I'd take offense, except for that annoying ring of truth ... Anyway, I like to think of it more as trying to add value to an ongoing conversation (vs anything insane).
/TJ >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:full-disclosure- >[EMAIL PROTECTED] On Behalf Of Paul Schmehl >Sent: Wednesday, August 06, 2008 6:14 PM >To: [email protected] >Subject: Re: [Full-disclosure] Media backlash begins against HD Moore and >I)ruid > >Insanity == doing the same thing repeatedly and expecting a different >result. > >If this is true, then > >Insane == responding to n3td3v. > >So how many on this list meet the definition of insane? > >--On Wednesday, August 06, 2008 15:43:39 -0400 TJ <[EMAIL PROTECTED]> wrote: > >> Note that the costs being discussed were purely financial, and you >> rushed headlong into adding human lives. >> That is, to be polite (if blunt) - wrong. >> >> The "cost" conversation is actually how real decisions are made, in >> the real world. >> >> >> >> /TJ >> >> >>> -----Original Message----- >>> From: [EMAIL PROTECTED] >>> [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of >>> n3td3v >>> Sent: Tuesday, August 05, 2008 3:36 PM >>> To: [email protected] >>> Subject: Re: [Full-disclosure] Media backlash begins against HD Moore >>> and I)ruid >>> >>> On Tue, Aug 5, 2008 at 7:57 PM, <[EMAIL PROTECTED]> wrote: >>>> On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said: >>>> >>>>> Are you suggesting HD Moore had prior knowledge that the Austin >>>>> Texas AT&T servers were vulnerable? >>>> >>>> No - simply saying that either they were vulnerable, or they weren't. >>>> If they weren't vulnerable, HD didn't have to do anything. And even >>>> if they *were*, somebody would still have to actually *attack* them. >>>> >>>> And even if they *got* attacked, it's quite possible that the >>>> upsides of not bothering to do something outweighed the risks. If >>>> you estimate that the cost (including "things you could have spent >>>> your time doing") is more than the losses, why bother? "Even if we >>>> *got* whacked, we'd lose maybe $500. But in the time I'd waste >>>> dealing with the issue, I could generate something that will get us >>>> $2,000 in revenue. So if I fix it, I lose $1500, and if I ignore >>>> it, I come out >>> $1,500 ahead if we get hit, and $2,000 if we don't". >>>> >>> >>> Is what you're describing not against the law Valdis, it sure sounds >>> like >> it >>> to me. Some kind of gross negligence... >>> >>> http://legal-dictionary.thefreedictionary.com/Gross+negligence >>> http://legal-dictionary.thefreedictionary.com/negligence >>> >>> Is this what goes on at Virginia Tech on a regular basis? Maybe the >>> authorities should be looking into you a lot more while they are >>> looking into HD Moore. ;) >>> >>> I wonder if the the intelligence services thought like you before >>> 9/11 and >>> 7/7 eh...I get the feeling they did. >>> >>> For sure people like you who support this kind of activity should be >>> investigated. It sounds criminal. >>> >>> Have you ever carried out this kind of activity Valdis where you put >>> security and people at risk to make and/or save money? >>> >>> If cyber-terrorism is going to become a real threat, we don't need >>> people like Valdis around and we should sure keep track of him. >>> >>> Would you allow a cyber-9-11 to happen Valdis if there was money >involved? >>> I'm starting to become worried about you dude, maybe I should be >>> e-mailing the folks at Virginia Tech this thread, and perhaps, just >>> perhaps the F.B.I and see what they think about what you've just told me. >>> >>> You seem to be normalizing what you've just described to me as normal >>> run- of-the-mill legal activity, when it clearly isn't. >>> >>> To me what you've just described is illegal, criminal and wrong. >>> >>> All the best, >>> >>> n3td3v >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > >-- >Paul Schmehl, Senior Infosec Analyst >As if it wasn't already obvious, my opinions are my own and not those of my >employer. >******************************************* >Check the headers before clicking on Reply. > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
