Re: Media backlash begins against HD Moore and I)ruid

["TJ" <trejrco () gmail com>]

Note that the costs being discussed were purely financial, and you rushed
headlong into adding human lives.
That is, to be polite (if blunt) - wrong.

The "cost" conversation is actually how real decisions are made, in the real
world.



/TJ


> -----Original Message-----
> From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-
> bounces () lists grok org uk] On Behalf Of n3td3v
> Sent: Tuesday, August 05, 2008 3:36 PM
> To: full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] Media backlash begins against HD Moore and
> I)ruid
>
> On Tue, Aug 5, 2008 at 7:57 PM,  <Valdis.Kletnieks () vt edu> wrote:
> > On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said:
> >
> > > Are you suggesting HD Moore had prior knowledge that the Austin Texas
> > > AT&T servers were vulnerable?
> >
> > No - simply saying that either they were vulnerable, or they weren't.
> > If they weren't vulnerable, HD didn't have to do anything.  And even
> > if they *were*, somebody would still have to actually *attack* them.
> >
> > And even if they *got* attacked, it's quite possible that the upsides
> > of not bothering to do something outweighed the risks.  If you
> > estimate that the cost (including "things you could have spent your
> > time doing") is more than the losses, why bother?  "Even if we *got*
> > whacked, we'd lose maybe $500. But in the time I'd waste dealing with
> > the issue, I could generate something that will get us $2,000 in
> > revenue.  So if I fix it, I lose $1500, and if I ignore it, I come out
> $1,500 ahead if we get hit, and $2,000 if we don't".
> >
>
> Is what you're describing not against the law Valdis, it sure sounds like
it
> to me. Some kind of gross negligence...
>
> http://legal-dictionary.thefreedictionary.com/Gross+negligence
> http://legal-dictionary.thefreedictionary.com/negligence
>
> Is this what goes on at Virginia Tech on a regular basis? Maybe the
> authorities should be looking into you a lot more while they are looking
> into HD Moore. ;)
>
> I wonder if the the intelligence services thought like you before 9/11 and
> 7/7 eh...I get the feeling they did.
>
> For sure people like you who support this kind of activity should be
> investigated. It sounds criminal.
>
> Have you ever carried out this kind of activity Valdis where you put
> security and people at risk to make and/or save money?
>
> If cyber-terrorism is going to become a real threat, we don't need people
> like Valdis around and we should sure keep track of him.
>
> Would you allow a cyber-9-11 to happen Valdis if there was money involved?
> I'm starting to become worried about you dude, maybe I should be e-mailing
> the folks at Virginia Tech this thread, and perhaps, just perhaps the F.B.I
> and see what they think about what you've just told me.
>
> You seem to be normalizing what you've just described to me as normal run-
> of-the-mill legal activity, when it clearly isn't.
>
> To me what you've just described is illegal, criminal and wrong.
>
> All the best,
>
> n3td3v
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/