RE: [Full-Disclosure] Authorities eye MSBlaster suspect

From: Chris DeVoney (cdevoney_at_u.washington.edu)
Date: 08/29/03

  • Next message: Jerry Heidtke: "RE: [Full-Disclosure] Authorities eye MSBlaster suspect" 
    To: <full-disclosure@lists.netsys.com>
Date: Fri, 29 Aug 2003 10:39:55 -0700

    On Friday, August 29, 2003 8:24 AM, Charles Ballowe wrote:
    > Interesting -- the net cost of the worm is actually a net
    > $0.00. For every penny that a company chalks up as a cost to
    > the worm, some other company must be chalking up the cost as
    > a profit from the worm.

    Forgive the comment, but that statement is very untrue. As someone else
    hinted, companies are diverting manpower from other projects to tackle the
    worm. No other company is benefitting from that expenditure.

    Then there is the case of academic and medical establishments, of which I
    can speak from experience. There were some additional costs in hiring
    contractors. But the biggest cost was the diversion of (my estimate)
    hundreds of man-weeks to analyzing, patching, remediating, mitigating these
    worms from other projects. That wasn't money lost, that was time lost. And
    the faculty, staff, students, and everyone who depends on that work loss.

    I won't go into fuller details, but because of the heavy dependence of
    computing in biotechnology and medical fields, these worms and other
    security problems have a larger societial cost. Most university medical
    research comes from fixed grants. When you are always trying make those
    limited resources stretch, diverting money and time to nonsense like this is
    very, very frustrating. These problems do delay medical research and adds to
    the cost of medical research without giving human benefits.

    I wish these misceates would consider those implications before converting a
    lab server into a warez server when they get hit with a leading-edge or rare
    illness.

    cdv

    ------------------------
    Chris DeVoney
    Clinical Research Center Informatics
    University of Washington
    cdevoney@u.washington.edu
    206-598-6816
    ------------------------

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Jerry Heidtke: "RE: [Full-Disclosure] Authorities eye MSBlaster suspect"

    Relevant Pages

    • RE: [Full-Disclosure] Authorities eye MSBlaster suspect
      ... >> a profit from the worm. ... But the biggest cost was the diversion of ... connections without taking _extremely careful and well thought through ... > the cost of medical research without giving human benefits. ...
      (Full-Disclosure)
    • Re: [Full-Disclosure] Authorities eye MSBlaster suspect
      ... IMHO is prudent to expend some overkill ... >> a profit from the worm. ... But the biggest cost was the diversion of ... > the cost of medical research without giving human benefits. ...
      (Full-Disclosure)
    • Re: computing the cost of incidents
      ... ]on computer security and in the process of reading all the interviews ... without detailing exactly what you mean by "cost" (eg are heart attacks ... caused by annoyance at stupid news articles counted as a cost?) ... And in may cases are they costs atributed to the worm or to the ...
      (comp.security.misc)
    • Re: [Full-Disclosure] Authorities eye MSBlaster suspect
      ... >must be chalking up the cost as a profit from the worm. ... money for the fact that our help desk is just flooded with ... Canada) just pile more work on their internal help desks having to clean up ...
      (Full-Disclosure)
    • RE: What firewall for small medical research lab
      ... What firewall for small medical research lab ... I have been asked to research what good, low cost, firewall solutions ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
      (Security-Basics)