[NLnet] NLnet launches contest for protection ordinary Internet users
update at nlnet.nl
update at nlnet.nl
Mon May 19 16:11:53 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
L.S.,
this contest organised by NLnet may be of interest to you. Feel free to
pass it along to anyone you think might be interested - participation is
open to anyone. The goal is to advance the protection of ordinary end
users against cybercrime and privacy leaks. The contest is part of a
longer running program to increase privacy and security in the ICT field.
For more info: http://nlnet.nl/usersafety2008
Kind regards,
the NLnet team
**************** A N N O U N C E M E N T *****************************
*** User Safety Contest 2008
If privacy is not made easy, the common internet user will remain fail
to adequately protect him or herself. Most people do not have a clue
which digital threats and privacy infringements related to the (use of
the) Internet exist, and which tools can help to reduce these. The open
contest "User Safety on the Internet Highway" has the goal to identify a
comprehensive collection of user-friendly software (if possible fitting
on one CD/DVD or USB stick) allowing normal Internet users to protect
themselves from various threats and privacy infringements in a simple
and pragmatic way whereever they go.
Primary targets are users of Windows on the one hand and users of free
operating systems (Linux/*BSD) on the other. Of course the inherent
security issues with e.g. Microsoft Windows cannot be solved, but a
number of other issues can be covered.
What do we have in mind? A collection of software that makes it easy to
contain risks and to use and/or (un)install software whereever you go in
untrusted or even semi-hostile environments. This might take the form of
a well-tuned and feature-rich distro and/or a collection of portable
and/or installable applications. Preferably that would mean choosing the
security level you want once and getting it by pressing the button).
This means assisting to reach the current state of the art in protecting
user's privacy, personal information and communication.
Distribution
We think (although we certainly want to leave space for your
creativity), that the distro should include, but not be limited to:
* Crypto-tools (not too strong) and steganography tools;
* Anonimizer (search engine scrapers, traffic obfuscation and such);
* Anti-botnet, anti-spyware, anti-rootkit, antivirus, other of that
kind;
* Strong password generation;
* Secure password / certificate management;
* Secure disk / folder / file encryption tools;
* Standalone secure backup and disk wiping software;
* Secure chat;
* Secure password management;
* Intrusion detection and network segmentation;
* Firewall
In addition, a number of more common useful security tools and/or
information on how to use them may be identified:
* Mail and browser extensions for GPG, S/MIME, cache monitoring and
protection, IDN domain names, scripting execution prevention/white
listing, one time mail aliases, iframe blocking, cookie
management, user agent renaming;
* Black holing lists (/etc/hosts, Windows HOSTS file) for OS level
blocking of malware;
* Sand box environments for browsers and other risk factors;
* Secure serverless file sharing (direct as well as anonymous
P2P/F2F);
* Secure port knocking;
* Scanning software for known (wireless) network exploits e.g.
default passwords on routers;
* SSH/SCP/SFTP clients and servers;
* Secure VoIP;
* A list of public DNS-es to be able to avoid ISP DNS;
* Privacy testing suite;
* Network traffic analysis and forensics;
* Packet spoofing;
* Possibilities for free digital certificates and other identity
management tools.
In order to keep a balance between defence possibilities and managing
complexity for the layman, so at present we do not think it is necessary
to go into a too comprehensive threat model (say, protection against
electromagnetic eavesdropping may be a step too far, for instance). Then
again, that is up to you.
*** Awareness
One of the main goals is not only to provide tools protecting normal
user, but also create awareness and let him or her be acquainted with
these tools and with the necessity to protect from digital threats. It
is therefore necessary that the compilation shall contain:
* Short and easy explanation of vulnerabilities, threats and privacy
infringements related to utilisation of computer and the Internet.
* Explanation of the fact that the digital defence is more the
matter of mind-set than that of technology.
* Maybe a couple of understandable articles from respectable
journals / papers for a user willing to dig into the matter.
*** How the Results are going to be used?
Because being able to identify good useful free software tools involves
different skills than being able to package software and to document
what these tools are to be used for and how to use them safely, we ask
contestants only to work out the content of the distro (and we will give
out prizes for this). Afterwards, we will hire a professional to package
the software in a so called distro with the chosen content -- we want to
separate the ideas from the implementation. For distribution of the
compiled package we are currently investiging in a number of
partnerships with some respectable organisations, such as consumer/user
organisation(s) with large database of users.
*** Prizes
1st prize 2.500€
2nd prize 1.500€
3rd prize 500€
For exceptional work, additional prizes may be considered at judging.
The prizes will be paid in cash to the winners. Any taxes due are the
sole responsibility of the winners.
*** Contest Schedule
The deadline for Contest entries is August 15, 2008 at 12:00 CET.
Contest results and winners announcement will be made not later than
12:00 CET, September 15, 2008.
*** Submission
Submission of entries shall be made by sending the description of your
compilation and attachments to email address usersafety2008 at nlnet.nl
with the subject "Open Contest User Safety on the Internet Highway".
Additionally your email must contain the (nick)name of the contestant or
the name of the group.
*** How will the contest be judged?
Each entry will be judged by a qualified panel of experts.
*** Simple Rules of the Open Contest
* Anyone can participate --the Contest is open to any individual or
groups from any country.
* Contestants have read and agreed on these Contest Rules.
* All materials used shall be from or shall be put in the Open
Source domain.
* All results of the Contest will remain in the Open Source domain.
* With your submission mention therefore the open source licence of
your choice. There are many licenses dedicated to the open source
domain. (description of various licenses) For this Contest we
recommend the GNU Free Documentation License.
* Put yourself in the position of the layman user when choosing
tools (ask your grandmother).
* Chosen software should be self-contained, where possible
--external dependencies create risk of failure and pose other
risks.
* Identify the latest version of each tool you propose.
* Shortly describe its functionalities in a plain language
understandable to the layman user.
* In short compare the proposed tool with the others having similar
functionalities. Why is this particular tool better for a normal
layman user? (easiness, user control, etc.)
* Provide links to the relevant sites.
* Provide easy to understand awareness texts.
* Send your entry in time, late submissions will not be considered.
For more info:
http://nlnet.nl/usersafety2008
Press announcement (English):
http://nlnet.nl/press/20080514-contest.html
Press announcement (Nederlands):
http://nlnet.nl/press/20080514-wedstrijd.html
Overview of NLnet's annual theme privacy:
http://nlnet.nl/themes/2008privacy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgxiqkACgkQPPKB2FVlk19u6QCcDQOMFbgshZJhoJMDgnjuJaWB
NdkAn2Vvm+lMD5jhrFLdrPDMTDYFDlOL
=l94F
-----END PGP SIGNATURE-----
More information about the Update
mailing list