Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Media backlash begins against HD Moore and I)ruid

From: scott <redhowlingwolves () nc rr com>
Date: Tue, 05 Aug 2008 16:41:27 -0400
Valdis.Kletnieks () vt edu wrote:

 On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said:


Are you suggesting HD Moore had prior knowledge that the Austin Texas
AT&T servers were vulnerable?


 No - simply saying that either they were vulnerable, or they weren't.  If
 they weren't vulnerable, HD didn't have to do anything.  And even if they
 *were*, somebody would still have to actually *attack* them.

 And even if they *got* attacked, it's quite possible that the upsides 

of not

 bothering to do something outweighed the risks.  If you estimate that the
 cost (including "things you could have spent your time doing") is more 

than

 the losses, why bother?  "Even if we *got* whacked, we'd lose maybe 

$500. But

 in the time I'd waste dealing with the issue, I could generate 

something that

 will get us $2,000 in revenue.  So if I fix it, I lose $1500, and if I 

ignore

 it, I come out $1,500 ahead if we get hit, and $2,000 if we don't".



 -------------------------

 _______________________________________________
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

You can't expect n3td3v to understand things like that. He's a hero to 
all who read his cut-n-paste blog, not a true InfoSec worker.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: