Full Disclosure mailing list archives
Re: Project Chroma: A color code for the state ofcyber security
From: Ureleet <ureleet () gmail com>
Date: Thu, 4 Dec 2008 20:32:20 -0500
you know andrew, i couldnt have said it better. even tho i disagree and _do_ say that estonia and georgia _were_ cyber attacks, u make an excellent discussion. On Thu, Dec 4, 2008 at 5:29 PM, n3td3v <xploitable () gmail com> wrote:
On Thu, Dec 4, 2008 at 4:36 PM, Razi Shaban <razishaban () gmail com> wrote:On Thu, Dec 4, 2008 at 5:03 PM, Chris Jeane <rysheve () gmail com> wrote:The Project Chroma Project website reads(I have highlighted the colors in black so that they are readable): Levels crapOn Thu, Dec 4, 2008 at 6:28 PM, Razi Shaban <razishaban () gmail com> wrote:On Thu, Dec 4, 2008 at 6:02 PM, Chris Jeane <rysheve () gmail com> wrote:Exactly. Which is why there is a need of a system that contains more information and less cookie cutter levels. We still don't know what a cyber-war looks like. One country could attack the transport/power systems of a third party that supplies/supports their target. This is all hypothetical, but there is a high probability of collateral damage.You misunderstood me. What I was getting at is that your ideas, including a "cyber-war" and all this leveling, show that you are about as uninformed as n3td3v. Please take your nub spam somewhere else. -- Razi ShabanTo explain the idea of leveling: The internet is a gigantic place. No matter when and from where you connect, it is out to get you, you individually. Also, large-scale cyber wars are a constant thing. I am aware of three very large-scale wars taking place at the moment, does that increase or decrease the risk any user would be taking by accessing the internet? Of course not. The concept of basing a levelling system on a few organized national or private attempts to do something or another is ridiculous; the Estonian attack compromised less than 0.0001% of all cyber attacks during that time period. The matter of the fact is, attempting to take the hugely complex and intricate dark side of the internet and summarize it in a color level is absurd. In fact, attempting to summarize it at all is ridiculous. Summarizing implies that you know everything about the topic. Anyone trying to summarize this knows nothing when he/she realizes the vastness of the internet. tl;dr : attempting to summarize the internet is less fruitful than throwing ice cubes at the sun, but it requires much lesser intelligence to do the first.I can't believe people are still using Estonia as an example of a cyber attack, it was a false flag on an epic scale and so obvious to I.T security experts. The government have got to try harder if they want to convince the industry that cyber terrorism is a real threat. But the fact is Estonia and Georgia just weren't convincing enough at least for me, I don't know what others think. And the shutting down of a turbine and posting the video to CNN was just a joke, there was no actual evidence of how the turbine shut down, it could just be a man in the corner flicking a switch, there was no evidence of someone using a computer to shut it down, we were told it was a cyber attack doing it, but no proof or evidence was given to prove it. They didn't even have a guy with a laptop standing beside it or anything like that, really the government are clueless with it comes to cyber security and creating a convincing false flag. When it comes to power stations being shut down through computerised attack, I don't see the threat coming from cyber terrorism, what I see the threat is more is accidental infection, like the three hospitals in London that got shut down last month because of the MyTob worm/ virus, the industry sit up and listen to that kind of thing and take it seriously (or at least I did), but they shouldn't take seriously Estonia, Georgia, DHS turbine videos. Cyber terrorism isn't a real threat in the climate we're in right now, what we should fear is accidental infection like the three hospitals in London. That got my attention more than Estonia, Georgia, DHS turbine video put together, because it was so obvious that the three hospitals in London was a genuine incident and not set up by the powers of be. We should worry more about staff competence being the main threat, not cyber terrorism, but mistakes made by I.T departments and accidental infection onto networks that are sensitive like the three hospitals in London. Please it just makes me cringe when I see people using Estonia as a way to pave political policy and setting up things. There is no cyber terrorism guys, there is staff incompetence and accidental infection that is the biggest worry for me right now, than some people in a cave wanting to carry out an electronic jihad. Money is wasted setting up cyber commands and other stuff, the money should really be spent on making sure the private and public sector and academia is trained to a specific standard so that the three hospitals incident can't happen again. As for the color code thing, thats just a load of wash and bollocks thats not needed, its good for businesses like Symantec and SANS to have alert levels, because fear is part of what they play on to make the money that they do. All the best, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Project Chroma: A color code for the state ofcyber security, (continued)
- Re: Project Chroma: A color code for the state ofcyber security rholgstad (Dec 01)
- Re: Project Chroma: A color code for the state ofcyber security Mike C (Dec 01)
- Re: Project Chroma: A color code for the state ofcyber security Elazar Broad (Dec 02)
- Re: Project Chroma: A color code for the state ofcyber security Mike C (Dec 03)
- Re: Project Chroma: A color code for the state ofcyber security vulcanius (Dec 03)
- Re: Project Chroma: A color code for the state ofcyber security Luke Scharf (Dec 03)
- Re: Project Chroma: A color code for the state ofcyber security Chris Jeane (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security James Rankin (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Razi Shaban (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security n3td3v (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Ureleet (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Mike C (Dec 03)
- Re: Project Chroma: A color code for the state ofcyber security n3td3v (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Valdis . Kletnieks (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security n3td3v (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Valdis . Kletnieks (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security n3td3v (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Ureleet (Dec 05)
- Re: Project Chroma: A color code for the state ofcyber security Ureleet (Dec 05)
- Re: Project Chroma: A color code for the state ofcyber security Ureleet (Dec 05)
- Re: Project Chroma: A color code for the state ofcyber security Valdis . Kletnieks (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Ureleet (Dec 04)