Full Disclosure mailing list archives
RE: Authorities eye MSBlaster suspect
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 30 Aug 2003 12:43:59 +1200
"Chris DeVoney" <cdevoney () u washington edu> wrote:
On Friday, August 29, 2003 8:24 AM, Charles Ballowe wrote:Interesting -- the net cost of the worm is actually a net $0.00. For every penny that a company chalks up as a cost to the worm, some other company must be chalking up the cost as a profit from the worm.Forgive the comment, but that statement is very untrue. As someone else hinted, companies are diverting manpower from other projects to tackle the worm. No other company is benefitting from that expenditure.
Wrong. In at least some of those cases those "extra" resources are simply hastily applying the fixes and better preventative measures that should already have been applied or in place. Thus the _rest of the Internet_ benefits from that expenditure and therefore the site being fixed not only directly benefits (it will no longer be vulnerable to attack through this and related and highly obvious, even if not previously used in exploits against it, mechanisms) but indirectly (through its efforts and those on other previously inadequately configured systems, the Internet as a whole is a better place, meaning it is a better place for this site too).
Then there is the case of academic and medical establishments, of which I can speak from experience. There were some additional costs in hiring contractors. But the biggest cost was the diversion of (my estimate) hundreds of man-weeks to analyzing, patching, remediating, mitigating these worms from other projects. That wasn't money lost, that was time lost. And the faculty, staff, students, and everyone who depends on that work loss.
...which clearly was never suitably factored into the initial design, roll-out and ongoing management of the systems in those establishments. If they paid out big now to fix this "one-off" (yeah, right...) incident, why did they not pay the little more up front to ensure they had well-designed, properly secured and easily managed systems that would have _prevented_ all those losses you are now bleating about? Why not? Simple -- they decided it was better to save a few grand and get four more PCs (or a couple of kick-arse systems to slake the sys- admins thirsts for Quake, or whatever...). False economy. Always was, always is and always will be. Do it once, do it right. There was no rocket science in being prepared to be anything other than mildly inconvenienced by Blaster -- sure, "outside" machines or machines with outside network connections that are also inside your site can be a hassle, but quality network gear allowing you to turn those machines off outlet by outlet is available and has been forever (though again, yes it costs a few bucks more up-front). Further, as such paths have always been stupefyingly obvious entrance points for this kind of "attack", protecting against them should always have been factored into the design and thus not be something to be hand-wringing over after the latest attack.
I won't go into fuller details, but because of the heavy dependence of computing in biotechnology and medical fields, these worms and other security problems have a larger societial cost. ....
Which _surely_ raises questions about the sanity of anyone who would consider connecting such critical stuff to a sewer of a network like "the Internet as we have it", and doubly so to actually make such connections without taking _extremely careful and well thought through protective measures. It also raises serious questions about the sanity of the funding processes and groups that dole out the money driving these projects.
... Most university medical research comes from fixed grants. When you are always trying make those limited resources stretch, diverting money and time to nonsense like this is very, very frustrating. These problems do delay medical research and adds to the cost of medical research without giving human benefits.
Which makes it all the more imperative that the tax dollars funding you are deployed to best effect _up front_ rather than inefficiently and all topsy turvy when half the campus is running around like chooks with their heads cut off, no??
I wish these misceates would consider those implications before converting a lab server into a warez server when they get hit with a leading-edge or rare illness.
Yeah, right, don't we all In the meantime however, the US tax payers expect you (I don't mean you personally, more "you, the IT staff at such institutions collectively") to do something more effective with the "contributions" they make... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Authorities eye MSBlaster suspect (long reply), (continued)
- Re: Authorities eye MSBlaster suspect (long reply) Paul Schmehl (Aug 29)
- Re: Authorities eye MSBlaster suspect Valdis . Kletnieks (Aug 29)
- Re: Authorities eye MSBlaster suspect morning_wood (Aug 29)
- Re: Authorities eye MSBlaster suspect Valdis . Kletnieks (Aug 29)
- Re: Authorities eye MSBlaster suspect Paul Schmehl (Aug 29)
- My life sucks - was Re: Authorities eye MSBlaster suspect security () brvenik com (Aug 29)
- Re: Authorities eye MSBlaster suspect Larry W. Cashdollar (Aug 30)
- Re: Authorities eye MSBlaster suspect Byron Copeland (Aug 29)
- Re: Authorities eye MSBlaster suspect Valdis . Kletnieks (Aug 31)
- Re: Authorities eye MSBlaster suspect Darren Reed (Aug 30)
- RE: Authorities eye MSBlaster suspect Nick FitzGerald (Aug 29)
- Re: Authorities eye MSBlaster suspect Mike Tancsa (Aug 29)
- Re: Authorities eye MSBlaster suspect Jeremiah Cornelius (Aug 29)
- Re: Authorities eye MSBlaster suspect morning_wood (Aug 29)
- Re: Authorities eye MSBlaster suspect Anthony Saffer (Aug 29)
- Re: Authorities eye MSBlaster suspect Paul Schmehl (Aug 29)