lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030730094305.X11114-100000@dekadens.ghettot.org>
From: lcamtuf at ghettot.org (Michal Zalewski)
Subject: Avoiding being a good admin - was DCOM RPC
 exploit  (dcom.c)

On Tue, 29 Jul 2003, Andy Wood wrote:

> You're absolutely kidding, right?  Downtime doesn't equate to $$$? How
> wrong can that mentality be?  I've seen it first hand without a worm
> (well, an worthless admin...the same destructive tendencies as a
> worm)....one system down costing over a hundred thousand because all the
> people that flew in across the US and various parts of the world could
> not be given a presentation to do what?  Oh so they could pitch why they
> should be the ones to build the next generation Aircraft Carrier for the
> US navy.

I think you have misunderstood my post. I'm not trying to claim that
outages do not mean losses. But I do oppose the bogus logic of multiplying
an average salary by an average number of employees by the number of
affected companies to estimate losses.

I explictly stated that cases like the one you quote happen. But they are
either limited to specific projects, teams, or specific businesses.
Outages mean losses, but it's not automatically a total and unrecoverable
loss of all productivity of all employees.

> As far as less than 100% efficiency....well that's a loss that can be
> traced to the computer these days....ebay, espn, news, chat,
> games...nothing new.

It appears to me that you've missed the point. Once again, I suggest
reading the original message... You are of course welcome to disagree,
but I would feel somewhat better if you could disagree with what I stated,
not with an outrageous concept I've never stated and you're trying to
imply I had in mind.

That said, I don't really want to start a flame war. I stated my point of
view, I can accept that others find it flawed.

Cheers!

-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2003-07-30 09:43 --


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ