"full-blown cyber war" This indicates that Mike C is N3tN00b, and is also about to join him on the spam filter. Flame away, cos I won't hear you Mike/N3tty
2008/12/4 Chris Jeane <[EMAIL PROTECTED]> > The Project Chroma Project website reads(I have highlighted the colors in > black so that they are readable): > > *Green level: There is negligible threat to online security. > * > Ok this one is pretty simple.* > > Yellow level : There is a minimal level of threat, and this must be > monitored and contained. > * > The SAN ISC says : "We are currently *tracking* a significant new threat. > The impact is either unknown or expected to be minor to the infrastructure. > However, local impact could be significant. Users are advised to take > immediate specific *action to contain* the impact." > You are giving an abbreviation version of something that already exists and > is excepted. > > *Orange level: This level of threat indicates there are parties who are > actively engaging in cyber-warfare. Caution is required when online. > * > Caution is *always* required when online. If you are in an area > (country/province/region) that is affected by cyber attacks you will have > limited/no access the internet. If only your company/person is being > assaulted from cyberspace the attack would probably go unnoticed by this > monitoring system. If the attackers were commiting a DDOS attack on several > specific non-infastructure targets, you internet access my slow/go dark, but > is that really a threat to you? or one you can protect agianst? > > *Red level: This level indicates a full blown cyber-war. It indicates > very high probability of all communications being intercepted. > * > The use of the term 'full blown cyber-war' seems like a overarching scare > tactic. We have yet to see what cyber-warfare looks like. Estonia was a one > sided cyber ambush, not two entites engaging in war. The alerts should be > more generic and accompanied by an acessment of the actual *current > *situation. > If something like 'Code Red' where to infect the internet agian this alert > calling it cyber-war would be a misnomer.* > > While homeland security's implementation does not seem to have a real > world merit, such a threat level would certainly be very useful in the > online security realm. > * > Who is this useful to: Security processionals, end users, governmental > agencies? How and why as similar systems already exist?* > > Please disseminate this announcement of the > project Chroma levels for online security. The immediate mission of > the project is to be picked up by the antivirus and security tools > vendors, so as to add the color codes to their products and provide > users with a tangible measure of their online security. > * > Yellow is not a tangible measure of their online security. If perhaps an > Online Security/IPS package knew that a DDoS attack was coming for an > address segment of the internet and it requested that I block traffic from > those attackers until an all clear or *Green * > status was given.* *That is tangible and actionable.* > > Current status: Threat level Yellow.* > Your current is higher than SANS ISC. Do you know something they don't? > > On Wed, Dec 3, 2008 at 9:57 PM, Luke Scharf <[EMAIL PROTECTED]>wrote: > >> Mike C wrote: >> >> If you really want to change state of security for the n00bs, >> >> spread the knowledge, not the colors. >> >> >> >> >> > Thats what project Chroma is all about.. Are you on board?! >> > >> >> This already exists, backed up by some hard-core security competence: >> http://isc.sans.org/infocon.html >> http://isc.sans.org/ >> >> Has it changed the world? >> >> -Luke >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
