, HD didn't have to do anything. And even if they *were*, somebody would still have to actually *attack* them.

And even if they *got* attacked, it's quite possible that the upsides of not bothering to do something outweighed the risks. If you estimate that the cost (including "things you could have spent your time doing") is more than the losses, why bother? "Even if we *got* whacked, we'd lose maybe $500. But in the time I'd waste dealing with the issue, I could generate something that will get us $2,000 in revenue. So if I fix it, I lose $1500, and if I ignore it, I come out $1,500 ahead if we get hit, and $2,000 if we don't".



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/