lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 4 Dec 2008 20:32:20 -0500
From: Ureleet <ureleet@...il.com>
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Project Chroma: A color code for the state
	ofcyber security

you know andrew, i couldnt have said it better.

even tho i disagree and _do_ say that estonia and georgia _were_ cyber
attacks, u make an excellent discussion.

On Thu, Dec 4, 2008 at 5:29 PM, n3td3v <xploitable@...il.com> wrote:
> On Thu, Dec 4, 2008 at 4:36 PM, Razi Shaban <razishaban@...il.com> wrote:
>> On Thu, Dec 4, 2008 at 5:03 PM, Chris Jeane <rysheve@...il.com> wrote:
>>> The Project Chroma Project website reads(I have highlighted the colors in
>>> black so that they are readable):
>>>
>>> Levels crap
>>>
>>
>> On Thu, Dec 4, 2008 at 6:28 PM, Razi Shaban <razishaban@...il.com> wrote:
>>> On Thu, Dec 4, 2008 at 6:02 PM, Chris Jeane <rysheve@...il.com> wrote:
>>>> Exactly. Which is why there is a need of a system that contains more
>>>> information and less cookie cutter levels. We still don't know what a
>>>> cyber-war looks like. One country could attack the transport/power systems
>>>> of a third party that supplies/supports their target. This is all
>>>> hypothetical, but there is a high probability of collateral damage.
>>>>
>>>
>>> You misunderstood me. What I was getting at is that your ideas,
>>> including a "cyber-war" and all this leveling, show that you are about
>>> as uninformed as n3td3v. Please take your nub spam somewhere else.
>>>
>>> --
>>> Razi Shaban
>>>
>>
>> To explain the idea of leveling: The internet is a gigantic place. No
>> matter when and from where you connect, it is out to get you, you
>> individually. Also, large-scale cyber wars are a constant thing. I am
>> aware of three very large-scale wars taking place at the moment, does
>> that increase or decrease the risk any user would be taking by
>> accessing the internet? Of course not. The concept of basing a
>> levelling system on a few organized national or private attempts to do
>> something or another is ridiculous; the Estonian attack compromised
>> less than 0.0001% of all cyber attacks during that time period.
>>
>> The matter of the fact is, attempting to take the hugely complex and
>> intricate dark side of the internet and summarize it in a color level
>> is absurd. In fact, attempting to summarize it at all is ridiculous.
>> Summarizing implies that you know everything about the topic. Anyone
>> trying to summarize this knows nothing when he/she realizes the
>> vastness of the internet.
>>
>> tl;dr : attempting to summarize the internet is less fruitful than
>> throwing ice cubes at the sun, but it requires much lesser
>> intelligence to do the first.
>>
>
> I can't believe people are still using Estonia as an example of a
> cyber attack, it was a false flag on an epic scale and so obvious to
> I.T security experts. The government have got to try harder if they
> want to convince the industry that cyber terrorism is a real threat.
> But the fact is Estonia and Georgia just weren't convincing enough at
> least for me, I don't know what others think.
>
> And the shutting down of a turbine and posting the video to CNN was
> just a joke, there was no actual evidence of how the turbine shut
> down, it could just be a man in the corner flicking a switch, there
> was no evidence of someone using a computer to shut it down, we were
> told it was a cyber attack doing it, but no proof or evidence was
> given to prove it. They didn't even have a guy with a laptop standing
> beside it or anything like that, really the government are clueless
> with it comes to cyber security and creating a convincing false flag.
>
> When it comes to power stations being shut down through computerised
> attack, I don't see the threat coming from cyber terrorism, what I see
> the threat is more is accidental infection, like the three hospitals
> in London that got shut down last month because of the MyTob worm/
> virus, the industry sit up and listen to that kind of thing and take
> it seriously (or at least I did), but they shouldn't take seriously
> Estonia, Georgia, DHS turbine videos.
>
> Cyber terrorism isn't a real threat in the climate we're in right now,
> what we should fear is accidental infection like the three hospitals
> in London. That got my attention more than Estonia, Georgia, DHS
> turbine video put together, because it was so obvious that the three
> hospitals in London was a genuine incident and not set up by the
> powers of be.
>
> We should worry more about staff competence being the main threat, not
> cyber terrorism, but mistakes made by I.T departments and accidental
> infection onto networks that are sensitive like the three hospitals in
> London.
>
> Please it just makes me cringe when I see people using Estonia as a
> way to pave political policy and setting up things. There is no cyber
> terrorism guys, there is staff incompetence and accidental infection
> that is the biggest worry for me right now, than some people in a cave
> wanting to carry out an electronic jihad.
>
> Money is wasted setting up cyber commands and other stuff, the money
> should really be spent on making sure the private and public sector
> and academia is trained to a specific standard so that the three
> hospitals incident can't happen again.
>
> As for the color code thing, thats just a load of wash and bollocks
> thats not needed, its good for businesses like Symantec and SANS to
> have alert levels, because fear is part of what they play on to make
> the money that they do.
>
> All the best,
>
> n3td3v
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ