[Full-disclosure] Project Chroma: A color code for the state ofcyber security
kz20fl at googlemail.com
Thu Dec 4 15:15:21 GMT 2008
"full-blown cyber war"
This indicates that Mike C is N3tN00b, and is also about to join him on the
spam filter. Flame away, cos I won't hear you Mike/N3tty
2008/12/4 Chris Jeane <rysheve at gmail.com>
> The Project Chroma Project website reads(I have highlighted the colors in
> black so that they are readable):
> *Green level: There is negligible threat to online security.
> Ok this one is pretty simple.*
> Yellow level : There is a minimal level of threat, and this must be
> monitored and contained.
> The SAN ISC says : "We are currently *tracking* a significant new threat.
> The impact is either unknown or expected to be minor to the infrastructure.
> However, local impact could be significant. Users are advised to take
> immediate specific *action to contain* the impact."
> You are giving an abbreviation version of something that already exists and
> is excepted.
> *Orange level: This level of threat indicates there are parties who are
> actively engaging in cyber-warfare. Caution is required when online.
> Caution is *always* required when online. If you are in an area
> (country/province/region) that is affected by cyber attacks you will have
> limited/no access the internet. If only your company/person is being
> assaulted from cyberspace the attack would probably go unnoticed by this
> monitoring system. If the attackers were commiting a DDOS attack on several
> specific non-infastructure targets, you internet access my slow/go dark, but
> is that really a threat to you? or one you can protect agianst?
> *Red level: This level indicates a full blown cyber-war. It indicates
> very high probability of all communications being intercepted.
> The use of the term 'full blown cyber-war' seems like a overarching scare
> tactic. We have yet to see what cyber-warfare looks like. Estonia was a one
> sided cyber ambush, not two entites engaging in war. The alerts should be
> more generic and accompanied by an acessment of the actual *current *situation.
> If something like 'Code Red' where to infect the internet agian this alert
> calling it cyber-war would be a misnomer.*
> While homeland security's implementation does not seem to have a real
> world merit, such a threat level would certainly be very useful in the
> online security realm.
> Who is this useful to: Security processionals, end users, governmental
> agencies? How and why as similar systems already exist?*
> Please disseminate this announcement of the
> project Chroma levels for online security. The immediate mission of
> the project is to be picked up by the antivirus and security tools
> vendors, so as to add the color codes to their products and provide
> users with a tangible measure of their online security.
> Yellow is not a tangible measure of their online security. If perhaps an
> Online Security/IPS package knew that a DDoS attack was coming for an
> address segment of the internet and it requested that I block traffic from
> those attackers until an all clear or *Green *
> status was given.* *That is tangible and actionable.*
> Current status: Threat level Yellow.*
> Your current is higher than SANS ISC. Do you know something they don't?
> On Wed, Dec 3, 2008 at 9:57 PM, Luke Scharf <luke.scharf at clusterbee.net>wrote:
>> Mike C wrote:
>> >> If you really want to change state of security for the n00bs,
>> >> spread the knowledge, not the colors.
>> > Thats what project Chroma is all about.. Are you on board?!
>> This already exists, backed up by some hard-core security competence:
>> Has it changed the world?
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.