Full Disclosure: Re: Media backlash ... insane?

["TJ" <trejrco () gmail com>]

I'd take offense, except for that annoying ring of truth ... 
Anyway, I like to think of it more as trying to add value to an ongoing
conversation (vs anything insane).


/TJ


> -----Original Message-----
> From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-
> bounces () lists grok org uk] On Behalf Of Paul Schmehl
> Sent: Wednesday, August 06, 2008 6:14 PM
> To: full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] Media backlash begins against HD Moore and
> I)ruid
>
> Insanity == doing the same thing repeatedly and expecting a different
> result.
>
> If this is true, then
>
> Insane == responding to n3td3v.
>
> So how many on this list meet the definition of insane?
>
> --On Wednesday, August 06, 2008 15:43:39 -0400 TJ <trejrco () gmail com>
wrote:
> > Note that the costs being discussed were purely financial, and you
> > rushed headlong into adding human lives.
> > That is, to be polite (if blunt) - wrong.
> >
> > The "cost" conversation is actually how real decisions are made, in
> > the real world.
> >
> >
> >
> > /TJ
> >
> >
> > > -----Original Message-----
> > > From: full-disclosure-bounces () lists grok org uk
> > > [mailto:full-disclosure- bounces () lists grok org uk] On Behalf Of
> > > n3td3v
> > > Sent: Tuesday, August 05, 2008 3:36 PM
> > > To: full-disclosure () lists grok org uk
> > > Subject: Re: [Full-disclosure] Media backlash begins against HD Moore
> > > and I)ruid
> > >
> > > On Tue, Aug 5, 2008 at 7:57 PM,  <Valdis.Kletnieks () vt edu> wrote:
> > > > On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said:
> > > >
> > > > > Are you suggesting HD Moore had prior knowledge that the Austin
> > > > > Texas AT&T servers were vulnerable?
> > > > No - simply saying that either they were vulnerable, or they weren't.
> > > > If they weren't vulnerable, HD didn't have to do anything.  And even
> > > > if they *were*, somebody would still have to actually *attack* them.
> > > >
> > > > And even if they *got* attacked, it's quite possible that the
> > > > upsides of not bothering to do something outweighed the risks.  If
> > > > you estimate that the cost (including "things you could have spent
> > > > your time doing") is more than the losses, why bother?  "Even if we
> > > > *got* whacked, we'd lose maybe $500. But in the time I'd waste
> > > > dealing with the issue, I could generate something that will get us
> > > > $2,000 in revenue.  So if I fix it, I lose $1500, and if I ignore
> > > > it, I come out
> > > $1,500 ahead if we get hit, and $2,000 if we don't".
> > > >
> > > Is what you're describing not against the law Valdis, it sure sounds
> > > like
> > it
> > > to me. Some kind of gross negligence...
> > >
> > > http://legal-dictionary.thefreedictionary.com/Gross+negligence
> > > http://legal-dictionary.thefreedictionary.com/negligence
> > >
> > > Is this what goes on at Virginia Tech on a regular basis? Maybe the
> > > authorities should be looking into you a lot more while they are
> > > looking into HD Moore. ;)
> > >
> > > I wonder if the the intelligence services thought like you before
> > > 9/11 and
> > > 7/7 eh...I get the feeling they did.
> > >
> > > For sure people like you who support this kind of activity should be
> > > investigated. It sounds criminal.
> > >
> > > Have you ever carried out this kind of activity Valdis where you put
> > > security and people at risk to make and/or save money?
> > >
> > > If cyber-terrorism is going to become a real threat, we don't need
> > > people like Valdis around and we should sure keep track of him.
> > >
> > > Would you allow a cyber-9-11 to happen Valdis if there was money
> involved?
> > > I'm starting to become worried about you dude, maybe I should be
> > > e-mailing the folks at Virginia Tech this thread, and perhaps, just
> > > perhaps the F.B.I and see what they think about what you've just told
me.
> > > You seem to be normalizing what you've just described to me as normal
> > > run- of-the-mill legal activity, when it clearly isn't.
> > >
> > > To me what you've just described is illegal, criminal and wrong.
> > >
> > > All the best,
> > >
> > > n3td3v
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> --
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions are my own and not those of my
> employer.
> *******************************************
> Check the headers before clicking on Reply.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/