| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Law11-OE510g1XbIv1v00001db2@hotmail.com> From: se_cur_ity at hotmail.com (morning_wood) Subject: Authorities eye MSBlaster suspect shouldnt these measures been in place already? instead of rushing on a per-incident basis, you should be implimenting these things anyway. IMHO is prudent to expend some overkill during lockdown and penetration testing on a system when it is deployed or periodically tested, so there is a reduction during a per-incident basis. You still not taking responsibility to the proper party - the admin or security administrator of said computing resource. They are the ones responsible for allowing internet egress into thier networks, a known hostile environment. get educated, take some responsibility for you high paying job, and quit trying to lay the blame elsewhere. Donnie Werner http://e2-labs.com ----- Original Message ----- From: "Chris DeVoney" <cdevoney@...ashington.edu> To: <full-disclosure@...ts.netsys.com> Sent: Friday, August 29, 2003 10:39 AM Subject: RE: [Full-Disclosure] Authorities eye MSBlaster suspect > On Friday, August 29, 2003 8:24 AM, Charles Ballowe wrote: > > Interesting -- the net cost of the worm is actually a net > > $0.00. For every penny that a company chalks up as a cost to > > the worm, some other company must be chalking up the cost as > > a profit from the worm. > > Forgive the comment, but that statement is very untrue. As someone else > hinted, companies are diverting manpower from other projects to tackle the > worm. No other company is benefitting from that expenditure. > > Then there is the case of academic and medical establishments, of which I > can speak from experience. There were some additional costs in hiring > contractors. But the biggest cost was the diversion of (my estimate) > hundreds of man-weeks to analyzing, patching, remediating, mitigating these > worms from other projects. That wasn't money lost, that was time lost. And > the faculty, staff, students, and everyone who depends on that work loss. > > I won't go into fuller details, but because of the heavy dependence of > computing in biotechnology and medical fields, these worms and other > security problems have a larger societial cost. Most university medical > research comes from fixed grants. When you are always trying make those > limited resources stretch, diverting money and time to nonsense like this is > very, very frustrating. These problems do delay medical research and adds to > the cost of medical research without giving human benefits. > > I wish these misceates would consider those implications before converting a > lab server into a warez server when they get hit with a leading-edge or rare > illness. > > cdv > > ------------------------ > Chris DeVoney > Clinical Research Center Informatics > University of Washington > cdevoney@...ashington.edu > 206-598-6816 > ------------------------ >
Powered by blists - more mailing lists