Valdis.Kletnieksvt.edu
Date: Tue Aug 05 2008 - 13:57:25 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 05 Aug 2008 18:40:32 BST, n3td3v said:

> Are you suggesting HD Moore had prior knowledge that the Austin Texas
> AT&T servers were vulnerable?

No - simply saying that either they were vulnerable, or they weren't. If
they weren't vulnerable, HD didn't have to do anything. And even if they
*were*, somebody would still have to actually *attack* them.

And even if they *got* attacked, it's quite possible that the upsides of not
bothering to do something outweighed the risks. If you estimate that the
cost (including "things you could have spent your time doing") is more than
the losses, why bother? "Even if we *got* whacked, we'd lose maybe $500. But
in the time I'd waste dealing with the issue, I could generate something that
will get us $2,000 in revenue. So if I fix it, I lose $1500, and if I ignore
it, I come out $1,500 ahead if we get hit, and $2,000 if we don't".

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

iD8DBQFImKKVcC3lWbTT17ARAqJlAJ9rbVRXecbRlURyKKCiD86T1RbZQACeLrH6
ILoheLx0d/lnU0CMIrHYzus=
=NG0z
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]