lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: cdevoney at u.washington.edu (Chris DeVoney)
Subject: Authorities eye MSBlaster suspect

On Friday, August 29, 2003 8:24 AM, Charles Ballowe wrote:
> Interesting -- the net cost of the worm is actually a net 
> $0.00. For every penny that a company chalks up as a cost to 
> the worm, some other company must be chalking up the cost as 
> a profit from the worm. 

Forgive the comment, but that statement is very untrue. As someone else
hinted, companies are diverting manpower from other projects to tackle the
worm. No other company is benefitting from that expenditure.

Then there is the case of academic and medical establishments, of which I
can speak from experience. There were some additional costs in hiring
contractors. But the biggest cost was the diversion of (my estimate)
hundreds of man-weeks to analyzing, patching, remediating, mitigating these
worms from other projects. That wasn't money lost, that was time lost. And
the faculty, staff, students, and everyone who depends on that work loss.

I won't go into fuller details, but because of the heavy dependence of
computing in biotechnology and medical fields, these worms and other
security problems have a larger societial cost. Most university medical
research comes from fixed grants. When you are always trying make those
limited resources stretch, diverting money and time to nonsense like this is
very, very frustrating. These problems do delay medical research and adds to
the cost of medical research without giving human benefits. 

I wish these misceates would consider those implications before converting a
lab server into a warez server when they get hit with a leading-edge or rare
illness. 

cdv

------------------------
Chris DeVoney
Clinical Research Center Informatics
University of Washington
cdevoney@...ashington.edu
206-598-6816 
------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ