|Main Archive Page > Month Archives > full-disclosure-uk archives|
On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said:
> Are you suggesting HD Moore had prior knowledge that the Austin Texas
> AT&T servers were vulnerable?
No - simply saying that either they were vulnerable, or they weren't. If they weren't vulnerable, HD didn't have to do anything. And even if they *were*, somebody would still have to actually *attack* them.
And even if they *got* attacked, it's quite possible that the upsides of not bothering to do something outweighed the risks. If you estimate that the cost (including "things you could have spent your time doing") is more than the losses, why bother? "Even if we *got* whacked, we'd lose maybe $500. But in the time I'd waste dealing with the issue, I could generate something that will get us $2,000 in revenue. So if I fix it, I lose $1500, and if I ignore it, I come out $1,500 ahead if we get hit, and $2,000 if we don't".