[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6158bb410812050534l180f06dcs3b323041c4aab45@mail.gmail.com>
Date: Fri, 5 Dec 2008 08:34:05 -0500
From: Ureleet <ureleet@...il.com>
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Project Chroma: A color code for the state
ofcyber security
well, sans has said in the past they dont raise their color unless
there is an immediate threat i think. i think chris, in this thread
be4 said the differences pretty well.
On Thu, Dec 4, 2008 at 10:36 PM, n3td3v <xploitable@...il.com> wrote:
> On Thu, Dec 4, 2008 at 3:03 PM, Chris Jeane <rysheve@...il.com> wrote:
>> The Project Chroma Project website reads(I have highlighted the colors in
>> black so that they are readable):
>>
>> Green level: There is negligible threat to online security.
>> Ok this one is pretty simple.
>>
>> Yellow level : There is a minimal level of threat, and this must be
>> monitored and contained.
>> The SAN ISC says : "We are currently tracking a significant new threat. The
>> impact is either unknown or expected to be minor to the infrastructure.
>> However, local impact could be significant. Users are advised to take
>> immediate specific action to contain the impact."
>> You are giving an abbreviation version of something that already exists and
>> is excepted.
>>
>> Orange level: This level of threat indicates there are parties who are
>> actively engaging in cyber-warfare. Caution is required when online.
>> Caution is always required when online. If you are in an area
>> (country/province/region) that is affected by cyber attacks you will have
>> limited/no access the internet. If only your company/person is being
>> assaulted from cyberspace the attack would probably go unnoticed by this
>> monitoring system. If the attackers were commiting a DDOS attack on several
>> specific non-infastructure targets, you internet access my slow/go dark, but
>> is that really a threat to you? or one you can protect agianst?
>>
>> Red level: This level indicates a full blown cyber-war. It indicates
>> very high probability of all communications being intercepted.
>> The use of the term 'full blown cyber-war' seems like a overarching scare
>> tactic. We have yet to see what cyber-warfare looks like. Estonia was a one
>> sided cyber ambush, not two entites engaging in war. The alerts should be
>> more generic and accompanied by an acessment of the actual current
>> situation. If something like 'Code Red' where to infect the internet agian
>> this alert calling it cyber-war would be a misnomer.
>>
>> While homeland security's implementation does not seem to have a real
>> world merit, such a threat level would certainly be very useful in the
>> online security realm.
>> Who is this useful to: Security processionals, end users, governmental
>> agencies? How and why as similar systems already exist?
>>
>> Please disseminate this announcement of the
>> project Chroma levels for online security. The immediate mission of
>> the project is to be picked up by the antivirus and security tools
>> vendors, so as to add the color codes to their products and provide
>> users with a tangible measure of their online security.
>> Yellow is not a tangible measure of their online security. If perhaps an
>> Online Security/IPS package knew that a DDoS attack was coming for an
>> address segment of the internet and it requested that I block traffic from
>> those attackers until an all clear or Green
>> status was given. That is tangible and actionable.
>>
>> Current status: Threat level Yellow.
>> Your current is higher than SANS ISC. Do you know something they don't?
>>
>
> Symantec / Securityfocus is currently Yellow as well.
>
> Maybe its SANS that are out of the loop afterall.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists