Re: Project Chroma: A color code for the state ofcyber security

[Ureleet <ureleet () gmail com>]

u mean, again?  dude, its already been done.  and by ppl alot smarter
than u.  stfu.  try sumthing knew.  u obviously fucked this 1 up.

On Wed, Dec 3, 2008 at 9:45 PM, Mike C <mike.cartall () gmail com> wrote:
> On Tue, Dec 2, 2008 at 11:29 AM, Elazar Broad <elazar () hushmail com> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> >
> > On Tue, 02 Dec 2008 11:50:46 -0500 rholgstad <rholgstad () gmail com>
> > wrote:
> > > Mike C wrote:
> > > > On Mon, Dec 1, 2008 at 5:27 PM, rholgstad <rholgstad () gmail com>
> > > wrote:
> > > > > and how does making a color based on these inputs protect
> > > people?
> > > > >
> > > >
> > > > Once all desktops have an icon or widget (say at the right hand
> > > > corner) with the color, and this is consistently seen
> > > everywhere, the
> > > > users will start associating with their online security. they
> > > will be
> > > > reminded that they have to be careful with the data they share.
> > > >
> > > > This, if implemented correctly will be a boon to security
> > > industry,
> > > > where the weakest kinks currently are 'n00b'  users.
> > > you are joking right?
> > >
> > > So some widget is going to stop the next SMB remote or IE client
> > > side
> > > and protect the 'n00b' users? Please explain how this works. Also
> > > please
> > > explain how "they will be reminded that they have to be careful
> > > with the
> > > data they share. " has anything to do with protecting a users
> > > machine
> > > from being compromised.
> >
> > Thats the whole point. There is a fine line between using visual
> > alerts to put people(Joe six pack) into a state of "awareness"(more
> > like mild hysteria) of a threat versus knowing how to protect
> > oneself against that threat and using that awareness indicator as
> > the kick in the ass to get moving and shore up the defenses(hell,
> > how many security folk do this too, then again, every time
> > something goes bump we see red). Visual alerts are great at
> > persuasion tools, especially when the goal is to get Joe to buy
> > your latest all-in-one-will-make-your-coffee-and-buy-you-beer
> > AV/Malware/Spyware/Foo(whats this doing here?)/evil monkey in the
> > closet package. So of course, Joe will never learn how to properly
> > defend his computer/data, and the "industry" will prosper.
>
> I dont think it is a lost battle. This method could prove an excellent
> way to solve this age old problem.
>
> > Now, thanks to our good friends over at the DHS, the color system
> > has turned into a complete and utter joke(for the most part), so my
> > friend, you see, this a complete exercise in futility(besides the
> > fact that every friggin AV/IDS/Security/SIM company out there has
> > red, yellow and green as their corporate "flag", if you are just
> > joining the party, then you can completely ignore this)
> DHS implementation leaves a lot to be desired. Please do not compare
> this to DHS's implementation.
>
> > If you really want to change state of security for the n00bs,
> > spread the knowledge, not the colors.
> Thats what project Chroma is all about.. Are you on board?!
>
> --
> MC
> Security Researcher
> Lead, Project Chroma
> http://sites.google.com/site/projectchromaproject/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/