RE: [Full-Disclosure] Authorities eye MSBlaster suspect
From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 08/30/03
- Previous message: Drew Copley: "RE: [Full-Disclosure] JAP back doored"
- In reply to: Chris DeVoney: "RE: [Full-Disclosure] Authorities eye MSBlaster suspect"
- Next in thread: Mike Tancsa: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Sat, 30 Aug 2003 12:43:59 +1200
"Chris DeVoney" <cdevoney@u.washington.edu> wrote:
> On Friday, August 29, 2003 8:24 AM, Charles Ballowe wrote:
> > Interesting -- the net cost of the worm is actually a net
> > $0.00. For every penny that a company chalks up as a cost to
> > the worm, some other company must be chalking up the cost as
> > a profit from the worm.
>
> Forgive the comment, but that statement is very untrue. As someone else
> hinted, companies are diverting manpower from other projects to tackle the
> worm. No other company is benefitting from that expenditure.
Wrong.
In at least some of those cases those "extra" resources are simply
hastily applying the fixes and better preventative measures that should
already have been applied or in place. Thus the _rest of the Internet_
benefits from that expenditure and therefore the site being fixed not
only directly benefits (it will no longer be vulnerable to attack
through this and related and highly obvious, even if not previously
used in exploits against it, mechanisms) but indirectly (through its
efforts and those on other previously inadequately configured systems,
the Internet as a whole is a better place, meaning it is a better place
for this site too).
> Then there is the case of academic and medical establishments, of which I
> can speak from experience. There were some additional costs in hiring
> contractors. But the biggest cost was the diversion of (my estimate)
> hundreds of man-weeks to analyzing, patching, remediating, mitigating these
> worms from other projects. That wasn't money lost, that was time lost. And
> the faculty, staff, students, and everyone who depends on that work loss.
...which clearly was never suitably factored into the initial design,
roll-out and ongoing management of the systems in those establishments.
If they paid out big now to fix this "one-off" (yeah, right...)
incident, why did they not pay the little more up front to ensure they
had well-designed, properly secured and easily managed systems that
would have _prevented_ all those losses you are now bleating about?
Why not? Simple -- they decided it was better to save a few grand and
get four more PCs (or a couple of kick-arse systems to slake the sys-
admins thirsts for Quake, or whatever...).
False economy. Always was, always is and always will be.
Do it once, do it right.
There was no rocket science in being prepared to be anything other than
mildly inconvenienced by Blaster -- sure, "outside" machines or
machines with outside network connections that are also inside your
site can be a hassle, but quality network gear allowing you to turn
those machines off outlet by outlet is available and has been forever
(though again, yes it costs a few bucks more up-front). Further, as
such paths have always been stupefyingly obvious entrance points for
this kind of "attack", protecting against them should always have been
factored into the design and thus not be something to be hand-wringing
over after the latest attack.
> I won't go into fuller details, but because of the heavy dependence of
> computing in biotechnology and medical fields, these worms and other
> security problems have a larger societial cost. ....
Which _surely_ raises questions about the sanity of anyone who would
consider connecting such critical stuff to a sewer of a network like
"the Internet as we have it", and doubly so to actually make such
connections without taking _extremely careful and well thought through
protective measures.
It also raises serious questions about the sanity of the funding
processes and groups that dole out the money driving these projects.
> ... Most university medical
> research comes from fixed grants. When you are always trying make those
> limited resources stretch, diverting money and time to nonsense like this is
> very, very frustrating. These problems do delay medical research and adds to
> the cost of medical research without giving human benefits.
Which makes it all the more imperative that the tax dollars funding you
are deployed to best effect _up front_ rather than inefficiently and
all topsy turvy when half the campus is running around like chooks with
their heads cut off, no??
> I wish these misceates would consider those implications before converting a
> lab server into a warez server when they get hit with a leading-edge or rare
> illness.
Yeah, right, don't we all
In the meantime however, the US tax payers expect you (I don't mean you
personally, more "you, the IT staff at such institutions collectively")
to do something more effective with the "contributions" they make...
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Drew Copley: "RE: [Full-Disclosure] JAP back doored"
- In reply to: Chris DeVoney: "RE: [Full-Disclosure] Authorities eye MSBlaster suspect"
- Next in thread: Mike Tancsa: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
