|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: assignments for malware
- To: Kurt Seifried <kurt@seifried.org>
- Subject: Re: assignments for malware
- From: jericho <jericho@attrition.org>
- Date: Mon, 13 Aug 2018 14:31:33 -0500
- Authentication-results: spf=none (sender IP is 192.52.194.235) smtp.mailfrom=attrition.org; imc.mitre.org; dkim=none (message not signed) header.d=none;imc.mitre.org; dmarc=none action=none header.from=attrition.org;
- Cc: CVE Editorial Board <cve-editorial-board-list@mitre.org>
- Delivery-date: Mon Aug 13 15:54:23 2018
- In-reply-to: <CABqVa38yfbG7dSZ3Fz=VVCaSFoCSUGma7vUF7ramQHqw6N3UiQ@mail.gmail.com>
- References: <alpine.LNX.2.20.1808131148090.14361@forced.attrition.org> <CABqVa38yfbG7dSZ3Fz=VVCaSFoCSUGma7vUF7ramQHqw6N3UiQ@mail.gmail.com>
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
- User-agent: Alpine 2.20 (LNX 67 2015-01-07)
On Mon, 13 Aug 2018, Kurt Seifried wrote: : A backdoor is a vulnerability. I think the problem is CVE in past dealt : with "oops we make a mistake" and not "oops, a malicious actor did it on : purpose". : : Doesn't matter to the end user, well actually it does, backdoors are : worse because someone for sure knows about the vulnerability and most : likely intended to use it. So do these things need CVEs, tracking and : remediation for people affected by it? Yes. : : I'm trying to imagine a scenario where a software or service user goes : "oh, this exploitable flaw is a backdoor, thus no CVE, thus we don't : need to remediate it" and uhh.. I can't imagine that, not even close. Granted. But a malicious module that has a similar name as another isn't a backdoor.
- Follow-Ups:
- Re: assignments for malware
- From: Kurt Seifried <kurt@seifried.org>
- Re: assignments for malware
- References:
- assignments for malware
- From: jericho <jericho@attrition.org>
- Re: assignments for malware
- From: Kurt Seifried <kurt@seifried.org>
- assignments for malware
- Prev by Date: Re: assignments for malware
- Next by Date: Re: assignments for malware
- Previous by thread: Re: assignments for malware
- Next by thread: Re: assignments for malware
- Index(es):