lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6158bb410812041731l3aced389ra38603f0d118870@mail.gmail.com>
Date: Thu, 4 Dec 2008 20:31:31 -0500
From: Ureleet <ureleet@...il.com>
To: "Mike C" <mike.cartall@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, vulcanius@...il.com
Subject: Re: Project Chroma: A color code for the state
	ofcyber security

u mean, again?  dude, its already been done.  and by ppl alot smarter
than u.  stfu.  try sumthing knew.  u obviously fucked this 1 up.

On Wed, Dec 3, 2008 at 9:45 PM, Mike C <mike.cartall@...il.com> wrote:
> On Tue, Dec 2, 2008 at 11:29 AM, Elazar Broad <elazar@...hmail.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>>
>> On Tue, 02 Dec 2008 11:50:46 -0500 rholgstad <rholgstad@...il.com>
>> wrote:
>>>Mike C wrote:
>>>> On Mon, Dec 1, 2008 at 5:27 PM, rholgstad <rholgstad@...il.com>
>>>wrote:
>>>>
>>>>> and how does making a color based on these inputs protect
>>>people?
>>>>>
>>>>>
>>>>
>>>> Once all desktops have an icon or widget (say at the right hand
>>>> corner) with the color, and this is consistently seen
>>>everywhere, the
>>>> users will start associating with their online security. they
>>>will be
>>>> reminded that they have to be careful with the data they share.
>>>>
>>>> This, if implemented correctly will be a boon to security
>>>industry,
>>>> where the weakest kinks currently are 'n00b'  users.
>>>>
>>>>
>>>you are joking right?
>>>
>>>So some widget is going to stop the next SMB remote or IE client
>>>side
>>>and protect the 'n00b' users? Please explain how this works. Also
>>>please
>>>explain how "they will be reminded that they have to be careful
>>>with the
>>>data they share. " has anything to do with protecting a users
>>>machine
>>>from being compromised.
>>
>> Thats the whole point. There is a fine line between using visual
>> alerts to put people(Joe six pack) into a state of "awareness"(more
>> like mild hysteria) of a threat versus knowing how to protect
>> oneself against that threat and using that awareness indicator as
>> the kick in the ass to get moving and shore up the defenses(hell,
>> how many security folk do this too, then again, every time
>> something goes bump we see red). Visual alerts are great at
>> persuasion tools, especially when the goal is to get Joe to buy
>> your latest all-in-one-will-make-your-coffee-and-buy-you-beer
>> AV/Malware/Spyware/Foo(whats this doing here?)/evil monkey in the
>> closet package. So of course, Joe will never learn how to properly
>> defend his computer/data, and the "industry" will prosper.
>>
>
> I dont think it is a lost battle. This method could prove an excellent
> way to solve this age old problem.
>
>> Now, thanks to our good friends over at the DHS, the color system
>> has turned into a complete and utter joke(for the most part), so my
>> friend, you see, this a complete exercise in futility(besides the
>> fact that every friggin AV/IDS/Security/SIM company out there has
>> red, yellow and green as their corporate "flag", if you are just
>> joining the party, then you can completely ignore this)
>>
> DHS implementation leaves a lot to be desired. Please do not compare
> this to DHS's implementation.
>
>> If you really want to change state of security for the n00bs,
>> spread the knowledge, not the colors.
>>
> Thats what project Chroma is all about.. Are you on board?!
>
> --
> MC
> Security Researcher
> Lead, Project Chroma
> http://sites.google.com/site/projectchromaproject/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ