CERTStation Threat-Level Aggregator

sloit writes "Just spotted, the CERTStation Threat level Aggregator displays the current threat level, in real-time, as assessed by 8 of the Internet's leading vulnerability watch services such as Symantec Threatcon, ISS Alertcon and SANS Infocon on one publically accessible Web page. Well, that saves a lot of daily trudging!"

If it would only just *tell* me

[milo_a_wagner]

Fine, fine, I guess. But with all those flicks and ticks and whooshes, isn't this the most annoyingly designed page *ever*? I can barely see anything. I think I'm about to have an epileptic fit, and I'm not epileptic.

Re:

[thetroll123]

Try it with Flashblock enabled, gives a far cleaner interface...

Re:

[LiquidCoooled]

Even with flashblock, there is still some annoying ticker down at the bottom (javascript).
Ye gads, they could have gone the whole hog and implimented BLINK tags to make even more people dislike the page.

The worst part is, I *would* visit the page if it was a bit more stable.

Re:

[$RANDOMLUSER]

Gaaaaaa. Having seizure... Musn't swallow tongue...

Light gray on white sucks on a flat screen.

[khasim]

The same with light yellow.

The same with light green.

I'm guessing that they didn't want to over burden anyone's video card or monitor.

And the little "sparkticker" or whatever at the bottom is totally unreadable.

But it is incredibly useful to know that the "REMLAB web mech designer" has a vulnerability. And I am totally being sarcastic. There are 8 flash links there. And that's the kind of content they felt was necessary? You're looping static TEXT. You are fucking morons!

Re:

[smooth wombat]

They laughed at me when I told them, "I don't have Flash installed."

Now who's laughing! Mwahahahahahahaha!!!!!

Exactly what I thought

[Riverman5]

Exactly what I thought when I first saw it... worthless piece of flash wizardry.

Slashdot incompetence selling company incompetence

[Futurepower(R)]

This is another demonstration of Slashdot editor incompetence. The Slashdot story is apparently nothing but an advertisement for a commercial company formerly called Haval-Daar [hdaar.com] that seems completely incompetent and destined to fail immediately. There is apparently no connection with CERT whatsoever; the name is apparently intended only to confuse. Since the word havaldaar is apparently a Hindi word, I suppose Haval-Daar is a company started by people from India.

Did someone at Slashdot take money to adver

Re:

[pushf popf]

That's the second most amazingly annoying website I've ever seen ("Punch The Monkey" is first).

What the hell were they thinking?

Re:

[DeadboltX]

Agreed.
This site isn't going to do its job very well if people don't even want to visit it.

Re:

[john_prog]

The design on this page is truly something. I hope somebody will nominate this page to http://www.webpagesthatsuck.com/ [webpagesthatsuck.com]

Because we all know...

[hellfire]

...breaking down threats and dangers in to colors like magenta, cyan, mauve, ash, and indigo, rather than actually telling us what the threat is, is a great way to communicate to the populace the danger they should think they are in, and thus keep control over the small minded populace.

Re:

[Yjam]

I don't know who modded this funny.. This is insightfull!

Re:

[slashrogue]

This is an internet site about technology "threats" that about 1% of the populace will ever go to. This is not some government program... settle down.

Re:

[fotbr]

Useless for us, yes, but it does make it convenient for showing clueless middle-management types.

That said, I think the clueless middle-management types are the target of that website, given the amount of junk they're selling.

Re:

[Nutty_Irishman]

...breaking down threats and dangers in to colors like magenta, cyan, mauve, ash, and indigo, rather than actually telling us what the threat is, is a great way to communicate to the populace the danger they should think they are in, and thus keep control over the small minded populace.

Agreed, they should definitely adopt this more informative scheme http://www.geekandproud.net/terror/ [geekandproud.net].

Re:

[smooth wombat]

If you think that is bad, check out this colored advisory system [theonion.com].

Currenly, we're at "In Progress".

Now with Flashy goodness

[Anonymous Coward]

Wow, with my Linux box, I can't see any threats at all! Linux makes everything more secure!

*cross fingers* come on slashdot effect!

[JakeX]

Seriously thats an fugly page, all the flash is just gonna bog it down when the thousands pour in to look at it. Maybe they should streamline it more if they need all that flashy stuff.

Its nice

[MaxPowerDJ]

I think its nice because I can forward the page to my boss and justify a whole bunch of hours online surfin' the web. He'll be too busy figuring out what the hell those animations mean.

Flash and gravity

[Toby The Economist]

> the CERTStation Threat level Aggregator displays the current threat level,

Well, it does if you have Flash installed.

Which makes the page 100% useless to all those who do not.

Making a page useless to a proportion of your viewers, in exchange for (supposedly!) looking better, is a poor exchange; even more so when you consider that Flash sites in practise often violate user-interface guidelines and are a nightmare for users.

My view is that the larger the number of people involved, the more strongly the decisions taken gravitate towards the worst possible choice.

This is why they have Flash on their site.

If just one reasonably talented bloke had been given responsibility for the site, it would, I think, be likely to be useable and functional.

Re:

[ashooner]

So, if your principles prevent you from installing flash, isn't this your problem(statistically speaking)?

I imagine the target audience of this site is not so principled, or not so exclusive, with their plug-ins.

It isn't about right and wrong, its about user access. That being said, yes this site falls into the large pantheon of obnoxious flash sites.

Re:

[Frosty Piss]

Which makes the page 100% useless to all those who do not.

That's your choice. Since I and many many many many many many many others have no problem at all with Flash, we see it fine. If you want to see it, install Flash. It's your choice. It's all about choice, the freedom is in your hands to see it or not.

Re:Flash and gravity

[rk]

"we see it fine"

For a liberal interpretation of the word "fine". Gah! I have Flash installed and this site was hideous enough to consider UNinstalling it.

To the GP, it's 100% useless to those who have Flash installed, too.

Re:

[rur]

Yes, I also find it useless. After 5 minutes looking around on the demo site I had to give up, the design is horrible - tiny fonts, doesn't use screen area available, grey text scrolling on dark grey background, just to name a few. Just why these guys tought flash would be better I don't know - a case study on how NOT to do it.

Re:

[beoba]

Linux on non-x86 (not an uncommon occurence in a server room). Blind users. Not everyone has access to this idea of choice that apparently exists in your happy little world.

It is also their choice to ignore their users. Would it be so terribly difficult for them to provide a text version? There are many cases (ex: video) where dynamic content is a must. This is definitely not one of those cases.

Well...

[drinkypoo]

If it's supposed to be a tool for nerds, they fucked up bad. They should know that we don't like being forced to use flash (although we mind to different degrees...) If it's supposed to be a tool for the general populace, well, then I don't see a problem. I can tell you that when I loaded the page and saw like eight flashblock icons, I said "fuck this" and closed the browser tab. Requiring a ton of flash movies for something that could and should have been done with zero of them is a sure sign that I don't

Re:

[Frosty Piss]

If it's supposed to be a tool for nerds, they fucked up bad.

There is not enough technical info there to be useful to "nerds". It's for "PHBs".

Re:

[Jugalator]

even more so when you consider that Flash sites in practise often violate user-interface guidelines and are a nightmare for users.

It's impossible to build a website that don't violate UI guidelines at least if you're aiming for cross-platform compatibility.

Virus checker companies

[sdo1]

Companies that make their business on selling virus checking software will almost always over-exaggerate the threat. I'd be shocked to see Symantec and McAfee show anything much lower than their showing (yellow). It is in their best interest to keep the perception of impending doom alive and well.

-S

Re:

[Rubbersoul]

You could easily rework your post to comment on the federal government and it's color coded warning system. Hmm ... I wounder why they might want to keep the perception of impending doom alive ...

FUGLY

[LorenzoV]

Who the f*ck posted this article? -- Astroturfing his own site, no doubt.

In any case, this is the FUGLIEST site I've ever seen anywhere. Bar None!

Flash. Bah! Humbug! -- I won't visit it again. Ever.

Re:

[El Torico]

I tried to read what was in the little boxes, but the "spinner" at the bottom of the page kept drawing my attention. This looks like a start screen for a game, not an advisory site for Internet threats.

Re:Your signature

[Millenniumman]

In the land of the blind, the one-eyed man is usually crucified.

How do they know he's one-eyed?

Re:

[El Torico]

Because usually he is stupid enough to tell them that their blind. Telling people about their shortcomings doesn't win any friends.

Re:

[El Torico]

Correction - "the're", not "their".

isn't it obvious that it is a

[slack_prad]

slashvert

A cynical one at that

[upside]

Even the company name has been chosen to be conflated with CERT [cert.org]. What a bunch of bollox.

Visually Deafening

[ThOr101]

I am glad that there aren't audio snippets associated with the visual, otherwise it would be the loudest website in the world.

It is great to have the data available, but to have it that animated. I haven't even seen "High Tech" displays like that in the movies / tv, where everything has to have a wow factor.

The data is cool enough, no need to flash the heck out of it.

Interesting...

[DaveM753]

The vertical ticker on the right showed 10 flaws in Firefox and 8 flaws in Thunderbird. Oddly, it didn't list Internet Explorer, Windows XP, Windows 2000, Vista, Outlook, Outlook Express, etc.

Re:

[aicrules]

They got an int overflow as Flash can't handle that high a number...thus they removed the top offenders.

Re:

[just_another_sean]

Well obviously the MS software that you list is rock solid and doesn't have any security problems!

Re:

[TaoPhoenix]

Did they get an Acer Ferrari laptop from MS?

And does OS X really have 31 flaws?

I don't know about you guys...

[headplant]

But it's kind of fun watching all that useless eyecandy swooshing by so fast that I can't read it, while imagining that I'm Jack Bauer. Best of all, if my boss comes by, it looks like I'm actually working!

Seen it

[just_another_sean]

Pft... I liked it better the first time something like this came out, when it was called the Threat Down [comedycentral.com]

Wow so far everyone agrees

[wolff000]

I'm sure all eat my words and someone is going to love that overly flashy page but hey for the moment we have a consensus. What i would like to know is how do these places the info is being grabbed from determine threat level? Then again I think I have gotten one virus in the past 8 years. I just don't open emails that I don't recognize and I sure as hell don't download attachements from them. Yes I know you can get virii other ways but that is the most predominant.

Another commercial /. plug

[anticypher]

What a strange site. Very busy, if your machine is infested with flash, useless otherwise.

After finding a few places on the site which claims the service is free in exchange for personal information, I found an order site that wants a US$5,000 sign up fee, plus US$1,020/year subscription. Just another commercial site that has paid /. to place an advertisement on their front page in the guise of a normal article.

There doesn't seem to be anything there that a person responsible for security couldn't cobble together as a normal part of their job. But they only have to get a few gullible companies to sign up to earn back their hiring a couple of ADD afflicted flash developers.

the AC

Re:

[DigitalSorceress]

I don't know as I'd go so far as to claim that /. was paid for it, but it is certainly a case of advertisement in the guise of news. When I used to work for an NBC affilliate as a news photog, I had a chance to see first-hand, the constant stream of "press releases" and other crap that ended up at the news desk. They generally spiked most of it without a second thought... unless it was a really slow news day. Then, all bets were off.

So, either it was a: slow news day, or b: flew under the radar. (Hey, if /.

Alternate Universe

[Jason Straight]

I must have woken up in an alternate universe this morning. Their threats by product doesn't list a single Microsoft Product, nor Linux. Now I know there's got to be something for both of these.

Re:

[Jason Straight]

Could be, I mean what's the point of worrying about who might be threatening you when you've already got a gun in your mouth?

DDOS for worst site ever?

[Bryansix]

NT

Talisker Radar

[bitshark]

This is good, but this [securitywizardry.com] is better.

Re:

[ninja_assault_kitten]

No shit. While the value these sites provide is 'ok' at best, all the active bloat on that page makes it almost unusable.

Where's the RSS link?

[nostriluu]

I guess the 'future of security management' was invented "War Games" era, and for some reason it's really important to have an incredibly busy display, even when nothing is going on. With the 'scrolling' information, you can't even tell anything at a glance, and there's no search. One thing is for sure, these guys seem to know nothing about information display design, although I guess I'd consider them if I needed some Flash done for a video game.

OH MY GOD IT HURTS!

[dekkerdreyer]

I think I just had a seizure watching that page. Too much movement.

If you just want the useful tidbit, embed the Threatcon indicator [certstation.com].

RSS Feeds Unreadable

[rfunches]

There are two RSS feeds, one above the ticker and one below the vulnerabilities by product, which need to be shot. The one above the ticker moves so fast you can't even read it. Did these people even preview the page before making it live?

The paranoia page

[Animats]

I was just thinking yesterday of doing a paranoia web page, aggregating warnings from various sources.

• US DHS terrorism threat level. ("Code Yellow, or Elevated." today.)
• DoD InfoCon threat level. ("INFOCON level 4, "Increased Vigilance in Preparation for Operations or Exercises." today.)
• California Office of Emergency Services warnings ("...FLASH FLOOD WATCH IN EFFECT FROM TUESDAY MORNING THROUGH LATE TUESDAY NIGHT FOR THE NORTHERN AND CENTRAL PORTIONS OF THE SAN FRANCISCO BAY AREA..." yesterday.)
• Ca [usgs.gov]

I don't need this -- I have a calendar

[wealthychef]

All you need to know is when the next Presidential election is, and you know when the next state of alarm will sound.

Lame

[counterfriction]

Didn't even see anything on there about blackwatch plaid... psh

stupid flash

[SCHecklerX]

This would be a lot more useful if it were an RSS feed.