RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c)

["Andy Wood" <andy () digitalindustry org>]

        You're absolutely kidding, right?  Downtime doesn't equate to $$$?
How wrong can that mentality be?  I've seen it first hand without a worm
(well, an worthless admin...the same destructive tendencies as a
worm)....one system down costing over a hundred thousand because all the
people that flew in across the US and various parts of the world could not
be given a presentation to do what?  Oh so they could pitch why they should
be the ones to build the next generation Aircraft Carrier for the US navy.
Perhaps we should doc the techs pay for that one, 'eh?   That was one
incident for 1 company.  The loss isn't about Susie not being able to open a
word doc that's on a downed server, that costs nadda.  It is about the
larger, more hidden costs.....airfare, hotels, meals, other rentals, etc.

        As far as less than 100% efficiency....well that's a loss that can
be traced to the computer these days....ebay, espn, news, chat,
games...nothing new.  Increased bandwidth costs due to streaming, surfing,
downloads...and it's money to fix those as well that companies don't want to
spend.  And the FUD you talk about is reality.  When the load gets heavier
and heavier to fix you need another and possibly another tech.  If you don't
calc the imaginary $$ into the big pic where does the budget come from to
hire the additional talent?  Which is probably necessary as companies pay
techs enough just to keep them disgruntled, and let's be honest....a tech
with 100% efficiency?  hardy har har.  They're too busy surfing for the
greener grass, or greener money as it be...'cause this job sucks (little do
they know it's them).

        So your 25, 50, 100 person office may not get the $$$ hit, but your
big companies feel it in ways that techs tend not to understand, as the CFO
is typically clueless about routing.

        Andy  


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Michal Zalewski
Sent: Tuesday, July 29, 2003 2:50 PM
To: Jason
Cc: full-disclosure () lists netsys com

On Tue, 29 Jul 2003, Jason wrote:

> Given a conservative half a day downtime for only 100,000 of the more 
> likely 150,000 employees at a very conservative average burden of $10 
> per hour you have spent $4,000,000 in productivity losses alone. This 
> completely ignores costs like lost data, lost confidence, work that 
> has to be redone...

A-ha, so all of the 150,000 employees maintain a constant rate of
"productivity", and are at a hundred percent of their output capacity, so
that a downtime will cause an irreversible loss they cannot compensate for
by skipping one coffee break after an incident (incidents like this occuring
not particularly often)? And all perform a work that will be disrupted by an
outage?

As far as I can tell, there are some rare cases in a corporate
infrastructure where an outage can cause a measurable loss by deferring
certain processes that indeed can't be compensated for, either due to a lack
of output capacity, or because the availability is in fact the product.

But those cases are either limited to specific businesses (that have a
process for a product), very localized (to a single or a couple of teams),
or happen sporadically (whenever there's a big push for a new release or
such). Most of the workers, most of the time in most of businesses are able
to assimilate any delays resulting of an outage because the very nature of
most office jobs is that they do not mean a constant and non-manageable work
load and performance requirements. Some do - but that's an exception, not a
rule.

As such, an incident can cause losses to some, if they are in a specific
situation or in a specific business. But saying that a worm (or anything
else) caused number_of_computers * average_sysadmin_pay * hours_to_fix = ten
bazillion dollars of losses to the industry is just silly and is nothing
more than FUD.

For most companies, an incident like this once in a while is just an
inconvenience. For that reason, they would not consider spending enormous
amounts of money on a better staffed and better educated IT department and
constant monitoring of the threats. Worm comes, worm goes, big deal.

--
------------------------- bash$ :(){ :|:&};: --  Michal Zalewski *
[http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2003-07-29 20:32 --

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html