|Main Archive Page > Month Archives > full-disclosure-uk archives|
I'd take offense, except for that annoying ring of truth ... Anyway, I like to think of it more as trying to add value to an ongoing conversation (vs anything insane).
>From: email@example.com [mailto:full-disclosure-
>firstname.lastname@example.org] On Behalf Of Paul Schmehl
>Sent: Wednesday, August 06, 2008 6:14 PM
>Subject: Re: [Full-disclosure] Media backlash begins against HD Moore and
>Insanity == doing the same thing repeatedly and expecting a different
>If this is true, then
>Insane == responding to n3td3v.
>So how many on this list meet the definition of insane?
>--On Wednesday, August 06, 2008 15:43:39 -0400 TJ <email@example.com>
>> Note that the costs being discussed were purely financial, and you
>> rushed headlong into adding human lives.
>> That is, to be polite (if blunt) - wrong.
>> The "cost" conversation is actually how real decisions are made, in
>> the real world.
>>> -----Original Message-----
>>> From: firstname.lastname@example.org
>>> [mailto:full-disclosure- email@example.com] On Behalf Of
>>> Sent: Tuesday, August 05, 2008 3:36 PM
>>> To: firstname.lastname@example.org
>>> Subject: Re: [Full-disclosure] Media backlash begins against HD Moore
>>> and I)ruid
>>> On Tue, Aug 5, 2008 at 7:57 PM, <Valdis.Kletnieks@vt.edu> wrote:
>>>> On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said:
>>>>> Are you suggesting HD Moore had prior knowledge that the Austin
>>>>> Texas AT&T servers were vulnerable?
>>>> No - simply saying that either they were vulnerable, or they weren't.
>>>> If they weren't vulnerable, HD didn't have to do anything. And even
>>>> if they *were*, somebody would still have to actually *attack* them.
>>>> And even if they *got* attacked, it's quite possible that the
>>>> upsides of not bothering to do something outweighed the risks. If
>>>> you estimate that the cost (including "things you could have spent
>>>> your time doing") is more than the losses, why bother? "Even if we
>>>> *got* whacked, we'd lose maybe $500. But in the time I'd waste
>>>> dealing with the issue, I could generate something that will get us
>>>> $2,000 in revenue. So if I fix it, I lose $1500, and if I ignore
>>>> it, I come out
>>> $1,500 ahead if we get hit, and $2,000 if we don't".
>>> Is what you're describing not against the law Valdis, it sure sounds
>>> to me. Some kind of gross negligence...
>>> Is this what goes on at Virginia Tech on a regular basis? Maybe the
>>> authorities should be looking into you a lot more while they are
>>> looking into HD Moore. ;)
>>> I wonder if the the intelligence services thought like you before
>>> 9/11 and
>>> 7/7 eh...I get the feeling they did.
>>> For sure people like you who support this kind of activity should be
>>> investigated. It sounds criminal.
>>> Have you ever carried out this kind of activity Valdis where you put
>>> security and people at risk to make and/or save money?
>>> If cyber-terrorism is going to become a real threat, we don't need
>>> people like Valdis around and we should sure keep track of him.
>>> Would you allow a cyber-9-11 to happen Valdis if there was money
>>> I'm starting to become worried about you dude, maybe I should be
>>> e-mailing the folks at Virginia Tech this thread, and perhaps, just
>>> perhaps the F.B.I and see what they think about what you've just told
>>> You seem to be normalizing what you've just described to me as normal
>>> run- of-the-mill legal activity, when it clearly isn't.
>>> To me what you've just described is illegal, criminal and wrong.
>>> All the best,
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>Paul Schmehl, Senior Infosec Analyst
>As if it wasn't already obvious, my opinions are my own and not those of my
>Check the headers before clicking on Reply.
>Full-Disclosure - We believe in it.
>Hosted and sponsored by Secunia - http://secunia.com/