RE: Authorities eye MSBlaster suspect

["Henry, Christopher M." <chenry () radiologycorp com>]

First of all as any admin or security person would know it is a pain in
the ass trying to close all the possible point of infections on a real
network.  When your company is nation wide and you have mobile
users/remote offices/clients who connect via vpn/ptp/frame relay into
your network...why don't you try to get in contact with everyone and
patch all the PCs. There is just so much you can do, but in the end you
can only hope that everyone paid attention to the emails you sent out
and applied the patches that you shipped out to them. Blaming the
victims is not the thing to do, after all they are just the innocent
computer user. It doesn't matter what Micro$oft did or didn't do, they
are not the ones who wrote the worm and I bet the admin in the high
paying job didn't write it either.

As I said you try being the admin of a network larger than a match box
and you will see how "easy" it is to secure.


-----Original Message-----
From: morning_wood [mailto:se_cur_ity () hotmail com] 
Sent: Friday, August 29, 2003 3:22 PM
To: Chris DeVoney; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Authorities eye MSBlaster suspect


shouldnt these measures been in place already?
instead of rushing on a per-incident basis, you should be implimenting
these things anyway. IMHO is prudent to expend some overkill during
lockdown and penetration testing on a system when it is deployed or
periodically tested, so there is a reduction during a per-incident
basis. You still not taking responsibility to the proper party - the
admin or security administrator of said computing resource. They are the
ones responsible for allowing internet egress into thier networks, a
known hostile environment. 

get educated, take some responsibility for you high paying job, 
and quit trying to lay the blame elsewhere.

Donnie Werner
http://e2-labs.com 






----- Original Message ----- 
From: "Chris DeVoney" <cdevoney () u washington edu>
To: <full-disclosure () lists netsys com>
Sent: Friday, August 29, 2003 10:39 AM
Subject: RE: [Full-disclosure] Authorities eye MSBlaster suspect


> On Friday, August 29, 2003 8:24 AM, Charles Ballowe wrote:
> > Interesting -- the net cost of the worm is actually a net
> > $0.00. For every penny that a company chalks up as a cost to 
> > the worm, some other company must be chalking up the cost as 
> > a profit from the worm. 
>
> Forgive the comment, but that statement is very untrue. As someone 
> else hinted, companies are diverting manpower from other projects to 
> tackle the worm. No other company is benefitting from that 
> expenditure.
>
> Then there is the case of academic and medical establishments, of 
> which I can speak from experience. There were some additional costs in

> hiring contractors. But the biggest cost was the diversion of (my 
> estimate) hundreds of man-weeks to analyzing, patching, remediating, 
> mitigating these worms from other projects. That wasn't money lost, 
> that was time lost. And the faculty, staff, students, and everyone who

> depends on that work loss.
>
> I won't go into fuller details, but because of the heavy dependence of

> computing in biotechnology and medical fields, these worms and other 
> security problems have a larger societial cost. Most university 
> medical research comes from fixed grants. When you are always trying 
> make those limited resources stretch, diverting money and time to 
> nonsense like this is very, very frustrating. These problems do delay 
> medical research and adds to the cost of medical research without 
> giving human benefits.
>
> I wish these misceates would consider those implications before 
> converting a lab server into a warez server when they get hit with a 
> leading-edge or rare illness.
>
> cdv
>
> ------------------------
> Chris DeVoney
> Clinical Research Center Informatics
> University of Washington
> cdevoney () u washington edu
> 206-598-6816
> ------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html