Full Disclosure mailing list archives
Re: Project Chroma: A color code for the state ofcyber security
From: n3td3v <xploitable () gmail com>
Date: Fri, 5 Dec 2008 03:36:04 +0000
On Thu, Dec 4, 2008 at 3:03 PM, Chris Jeane <rysheve () gmail com> wrote:
The Project Chroma Project website reads(I have highlighted the colors in black so that they are readable): Green level: There is negligible threat to online security. Ok this one is pretty simple. Yellow level : There is a minimal level of threat, and this must be monitored and contained. The SAN ISC says : "We are currently tracking a significant new threat. The impact is either unknown or expected to be minor to the infrastructure. However, local impact could be significant. Users are advised to take immediate specific action to contain the impact." You are giving an abbreviation version of something that already exists and is excepted. Orange level: This level of threat indicates there are parties who are actively engaging in cyber-warfare. Caution is required when online. Caution is always required when online. If you are in an area (country/province/region) that is affected by cyber attacks you will have limited/no access the internet. If only your company/person is being assaulted from cyberspace the attack would probably go unnoticed by this monitoring system. If the attackers were commiting a DDOS attack on several specific non-infastructure targets, you internet access my slow/go dark, but is that really a threat to you? or one you can protect agianst? Red level: This level indicates a full blown cyber-war. It indicates very high probability of all communications being intercepted. The use of the term 'full blown cyber-war' seems like a overarching scare tactic. We have yet to see what cyber-warfare looks like. Estonia was a one sided cyber ambush, not two entites engaging in war. The alerts should be more generic and accompanied by an acessment of the actual current situation. If something like 'Code Red' where to infect the internet agian this alert calling it cyber-war would be a misnomer. While homeland security's implementation does not seem to have a real world merit, such a threat level would certainly be very useful in the online security realm. Who is this useful to: Security processionals, end users, governmental agencies? How and why as similar systems already exist? Please disseminate this announcement of the project Chroma levels for online security. The immediate mission of the project is to be picked up by the antivirus and security tools vendors, so as to add the color codes to their products and provide users with a tangible measure of their online security. Yellow is not a tangible measure of their online security. If perhaps an Online Security/IPS package knew that a DDoS attack was coming for an address segment of the internet and it requested that I block traffic from those attackers until an all clear or Green status was given. That is tangible and actionable. Current status: Threat level Yellow. Your current is higher than SANS ISC. Do you know something they don't?
Symantec / Securityfocus is currently Yellow as well. Maybe its SANS that are out of the loop afterall. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Project Chroma: A color code for the state ofcyber security, (continued)
- Re: Project Chroma: A color code for the state ofcyber security Mike C (Dec 01)
- Re: Project Chroma: A color code for the state ofcyber security Elazar Broad (Dec 02)
- Re: Project Chroma: A color code for the state ofcyber security Mike C (Dec 03)
- Re: Project Chroma: A color code for the state ofcyber security vulcanius (Dec 03)
- Re: Project Chroma: A color code for the state ofcyber security Luke Scharf (Dec 03)
- Re: Project Chroma: A color code for the state ofcyber security Chris Jeane (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security James Rankin (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Razi Shaban (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security n3td3v (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Ureleet (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Mike C (Dec 03)
- Re: Project Chroma: A color code for the state ofcyber security n3td3v (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Valdis . Kletnieks (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security n3td3v (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Valdis . Kletnieks (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security n3td3v (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Ureleet (Dec 05)
- Re: Project Chroma: A color code for the state ofcyber security Ureleet (Dec 05)
- Re: Project Chroma: A color code for the state ofcyber security Ureleet (Dec 05)
- Re: Project Chroma: A color code for the state ofcyber security Valdis . Kletnieks (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security Ureleet (Dec 04)
- Re: Project Chroma: A color code for the state ofcyber security ghost (Dec 04)