|
|
On 2016-05-01 10:15, Scott Lawler wrote:
> I do. I'll reach out to them to find the right person to talk to.
>
> Something to think about is whether or not CVE should be tracking vuls
> is systems-of-systems (like SWIFT) or do we stay at the lower level of
> operating systems, application software, etc.
>
> There are thousands of larger systems made up of an infinite set of
> vulnerable sub components--with common vuls.
>
> Thoughts?
Can't say I'm read up on the SWFIT attack(s), but I didn't see any
evidence of a vulnerability (technical vulnerability, not
general/dictionary vulnerability). SWIFT is a protocol? Are there
security problems with the protocol design? Implementation defects in
software that implements SWIFT? Insider + malware?
- Art
> On May 1, 2016, at 12:37 AM, Kurt Seifried <kseifried@redhat.com
> <mailto:kseifried@redhat.com>> wrote:
>
>> http://www.theregister.co.uk/2016/04/29/bangladesh_swift_mega_hack_analysis/
>>
>>
>> seems like SWIFT security vulns would be worth CVE, does anyone have
>> contacts at SWIFT they can reach out to?
>>
>> --
>>
>> --
>> Kurt Seifried -- Red Hat -- Product Security -- Cloud
>> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
>> Red Hat Product Security contact: secalert@redhat.com
>> <mailto:secalert@redhat.com>