shouldnt these measures been in place already? instead of rushing on a per-incident basis, you should be implimenting these things anyway. IMHO is prudent to expend some overkill during lockdown and penetration testing on a system when it is deployed or periodically tested, so there is a reduction during a per-incident basis. You still not taking responsibility to the proper party - the admin or security administrator of said computing resource. They are the ones responsible for allowing internet egress into thier networks, a known hostile environment.
get educated, take some responsibility for you high paying job, and quit trying to lay the blame elsewhere. Donnie Werner http://e2-labs.com ----- Original Message ----- From: "Chris DeVoney" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 29, 2003 10:39 AM Subject: RE: [Full-Disclosure] Authorities eye MSBlaster suspect > On Friday, August 29, 2003 8:24 AM, Charles Ballowe wrote: > > Interesting -- the net cost of the worm is actually a net > > $0.00. For every penny that a company chalks up as a cost to > > the worm, some other company must be chalking up the cost as > > a profit from the worm. > > Forgive the comment, but that statement is very untrue. As someone else > hinted, companies are diverting manpower from other projects to tackle the > worm. No other company is benefitting from that expenditure. > > Then there is the case of academic and medical establishments, of which I > can speak from experience. There were some additional costs in hiring > contractors. But the biggest cost was the diversion of (my estimate) > hundreds of man-weeks to analyzing, patching, remediating, mitigating these > worms from other projects. That wasn't money lost, that was time lost. And > the faculty, staff, students, and everyone who depends on that work loss. > > I won't go into fuller details, but because of the heavy dependence of > computing in biotechnology and medical fields, these worms and other > security problems have a larger societial cost. Most university medical > research comes from fixed grants. When you are always trying make those > limited resources stretch, diverting money and time to nonsense like this is > very, very frustrating. These problems do delay medical research and adds to > the cost of medical research without giving human benefits. > > I wish these misceates would consider those implications before converting a > lab server into a warez server when they get hit with a leading-edge or rare > illness. > > cdv > > ------------------------ > Chris DeVoney > Clinical Research Center Informatics > University of Washington > [EMAIL PROTECTED] > 206-598-6816 > ------------------------ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
