[funsec] Conficker business productivity loss

Alexandre Dulaunoy a at foo.be
Wed Apr 1 05:10:06 CDT 2009


On Wed, Apr 1, 2009 at 4:38 AM, RandallM <randallm at fidmail.com> wrote:
> any numbers calculated on loss to business over this yet?

Usually the path (a formula can be deduced to calculate the cost ;-)
is the following :

- security people know about the issue and do some checks like

sudo nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns
--script-args=[un]safe=1 mylargenet/16

- discover on the /16 networks that a lot of servers and pcs are still
not patched against MS08-067

- go to the people managing stuff running Win32 and asked why a patch
released in October is still not applied

- add some random discussions about WSUS bloody design

- (funniest part) people managing Win32 stuff ask security people to
provide a parseable list (goto WSUS bloody design)

- people managing Win32 are trying to apply patches in a hurry

- some random servers,pcs... do not like the recent patches

- cleaning if you are already affected

To calculate the cost, you can set a weight/cost on action and iterate
some action based on
the numbers of system running the vulnerable operating system. After
you can make the overall
summation and add maybe an obscure "lambda" value used to make the
data weighted to something
more "realistic".

Sorry but it's funsec ;-)

adulau

-- 
--                   Alexandre Dulaunoy (adulau) -- http://www.foo.be/
--                             http://www.foo.be/cgi-bin/wiki.pl/Diary
--         "Knowledge can create problems, it is not through ignorance
--                                that we can solve them" Isaac Asimov


More information about the funsec mailing list