Re: [Full-Disclosure] Authorities eye MSBlaster suspect

• Previous message: gml: "RE: [Full-Disclosure] MsBlaster Source?"
• In reply to: morning_wood: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
• Next in thread: Byron Copeland: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
• Reply: Byron Copeland: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
• Reply: Paul Schmehl: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
• Reply: Darren Reed: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: morning_wood <se_cur_ity@hotmail.com>
Date: Fri, 29 Aug 2003 19:13:50 -0400

On Fri, 29 Aug 2003 14:46:32 PDT, morning_wood said:
> >And has it occurred to you that *MAYBE* his "high paying job" would
> >be more productive if he wasn't spending most of his time having to deal with
> >people breaking in, either proactively or reactively??
>
> that is his job

You're totally missing the point.

If I'm doing security 30 hours a week, that's 30 hours a week I'm not available
for other things.

That's 30 hours I'm not spending helping do network performance tuning for the
mail server. I'm sure the 70,000 users of the mail server would prefer that
I was able to do that instead.

That's 30 hours I'm not spending designing a new, more featureful print
management system. I'm sure the people who get print jobs that we need
to keep running (accounts receivable, invoices, purchase orders, etc) would prefer
I was able to do that instead.

That's 30 hours I'm not spending diagnosing compiler and kernel bugs. I'm sure
the researcher who has a $2M grant project dead in the water would prefer I was
able to do that instead.

That's 30 hours I'm not spending working on a way to migrate users from Windows to Linux.
I'm sure the people who are looking at a $500K/year bill for Microsoft licenses (and want
a way to save money) would prefer I was able to do that instead.

That's 30 hours I'm not spending deploying a new release of Listserv that has
features that my users are asking for. I'm sure that many of the users on our
6,023 lists would prefer I was able to do that instead.

You starting to see a pattern here?

And yes, those are *ALL* things that are *part of* "my job". Many of them are
things I'd enjoy doing more. All of them are things that would provide more *direct*
benefit to my site than "doing security".

And you can't weasel out by saying "Hire somebody else to do that other stuff" or
"hire somebody else to do security" - the point is that if we did hire somebody else,
then we'd only have 1 person of the 2 available for productive work. If we didn't
have to keep spending resources on security, BOTH people would be available then.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• application/pgp-signature attachment: stored

• Previous message: gml: "RE: [Full-Disclosure] MsBlaster Source?"
• In reply to: morning_wood: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
• Next in thread: Byron Copeland: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
• Reply: Byron Copeland: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
• Reply: Paul Schmehl: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
• Reply: Darren Reed: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]