Note that the costs being discussed were purely financial, and you rushed headlong into adding human lives. That is, to be polite (if blunt) - wrong.
The "cost" conversation is actually how real decisions are made, in the real world. /TJ >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:full-disclosure- >[EMAIL PROTECTED] On Behalf Of n3td3v >Sent: Tuesday, August 05, 2008 3:36 PM >To: [email protected] >Subject: Re: [Full-disclosure] Media backlash begins against HD Moore and >I)ruid > >On Tue, Aug 5, 2008 at 7:57 PM, <[EMAIL PROTECTED]> wrote: >> On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said: >> >>> Are you suggesting HD Moore had prior knowledge that the Austin Texas >>> AT&T servers were vulnerable? >> >> No - simply saying that either they were vulnerable, or they weren't. >> If they weren't vulnerable, HD didn't have to do anything. And even >> if they *were*, somebody would still have to actually *attack* them. >> >> And even if they *got* attacked, it's quite possible that the upsides >> of not bothering to do something outweighed the risks. If you >> estimate that the cost (including "things you could have spent your >> time doing") is more than the losses, why bother? "Even if we *got* >> whacked, we'd lose maybe $500. But in the time I'd waste dealing with >> the issue, I could generate something that will get us $2,000 in >> revenue. So if I fix it, I lose $1500, and if I ignore it, I come out >$1,500 ahead if we get hit, and $2,000 if we don't". >> > >Is what you're describing not against the law Valdis, it sure sounds like it >to me. Some kind of gross negligence... > >http://legal-dictionary.thefreedictionary.com/Gross+negligence >http://legal-dictionary.thefreedictionary.com/negligence > >Is this what goes on at Virginia Tech on a regular basis? Maybe the >authorities should be looking into you a lot more while they are looking >into HD Moore. ;) > >I wonder if the the intelligence services thought like you before 9/11 and >7/7 eh...I get the feeling they did. > >For sure people like you who support this kind of activity should be >investigated. It sounds criminal. > >Have you ever carried out this kind of activity Valdis where you put >security and people at risk to make and/or save money? > >If cyber-terrorism is going to become a real threat, we don't need people >like Valdis around and we should sure keep track of him. > >Would you allow a cyber-9-11 to happen Valdis if there was money involved? >I'm starting to become worried about you dude, maybe I should be e-mailing >the folks at Virginia Tech this thread, and perhaps, just perhaps the F.B.I >and see what they think about what you've just told me. > >You seem to be normalizing what you've just described to me as normal run- >of-the-mill legal activity, when it clearly isn't. > >To me what you've just described is illegal, criminal and wrong. > >All the best, > >n3td3v > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
