|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [EXT] CVE's for malware/backdoors
- To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Subject: Re: [EXT] CVE's for malware/backdoors
- From: Kurt Seifried <kurt@seifried.org>
- Date: Fri, 4 Jan 2019 22:53:48 -0700
- Authentication-results: spf=softfail (sender IP is 198.49.146.235) smtp.mailfrom=seifried.org; lists.mitre.org; dkim=pass (signature was verified) header.d=seifried-org.20150623.gappssmtp.com;lists.mitre.org; dmarc=none action=none header.from=seifried.org;
- Delivery-date: Mon Jan 7 07:40:57 2019
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seifried-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=2BcmrUw6WUHPZzCMx8+E/tjdLdpd3WcX9JZp+IwY/38=; b=SfN/vhxwsWY1ejjWl4ohmy7NzRXDLI38PTTpWRjIXRXeBprRkRpCVz8jkW/tHfF66W o2vGJMT90M8UNfi+jcdcBFLIX7aerzDWPrxEGIbDjWeOJI8afxL7RjX9HH9d9qP11jag 2q/iD6o+TV+ai0qYs4Cbl6YQx6ICjUegbmbJQuGsQqtyhwgkvn1/s/kiKxzOjpf2pHRh uZAXkbQJv6uAj1CdmGuyrKmS7mOsvGe1M2JZFPE4yAOE5J6LhGaRt1t+sEtk+PwY70vW biI/mHYREEJ7NznW2bt6XeXkilo8quJjYfnE2gxCaa4vqFntt7Mz7D1j9EazeIpNF4Ek jMYw==
- In-reply-to: <26561_1546666089_5C304069_26561_999_1_CABqVa39Z7Gd6WOzPacCsBGpcBY_g=U9+GQ1Fm8rw0UMNi_R+Dw@mail.gmail.com>
- References: <26561_1546666089_5C304069_26561_999_1_CABqVa39Z7Gd6WOzPacCsBGpcBY_g=U9+GQ1Fm8rw0UMNi_R+Dw@mail.gmail.com>
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Also we might want to consider munging the from headers (I know, I know... it's terrible, but at least the mail gets through). DKIM/DMARC and mailing lists are such a mess.
On Fri, Jan 4, 2019 at 10:28 PM Kurt Seifried <kurt@seifried.org> wrote:
Please note I've already slipped a few in, e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000203Also please read:This type of attack will only become more common, it's the soft underbelly of OpenSource (dependancy chains a mile long, many of which are not actively maintained, or have someone who would happily hand over control to a trustworthy party). I think we need to officially include backdoors like this in scope, and also look at other malware types of activity (e.g. the stealing of data, is that not an exposure?).--Kurt Seifried
kurt@seifried.org
Kurt Seifried
kurt@seifried.org
kurt@seifried.org
Attachment:
Screen Shot 2019-01-04 at 10.52.43 PM.png
Description: PNG image
- References:
- [EXT] CVE's for malware/backdoors
- From: Kurt Seifried <kurt@seifried.org>
- [EXT] CVE's for malware/backdoors
- Prev by Date: [EXT] CVE's for malware/backdoors
- Next by Date: CVE Board Meeting Summary - 12 December 2018
- Previous by thread: [EXT] CVE's for malware/backdoors
- Next by thread: CVE Board Meeting Summary - 12 December 2018
- Index(es):