Full Disclosure mailing list archives

RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c)

From: Michal Zalewski <lcamtuf () ghettot org>
Date: Wed, 30 Jul 2003 09:48:23 +0200 (CEST)

On Tue, 29 Jul 2003, Andy Wood wrote:

You're absolutely kidding, right?  Downtime doesn't equate to $$$? How
wrong can that mentality be?  I've seen it first hand without a worm
(well, an worthless admin...the same destructive tendencies as a
worm)....one system down costing over a hundred thousand because all the
people that flew in across the US and various parts of the world could
not be given a presentation to do what?  Oh so they could pitch why they
should be the ones to build the next generation Aircraft Carrier for the
US navy.


I think you have misunderstood my post. I'm not trying to claim that
outages do not mean losses. But I do oppose the bogus logic of multiplying
an average salary by an average number of employees by the number of
affected companies to estimate losses.

I explictly stated that cases like the one you quote happen. But they are
either limited to specific projects, teams, or specific businesses.
Outages mean losses, but it's not automatically a total and unrecoverable
loss of all productivity of all employees.

As far as less than 100% efficiency....well that's a loss that can be
traced to the computer these days....ebay, espn, news, chat,
games...nothing new.


It appears to me that you've missed the point. Once again, I suggest
reading the original message... You are of course welcome to disagree,
but I would feel somewhat better if you could disagree with what I stated,
not with an outrageous concept I've never stated and you're trying to
imply I had in mind.

That said, I don't really want to start a flame war. I stated my point of
view, I can accept that others find it flawed.

Cheers!

-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2003-07-30 09:43 --

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c), (continued)
- - - RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Bojan Zdrnja (Jul 30)
    - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) yossarian (Jul 30)
    - RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 30)
    - RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Bojan Zdrnja (Jul 31)
    - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 29)
    - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Scott M. Algatt (Jul 29)
    - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Larry W. Cashdollar (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Michal Zalewski (Jul 29)
  - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
  - RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Andy Wood (Jul 29)
    - RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Michal Zalewski (Jul 30)