Re: Project Chroma: A color code for the state ofcyber security

[Ureleet <ureleet () gmail com>]

you know andrew, i couldnt have said it better.

even tho i disagree and _do_ say that estonia and georgia _were_ cyber
attacks, u make an excellent discussion.

On Thu, Dec 4, 2008 at 5:29 PM, n3td3v <xploitable () gmail com> wrote:
> On Thu, Dec 4, 2008 at 4:36 PM, Razi Shaban <razishaban () gmail com> wrote:
> > On Thu, Dec 4, 2008 at 5:03 PM, Chris Jeane <rysheve () gmail com> wrote:
> > > The Project Chroma Project website reads(I have highlighted the colors in
> > > black so that they are readable):
> > >
> > > Levels crap
> >
> > On Thu, Dec 4, 2008 at 6:28 PM, Razi Shaban <razishaban () gmail com> wrote:
> > > On Thu, Dec 4, 2008 at 6:02 PM, Chris Jeane <rysheve () gmail com> wrote:
> > > > Exactly. Which is why there is a need of a system that contains more
> > > > information and less cookie cutter levels. We still don't know what a
> > > > cyber-war looks like. One country could attack the transport/power systems
> > > > of a third party that supplies/supports their target. This is all
> > > > hypothetical, but there is a high probability of collateral damage.
> > >
> > > You misunderstood me. What I was getting at is that your ideas,
> > > including a "cyber-war" and all this leveling, show that you are about
> > > as uninformed as n3td3v. Please take your nub spam somewhere else.
> > >
> > > --
> > > Razi Shaban
> >
> > To explain the idea of leveling: The internet is a gigantic place. No
> > matter when and from where you connect, it is out to get you, you
> > individually. Also, large-scale cyber wars are a constant thing. I am
> > aware of three very large-scale wars taking place at the moment, does
> > that increase or decrease the risk any user would be taking by
> > accessing the internet? Of course not. The concept of basing a
> > levelling system on a few organized national or private attempts to do
> > something or another is ridiculous; the Estonian attack compromised
> > less than 0.0001% of all cyber attacks during that time period.
> >
> > The matter of the fact is, attempting to take the hugely complex and
> > intricate dark side of the internet and summarize it in a color level
> > is absurd. In fact, attempting to summarize it at all is ridiculous.
> > Summarizing implies that you know everything about the topic. Anyone
> > trying to summarize this knows nothing when he/she realizes the
> > vastness of the internet.
> >
> > tl;dr : attempting to summarize the internet is less fruitful than
> > throwing ice cubes at the sun, but it requires much lesser
> > intelligence to do the first.
>
> I can't believe people are still using Estonia as an example of a
> cyber attack, it was a false flag on an epic scale and so obvious to
> I.T security experts. The government have got to try harder if they
> want to convince the industry that cyber terrorism is a real threat.
> But the fact is Estonia and Georgia just weren't convincing enough at
> least for me, I don't know what others think.
>
> And the shutting down of a turbine and posting the video to CNN was
> just a joke, there was no actual evidence of how the turbine shut
> down, it could just be a man in the corner flicking a switch, there
> was no evidence of someone using a computer to shut it down, we were
> told it was a cyber attack doing it, but no proof or evidence was
> given to prove it. They didn't even have a guy with a laptop standing
> beside it or anything like that, really the government are clueless
> with it comes to cyber security and creating a convincing false flag.
>
> When it comes to power stations being shut down through computerised
> attack, I don't see the threat coming from cyber terrorism, what I see
> the threat is more is accidental infection, like the three hospitals
> in London that got shut down last month because of the MyTob worm/
> virus, the industry sit up and listen to that kind of thing and take
> it seriously (or at least I did), but they shouldn't take seriously
> Estonia, Georgia, DHS turbine videos.
>
> Cyber terrorism isn't a real threat in the climate we're in right now,
> what we should fear is accidental infection like the three hospitals
> in London. That got my attention more than Estonia, Georgia, DHS
> turbine video put together, because it was so obvious that the three
> hospitals in London was a genuine incident and not set up by the
> powers of be.
>
> We should worry more about staff competence being the main threat, not
> cyber terrorism, but mistakes made by I.T departments and accidental
> infection onto networks that are sensitive like the three hospitals in
> London.
>
> Please it just makes me cringe when I see people using Estonia as a
> way to pave political policy and setting up things. There is no cyber
> terrorism guys, there is staff incompetence and accidental infection
> that is the biggest worry for me right now, than some people in a cave
> wanting to carry out an electronic jihad.
>
> Money is wasted setting up cyber commands and other stuff, the money
> should really be spent on making sure the private and public sector
> and academia is trained to a specific standard so that the three
> hospitals incident can't happen again.
>
> As for the color code thing, thats just a load of wash and bollocks
> thats not needed, its good for businesses like Symantec and SANS to
> have alert levels, because fear is part of what they play on to make
> the money that they do.
>
> All the best,
>
> n3td3v
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/