Re: [Full-disclosure] Media backlash begins against HD Moore and I)ruid

On Wed, Aug 6, 2008 at 8:15 PM, jf <jf@xxxxxxxxxxxxxxxxxxxx> wrote:
And even if they *got* attacked, it's quite possible that the upsides of not
bothering to do something outweighed the risks. If you estimate that the
cost (including "things you could have spent your time doing") is more than
the losses, why bother? "Even if we *got* whacked, we'd lose maybe $500. But
in the time I'd waste dealing with the issue, I could generate something that
will get us $2,000 in revenue. So if I fix it, I lose $1500, and if I ignore
it, I come out $1,500 ahead if we get hit, and $2,000 if we don't".

so as a student worker, thats what, like a month of your time?

The guy definitely needs wire tapped and perhaps a psychologist.
Especially when he started ranting about money and the value of human
life in relation to security. I just hope Virgina Tech and the F.B.I
get involved in montioring him for his comments, especially after the
Virginia Tech massacre and the likes. We could have a fruit ball
member of staff at the institute considering something criminal to cut
corners in cyber security... or even something murderous in real life
depending on what type of mental condition he has actually acquired to
make him talk like this.

On Tue, Aug 5, 2008 at 9:57 PM, <Valdis.Kletnieks@xxxxxx> wrote:
They calculate a "value of a life", and use it to evaluate things like
environmental and safety regulations: If a life is worth $5M, and the
regulation is projected to save 500 lives (via lower risk of cancer, fewer car
crashes, whatever), the regulation has to cost less than $2.5B to implement to
be worth it. If it costs $2B, but only saves 50 lives, that's $40M per life
and not worth it.

All the best,


Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -