Full Disclosure mailing list archives
Re: Authorities eye MSBlaster suspect
From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 29 Aug 2003 17:12:06 -0500
--On Friday, August 29, 2003 3:43 PM -0700 Anthony Saffer <anthony () safferconsulting com> wrote:
Sorry for just jumping in here but I couldn't resist. Certainly, you have to admit that there is a such thing as shared responsibility and contributory negligence. Even the law recognizes these things. Sure, it's the coders fault for creating and releasing the worm but the administrators do bear SOME responsibility for not being proactive and patching their systems. There have been cases of patches being available for 6 months to a year and a worm coming along and cleaning house. How can anyone say that the admin isn't partially responsible?
Absolutely the admins are at least partly responsible for the damage caused to their own systems (and I would argue the greater the time since a patch was released the more responsibility they bear) and for damage they cause to other systems. But for the worm itself? Absolutely not.
In a perfect world, admins would get to implement the practices they know to be best for their organization. We don't live in a perfect world. Oftentimes admins' hands are tied by the decision makers who control the purse strings.Sure, in a perfect world, we wouldn't have to worry about patching our systems and all would be well. But we don't live in a perfect world and every computer admin should know how to patch his system. If he/she doesn't then they shouldn't have their job. There is, after all, a such thing as preventative action.
We still have infected hosts in the student apartments. Would you blame the admins for that? By law they are not allowed to support the students' personal computers. The best they can do is deny them network access until they're fixed. So the damage is limited to our network and doesn't go out to the world. Yet you would have them fired for incompetence. The admins know exactly what to do to protect a system. In this case they aren't allowed to do it.
Yet, if the worm writer hadn't released the worm, the problem wouldn't even exist, would it?
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Authorities eye MSBlaster suspect, (continued)
- RE: Authorities eye MSBlaster suspect Nick FitzGerald (Aug 29)
- Re: Authorities eye MSBlaster suspect Mike Tancsa (Aug 29)
- RE: Authorities eye MSBlaster suspect Rainer Gerhards (Aug 29)
- RE: Authorities eye MSBlaster suspect Schmehl, Paul L (Aug 29)
- RE: Authorities eye MSBlaster suspect Jerry Heidtke (Aug 29)
- Re: Authorities eye MSBlaster suspect Jeremiah Cornelius (Aug 29)
- RE: Authorities eye MSBlaster suspect Schmehl, Paul L (Aug 29)
- Re: Authorities eye MSBlaster suspect morning_wood (Aug 29)
- RE: Authorities eye MSBlaster suspect Schmehl, Paul L (Aug 29)
- Re: Authorities eye MSBlaster suspect Anthony Saffer (Aug 29)
- Re: Authorities eye MSBlaster suspect Paul Schmehl (Aug 29)
- Re: Authorities eye MSBlaster suspect Michael D Schleif (Aug 29)
- Re: Authorities eye MSBlaster suspect Anthony Saffer (Aug 29)
- Re: Authorities eye MSBlaster suspect morning_wood (Aug 29)
- RE: Authorities eye MSBlaster suspect Steve Wray (Aug 29)
- Re: Authorities eye MSBlaster suspect Jeremiah Cornelius (Aug 29)
- RE: Authorities eye MSBlaster suspect Jason Coombs (Aug 29)
- RE: Authorities eye MSBlaster suspect Jason Coombs (Aug 29)
- RE: Authorities eye MSBlaster suspect Jason Coombs (Aug 29)
- RE: Authorities eye MSBlaster suspect Jason Coombs (Aug 29)
- RE: Authorities eye MSBlaster suspect Paul Schmehl (Aug 29)
- RE: Authorities eye MSBlaster suspect Jason Coombs (Aug 29)