|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE for hosted services
- To: Kurt Seifried <kurt@seifried.org>
- Subject: Re: CVE for hosted services
- From: Pascal Meunier <pmeunier@cerias.purdue.edu>
- Date: Tue, 28 Feb 2017 11:36:11 -0500
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=cerias.purdue.edu;
- Cc: Art Manion <amanion@cert.org>, jericho <jericho@attrition.org>, cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-date: Tue Feb 28 12:42:38 2017
- In-reply-to: <CABqVa3-+6WYhp1T0hq=-1S0=DijN_5uk09mByT5WDr6gATUwEg@mail.gmail.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <A4305A50-AD19-4025-842E-D89337B8269C@cisco.com> <379DDB8A-F1D2-4E4B-9307-CFBFDB0521F5@intel.com> <8942442A-17E2-4EEB-9943-648F27125AA6@cisco.com> <079d4575-d5ef-be7c-bdfb-f817e625b02e@cert.org> <CANO=Ty052fUY+BUC2zziFeiJ=cBPQWUbQozm-9ymKDkBuxo2Xg@mail.gmail.com> <ad8435b9-ba08-a5ee-25ef-cf314c75e0e5@cert.org> <1487797534.7382.18.camel@cerias.purdue.edu> <alpine.LNX.2.00.1702221518090.19881@forced.attrition.org> <d78f00cb-280e-a674-9264-edf9ed3b4507@cert.org> <CY4PR09MB1255385CC89FEF05C100E83BE6530@CY4PR09MB1255.namprd09.prod.outlook.com> <alpine.LNX.2.00.1702231801000.19881@forced.attrition.org> <4689d956-c638-b3cc-94cb-1e877c5dc64d@cert.org> <MWHPR09MB14858DAA97929742041D5606A1520@MWHPR09MB1485.namprd09.prod.outlook.com> <alpine.LNX.2.00.1702241614480.19881@forced.attrition.org> <6a9a57eb-bad0-bea7-a71b-88b059a82969@cert.org> <alpine.LNX.2.00.1702262338220.19881@forced.attrition.org> <cb66ab45-e727-98c2-23ff-d9992f096205@cert.org> <CABqVa3-+6WYhp1T0hq=-1S0=DijN_5uk09mByT5WDr6gATUwEg@mail.gmail.com>
- Reply-to: <pmeunier@cerias.purdue.edu>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
This is a one-off piece of **** consumer product, not software that is installed, offered as a service or used anywhere else. Give it an incident or advisory ID, or describe it as an anti-pattern because developers of similar products make similar mistakes. However, I fail to see the relevance to the CVE. If all these products from different manufacturers were vulnerable due to a software-as-a-service offering, common to many, I would be interested. Please don't make the CVE into an incident or advisory database just because an ID would be handy. Pascal On Tue, 2017-02-28 at 09:02 -0700, Kurt Seifried wrote: > Another shining example of failure that could use an identifier: > > https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/ > https://news.ycombinator.com/item?id=13748028 > > This is a great example on so many levels. Simple operational/security > failure from the sounds of it (default MongoDB setup, so no auth), > that > would tend to indicate that they also have other problems (if they > can't do > simple things right...). >
- References:
- CVE for hosted services
- From: "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- Re: CVE for hosted services
- From: "Landfield, Kent B" <kent.b.landfield@intel.com>
- Re: CVE for hosted services
- From: "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- Re: CVE for hosted services
- From: Kurt Seifried <kseifried@redhat.com>
- Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- Re: CVE for hosted services
- From: Pascal Meunier <pmeunier@cerias.purdue.edu>
- Re: CVE for hosted services
- From: jericho <jericho@attrition.org>
- Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- RE: CVE for hosted services
- From: "Booth, Harold (Fed)" <harold.booth@nist.gov>
- RE: CVE for hosted services
- From: jericho <jericho@attrition.org>
- Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- RE: CVE for hosted services
- From: "Coffin, Chris" <ccoffin@mitre.org>
- RE: CVE for hosted services
- From: jericho <jericho@attrition.org>
- Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- Re: CVE for hosted services
- From: jericho <jericho@attrition.org>
- Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- Re: CVE for hosted services
- From: Kurt Seifried <kurt@seifried.org>
- CVE for hosted services
- Prev by Date: Re: CVE for hosted services
- Previous by thread: Re: CVE for hosted services
- Next by thread: RE: CVE for hosted services
- Index(es):