you know andrew, i couldnt have said it better. even tho i disagree and _do_ say that estonia and georgia _were_ cyber attacks, u make an excellent discussion.
On Thu, Dec 4, 2008 at 5:29 PM, n3td3v <[EMAIL PROTECTED]> wrote: > On Thu, Dec 4, 2008 at 4:36 PM, Razi Shaban <[EMAIL PROTECTED]> wrote: >> On Thu, Dec 4, 2008 at 5:03 PM, Chris Jeane <[EMAIL PROTECTED]> wrote: >>> The Project Chroma Project website reads(I have highlighted the colors in >>> black so that they are readable): >>> >>> Levels crap >>> >> >> On Thu, Dec 4, 2008 at 6:28 PM, Razi Shaban <[EMAIL PROTECTED]> wrote: >>> On Thu, Dec 4, 2008 at 6:02 PM, Chris Jeane <[EMAIL PROTECTED]> wrote: >>>> Exactly. Which is why there is a need of a system that contains more >>>> information and less cookie cutter levels. We still don't know what a >>>> cyber-war looks like. One country could attack the transport/power systems >>>> of a third party that supplies/supports their target. This is all >>>> hypothetical, but there is a high probability of collateral damage. >>>> >>> >>> You misunderstood me. What I was getting at is that your ideas, >>> including a "cyber-war" and all this leveling, show that you are about >>> as uninformed as n3td3v. Please take your nub spam somewhere else. >>> >>> -- >>> Razi Shaban >>> >> >> To explain the idea of leveling: The internet is a gigantic place. No >> matter when and from where you connect, it is out to get you, you >> individually. Also, large-scale cyber wars are a constant thing. I am >> aware of three very large-scale wars taking place at the moment, does >> that increase or decrease the risk any user would be taking by >> accessing the internet? Of course not. The concept of basing a >> levelling system on a few organized national or private attempts to do >> something or another is ridiculous; the Estonian attack compromised >> less than 0.0001% of all cyber attacks during that time period. >> >> The matter of the fact is, attempting to take the hugely complex and >> intricate dark side of the internet and summarize it in a color level >> is absurd. In fact, attempting to summarize it at all is ridiculous. >> Summarizing implies that you know everything about the topic. Anyone >> trying to summarize this knows nothing when he/she realizes the >> vastness of the internet. >> >> tl;dr : attempting to summarize the internet is less fruitful than >> throwing ice cubes at the sun, but it requires much lesser >> intelligence to do the first. >> > > I can't believe people are still using Estonia as an example of a > cyber attack, it was a false flag on an epic scale and so obvious to > I.T security experts. The government have got to try harder if they > want to convince the industry that cyber terrorism is a real threat. > But the fact is Estonia and Georgia just weren't convincing enough at > least for me, I don't know what others think. > > And the shutting down of a turbine and posting the video to CNN was > just a joke, there was no actual evidence of how the turbine shut > down, it could just be a man in the corner flicking a switch, there > was no evidence of someone using a computer to shut it down, we were > told it was a cyber attack doing it, but no proof or evidence was > given to prove it. They didn't even have a guy with a laptop standing > beside it or anything like that, really the government are clueless > with it comes to cyber security and creating a convincing false flag. > > When it comes to power stations being shut down through computerised > attack, I don't see the threat coming from cyber terrorism, what I see > the threat is more is accidental infection, like the three hospitals > in London that got shut down last month because of the MyTob worm/ > virus, the industry sit up and listen to that kind of thing and take > it seriously (or at least I did), but they shouldn't take seriously > Estonia, Georgia, DHS turbine videos. > > Cyber terrorism isn't a real threat in the climate we're in right now, > what we should fear is accidental infection like the three hospitals > in London. That got my attention more than Estonia, Georgia, DHS > turbine video put together, because it was so obvious that the three > hospitals in London was a genuine incident and not set up by the > powers of be. > > We should worry more about staff competence being the main threat, not > cyber terrorism, but mistakes made by I.T departments and accidental > infection onto networks that are sensitive like the three hospitals in > London. > > Please it just makes me cringe when I see people using Estonia as a > way to pave political policy and setting up things. There is no cyber > terrorism guys, there is staff incompetence and accidental infection > that is the biggest worry for me right now, than some people in a cave > wanting to carry out an electronic jihad. > > Money is wasted setting up cyber commands and other stuff, the money > should really be spent on making sure the private and public sector > and academia is trained to a specific standard so that the three > hospitals incident can't happen again. > > As for the color code thing, thats just a load of wash and bollocks > thats not needed, its good for businesses like Symantec and SANS to > have alert levels, because fear is part of what they play on to make > the money that they do. > > All the best, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
