[jdev] [Fwd: [NLnet] NLnet launches contest for protection ordinary Internet users]

Peter Saint-Andre stpeter at stpeter.im
Mon May 19 09:39:40 CDT 2008


This may be of interest...

/psa

-------- Original Message --------
Date: Mon, 19 May 2008 16:11:53 +0200
To: update at nlnet.nl
From: update at nlnet.nl
Subject: [NLnet] NLnet launches contest for protection ordinary
Internet	users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

L.S.,


this contest organised by NLnet may be of interest to you.  Feel free to
pass it along to anyone you think might be interested - participation is
open to anyone. The goal is to advance the protection of ordinary end
users against cybercrime and privacy leaks. The contest is part of a
longer running program to increase privacy and security in the ICT field.

                           For more info: http://nlnet.nl/usersafety2008

Kind regards,
the NLnet team

****************  A N N O U N C E M E N T *****************************

*** User Safety Contest 2008

If privacy is not made easy, the common internet user will remain fail
to adequately protect him or herself. Most people do not have a clue
which digital threats and privacy infringements related to the (use of
the) Internet exist, and which tools can help to reduce these. The open
contest "User Safety on the Internet Highway" has the goal to identify a
comprehensive collection of user-friendly software (if possible fitting
on one CD/DVD or USB stick) allowing normal Internet users to protect
themselves from various threats and privacy infringements in a simple
and pragmatic way whereever they go.

Primary targets are users of Windows on the one hand and users of free
operating systems (Linux/*BSD) on the other. Of course the inherent
security issues with e.g. Microsoft Windows cannot be solved, but a
number of other issues can be covered.

What do we have in mind? A collection of software that makes it easy to
contain risks and to use and/or (un)install software whereever you go in
untrusted or even semi-hostile environments. This might take the form of
a well-tuned and feature-rich distro and/or a collection of portable
and/or installable applications. Preferably that would mean choosing the
security level you want once and getting it by pressing the button).
This means assisting to reach the current state of the art in protecting
user's privacy, personal information and communication.
Distribution

We think (although we certainly want to leave space for your
creativity), that the distro should include, but not be limited to:

    * Crypto-tools (not too strong) and steganography tools;
    * Anonimizer (search engine scrapers, traffic obfuscation and such);
    * Anti-botnet, anti-spyware, anti-rootkit, antivirus, other of that
      kind;
    * Strong password generation;
    * Secure password / certificate management;
    * Secure disk / folder / file encryption tools;
    * Standalone secure backup and disk wiping software;
    * Secure chat;
    * Secure password management;
    * Intrusion detection and network segmentation;
    * Firewall

In addition, a number of more common useful security tools and/or
information on how to use them may be identified:

    * Mail and browser extensions for GPG, S/MIME, cache monitoring and
      protection, IDN domain names, scripting execution prevention/white
      listing, one time mail aliases, iframe blocking, cookie
      management, user agent renaming;
    * Black holing lists (/etc/hosts, Windows HOSTS file) for OS level
      blocking of malware;
    * Sand box environments for browsers and other risk factors;
    * Secure serverless file sharing (direct as well as anonymous
      P2P/F2F);
    * Secure port knocking;
    * Scanning software for known (wireless) network exploits e.g.
      default passwords on routers;
    * SSH/SCP/SFTP clients and servers;
    * Secure VoIP;
    * A list of public DNS-es to be able to avoid ISP DNS;
    * Privacy testing suite;
    * Network traffic analysis and forensics;
    * Packet spoofing;
    * Possibilities for free digital certificates and other identity
      management tools.

In order to keep a balance between defence possibilities and managing
complexity for the layman, so at present we do not think it is necessary
to go into a too comprehensive threat model (say, protection against
electromagnetic eavesdropping may be a step too far, for instance). Then
again, that is up to you.

*** Awareness

One of the main goals is not only to provide tools protecting normal
user, but also create awareness and let him or her be acquainted with
these tools and with the necessity to protect from digital threats. It
is therefore necessary that the compilation shall contain:

    * Short and easy explanation of vulnerabilities, threats and privacy
      infringements related to utilisation of computer and the Internet.
    * Explanation of the fact that the digital defence is more the
      matter of mind-set than that of technology.
    * Maybe a couple of understandable articles from respectable
      journals / papers for a user willing to dig into the matter.

*** How the Results are going to be used?

Because being able to identify good useful free software tools involves
different skills than being able to package software and to document
what these tools are to be used for and how to use them safely, we ask
contestants only to work out the content of the distro (and we will give
out prizes for this). Afterwards, we will hire a professional to package
the software in a so called distro with the chosen content -- we want to
separate the ideas from the implementation. For distribution of the
compiled package we are currently investiging in a number of
partnerships with some respectable organisations, such as consumer/user
organisation(s) with large database of users.

*** Prizes

                  1st prize            2.500€
                  2nd prize            1.500€
                  3rd prize              500€

For exceptional work, additional prizes may be considered at judging.
The prizes will be paid in cash to the winners. Any taxes due are the
sole responsibility of the winners.

*** Contest Schedule

The deadline for Contest entries is August 15, 2008 at 12:00 CET.
Contest results and winners announcement will be made not later than
12:00 CET, September 15, 2008.

*** Submission

Submission of entries shall be made by sending the description of your
compilation and attachments to email address usersafety2008 at nlnet.nl
with the subject "Open Contest User Safety on the Internet Highway".
Additionally your email must contain the (nick)name of the contestant or
the name of the group.

*** How will the contest be judged?

Each entry will be judged by a qualified panel of experts.

*** Simple Rules of the Open Contest

    * Anyone can participate --the Contest is open to any individual or

      groups from any country.
    * Contestants have read and agreed on these Contest Rules.
    * All materials used shall be from or shall be put in the Open
      Source domain.
    * All results of the Contest will remain in the Open Source domain.
    * With your submission mention therefore the open source licence of

      your choice. There are many licenses dedicated to the open source

      domain. (description of various licenses) For this Contest we
      recommend the GNU Free Documentation License.

    * Put yourself in the position of the layman user when choosing
      tools (ask your grandmother).

    * Chosen software should be self-contained, where possible
      --external dependencies create risk of failure and pose other
      risks.
    * Identify the latest version of each tool you propose.
    * Shortly describe its functionalities in a plain language
      understandable to the layman user.
    * In short compare the proposed tool with the others having similar
      functionalities. Why is this particular tool better for a normal
      layman user? (easiness, user control, etc.)
    * Provide links to the relevant sites.
    * Provide easy to understand awareness texts.
    * Send your entry in time, late submissions will not be considered.

                           For more info:
                           http://nlnet.nl/usersafety2008

                           Press announcement (English):

                           http://nlnet.nl/press/20080514-contest.html

                           Press announcement (Nederlands):
                           http://nlnet.nl/press/20080514-wedstrijd.html

                           Overview of NLnet's annual theme privacy:
                           http://nlnet.nl/themes/2008privacy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgxiqkACgkQPPKB2FVlk19u6QCcDQOMFbgshZJhoJMDgnjuJaWB
NdkAn2Vvm+lMD5jhrFLdrPDMTDYFDlOL
=l94F
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20080519/37d45538/attachment-0002.bin>


More information about the JDev mailing list