Full Disclosure mailing list archives

Re: Authorities eye MSBlaster suspect

From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 29 Aug 2003 17:12:06 -0500

--On Friday, August 29, 2003 3:43 PM -0700 Anthony Saffer<anthony () safferconsulting com> wrote:


Sorry for just jumping in here but I couldn't resist. Certainly, you have
to admit that there is a such thing as shared responsibility and
contributory negligence. Even the law recognizes these things. Sure, it's
the coders fault for creating and releasing the worm but the
administrators do bear SOME responsibility for not being proactive and
patching their systems. There have been cases of patches being available
for 6 months to a year and a worm coming along and cleaning house. How
can anyone say that the admin isn't partially responsible?

Absolutely the admins are at least partly responsible for the damage causedto their own systems (and I would argue the greater the time since a patchwas released the more responsibility they bear) and for damage they causeto other systems. But for the worm itself? Absolutely not.

Sure, in a
perfect world, we wouldn't have to worry about patching our systems and
all would be well. But we don't live in a perfect world and every
computer admin should know how to patch his system. If he/she doesn't
then they shouldn't have their job. There is, after all, a such thing as
preventative action.

In a perfect world, admins would get to implement the practices they knowto be best for their organization. We don't live in a perfect world.Oftentimes admins' hands are tied by the decision makers who control thepurse strings.

We still have infected hosts in the student apartments. Would you blamethe admins for that? By law they are not allowed to support the students'personal computers. The best they can do is deny them network access untilthey're fixed. So the damage is limited to our network and doesn't go outto the world. Yet you would have them fired for incompetence. The adminsknow exactly what to do to protect a system. In this case they aren'tallowed to do it.

Yet, if the worm writer hadn't released the worm, the problem wouldn't evenexist, would it?


Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Authorities eye MSBlaster suspect, (continued)
- - - RE: Authorities eye MSBlaster suspect Nick FitzGerald (Aug 29)
    - Re: Authorities eye MSBlaster suspect Mike Tancsa (Aug 29)
- RE: Authorities eye MSBlaster suspect Rainer Gerhards (Aug 29)
- RE: Authorities eye MSBlaster suspect Schmehl, Paul L (Aug 29)
- RE: Authorities eye MSBlaster suspect Jerry Heidtke (Aug 29)
  - Re: Authorities eye MSBlaster suspect Jeremiah Cornelius (Aug 29)
- RE: Authorities eye MSBlaster suspect Schmehl, Paul L (Aug 29)
  - Re: Authorities eye MSBlaster suspect morning_wood (Aug 29)
- RE: Authorities eye MSBlaster suspect Schmehl, Paul L (Aug 29)
  - Re: Authorities eye MSBlaster suspect Anthony Saffer (Aug 29)
    - Re: Authorities eye MSBlaster suspect Paul Schmehl (Aug 29)
    - Re: Authorities eye MSBlaster suspect Michael D Schleif (Aug 29)
  - Re: Authorities eye MSBlaster suspect morning_wood (Aug 29)
    - RE: Authorities eye MSBlaster suspect Steve Wray (Aug 29)
    - Re: Authorities eye MSBlaster suspect Jeremiah Cornelius (Aug 29)
  - RE: Authorities eye MSBlaster suspect Jason Coombs (Aug 29)
  - RE: Authorities eye MSBlaster suspect Jason Coombs (Aug 29)
  - RE: Authorities eye MSBlaster suspect Jason Coombs (Aug 29)
  - RE: Authorities eye MSBlaster suspect Jason Coombs (Aug 29)
    - RE: Authorities eye MSBlaster suspect Paul Schmehl (Aug 29)
  - RE: Authorities eye MSBlaster suspect Jason Coombs (Aug 29)

(Thread continues...)