lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 4 Dec 2008 15:15:21 +0000
From: "James Rankin" <kz20fl@...glemail.com>
To: "Chris Jeane" <rysheve@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, vulcanius@...il.com
Subject: Re: Project Chroma: A color code for the state
	ofcyber security

"full-blown cyber war"

This indicates that Mike C is N3tN00b, and is also about to join him on the
spam filter. Flame away, cos I won't hear you Mike/N3tty

2008/12/4 Chris Jeane <rysheve@...il.com>

> The Project Chroma Project website reads(I have highlighted the colors in
> black so that they are readable):
>
> *Green level: There is negligible threat to online security.
> *
> Ok this one is pretty simple.*
>
> Yellow level : There is a minimal level of threat, and this must be
> monitored and contained.
> *
> The SAN ISC says : "We are currently *tracking* a significant new threat.
> The impact is either unknown or expected to be minor to the infrastructure.
> However, local impact could be significant. Users are advised to take
> immediate specific *action to contain* the impact."
> You are giving an abbreviation version of something that already exists and
> is excepted.
>
> *Orange level: This level of threat indicates there are parties who are
> actively engaging in cyber-warfare. Caution is required when online.
> *
> Caution is *always* required when online. If you are in an area
> (country/province/region) that is affected by cyber attacks you will have
> limited/no access the internet. If only your company/person is being
> assaulted from cyberspace the attack would probably go unnoticed by this
> monitoring system. If the attackers were commiting a DDOS attack on several
> specific non-infastructure targets, you internet access my slow/go dark, but
> is that really a threat to you? or one you can protect agianst?
>
> *Red level: This level indicates a full blown cyber-war. It indicates
> very high probability of all communications being intercepted.
> *
> The use of the term 'full blown cyber-war' seems like a overarching scare
> tactic. We have yet to see what cyber-warfare looks like. Estonia was a one
> sided cyber ambush, not two entites engaging in war. The alerts should be
> more generic and accompanied by an acessment of the actual *current *situation.
> If something like 'Code Red' where to infect the internet agian this alert
> calling it cyber-war would be a misnomer.*
>
> While homeland security's implementation does not seem to have a real
> world merit, such a threat level would certainly be very useful in the
> online security realm.
> *
> Who is this useful to: Security processionals, end users, governmental
> agencies? How and why as similar systems already exist?*
>
> Please disseminate this announcement of the
> project Chroma levels for online security. The immediate mission of
> the project is to be picked up by the antivirus and security tools
> vendors, so as to add the color codes to their products and provide
> users with a tangible measure of their online security.
> *
> Yellow is not a tangible measure of their online security. If perhaps an
> Online Security/IPS package knew that a DDoS attack was coming for an
> address segment of the internet and it requested that I block traffic from
> those attackers until an all clear or *Green *
> status was given.* *That is tangible and actionable.*
>
> Current status: Threat level Yellow.*
> Your current is higher than SANS ISC. Do you know something they don't?
>
> On Wed, Dec 3, 2008 at 9:57 PM, Luke Scharf <luke.scharf@...sterbee.net>wrote:
>
>> Mike C wrote:
>> >> If you really want to change state of security for the n00bs,
>> >> spread the knowledge, not the colors.
>> >>
>> >>
>> > Thats what project Chroma is all about.. Are you on board?!
>> >
>>
>> This already exists, backed up by some hard-core security competence:
>>    http://isc.sans.org/infocon.html
>>    http://isc.sans.org/
>>
>> Has it changed the world?
>>
>> -Luke
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ