[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
- To: "Chris DeVoney" <cdevoney@u.washington.edu>, <full-disclosure@lists.netsys.com>
- Subject: Re: [Full-Disclosure] Authorities eye MSBlaster suspect
- From: "morning_wood" <se_cur_ity@hotmail.com>
- Date: Fri, 29 Aug 2003 12:22:19 -0700
shouldnt these measures been in place already?
instead of rushing on a per-incident basis, you should be implimenting
these things anyway. IMHO is prudent to expend some overkill
during lockdown and penetration testing on a system when
it is deployed or periodically tested, so there is a reduction
during a per-incident basis. You still not taking responsibility
to the proper party - the admin or security administrator
of said computing resource. They are the ones responsible
for allowing internet egress into thier networks, a known hostile
environment.
get educated, take some responsibility for you high paying job,
and quit trying to lay the blame elsewhere.
Donnie Werner
http://e2-labs.com
----- Original Message -----
From: "Chris DeVoney" <cdevoney@u.washington.edu>
To: <full-disclosure@lists.netsys.com>
Sent: Friday, August 29, 2003 10:39 AM
Subject: RE: [Full-Disclosure] Authorities eye MSBlaster suspect
> On Friday, August 29, 2003 8:24 AM, Charles Ballowe wrote:
> > Interesting -- the net cost of the worm is actually a net
> > $0.00. For every penny that a company chalks up as a cost to
> > the worm, some other company must be chalking up the cost as
> > a profit from the worm.
>
> Forgive the comment, but that statement is very untrue. As someone else
> hinted, companies are diverting manpower from other projects to tackle the
> worm. No other company is benefitting from that expenditure.
>
> Then there is the case of academic and medical establishments, of which I
> can speak from experience. There were some additional costs in hiring
> contractors. But the biggest cost was the diversion of (my estimate)
> hundreds of man-weeks to analyzing, patching, remediating, mitigating these
> worms from other projects. That wasn't money lost, that was time lost. And
> the faculty, staff, students, and everyone who depends on that work loss.
>
> I won't go into fuller details, but because of the heavy dependence of
> computing in biotechnology and medical fields, these worms and other
> security problems have a larger societial cost. Most university medical
> research comes from fixed grants. When you are always trying make those
> limited resources stretch, diverting money and time to nonsense like this is
> very, very frustrating. These problems do delay medical research and adds to
> the cost of medical research without giving human benefits.
>
> I wish these misceates would consider those implications before converting a
> lab server into a warez server when they get hit with a leading-edge or rare
> illness.
>
> cdv
>
> ------------------------
> Chris DeVoney
> Clinical Research Center Informatics
> University of Washington
> cdevoney@u.washington.edu
> 206-598-6816
> ------------------------
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html