u mean, again? dude, its already been done. and by ppl alot smarter than u. stfu. try sumthing knew. u obviously fucked this 1 up.
On Wed, Dec 3, 2008 at 9:45 PM, Mike C <[EMAIL PROTECTED]> wrote: > On Tue, Dec 2, 2008 at 11:29 AM, Elazar Broad <[EMAIL PROTECTED]> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> On Tue, 02 Dec 2008 11:50:46 -0500 rholgstad <[EMAIL PROTECTED]> >> wrote: >>>Mike C wrote: >>>> On Mon, Dec 1, 2008 at 5:27 PM, rholgstad <[EMAIL PROTECTED]> >>>wrote: >>>> >>>>> and how does making a color based on these inputs protect >>>people? >>>>> >>>>> >>>> >>>> Once all desktops have an icon or widget (say at the right hand >>>> corner) with the color, and this is consistently seen >>>everywhere, the >>>> users will start associating with their online security. they >>>will be >>>> reminded that they have to be careful with the data they share. >>>> >>>> This, if implemented correctly will be a boon to security >>>industry, >>>> where the weakest kinks currently are 'n00b' users. >>>> >>>> >>>you are joking right? >>> >>>So some widget is going to stop the next SMB remote or IE client >>>side >>>and protect the 'n00b' users? Please explain how this works. Also >>>please >>>explain how "they will be reminded that they have to be careful >>>with the >>>data they share. " has anything to do with protecting a users >>>machine >>>from being compromised. >> >> Thats the whole point. There is a fine line between using visual >> alerts to put people(Joe six pack) into a state of "awareness"(more >> like mild hysteria) of a threat versus knowing how to protect >> oneself against that threat and using that awareness indicator as >> the kick in the ass to get moving and shore up the defenses(hell, >> how many security folk do this too, then again, every time >> something goes bump we see red). Visual alerts are great at >> persuasion tools, especially when the goal is to get Joe to buy >> your latest all-in-one-will-make-your-coffee-and-buy-you-beer >> AV/Malware/Spyware/Foo(whats this doing here?)/evil monkey in the >> closet package. So of course, Joe will never learn how to properly >> defend his computer/data, and the "industry" will prosper. >> > > I dont think it is a lost battle. This method could prove an excellent > way to solve this age old problem. > >> Now, thanks to our good friends over at the DHS, the color system >> has turned into a complete and utter joke(for the most part), so my >> friend, you see, this a complete exercise in futility(besides the >> fact that every friggin AV/IDS/Security/SIM company out there has >> red, yellow and green as their corporate "flag", if you are just >> joining the party, then you can completely ignore this) >> > DHS implementation leaves a lot to be desired. Please do not compare > this to DHS's implementation. > >> If you really want to change state of security for the n00bs, >> spread the knowledge, not the colors. >> > Thats what project Chroma is all about.. Are you on board?! > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
