[EXT] CVE's for malware/backdoors

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[EXT] CVE's for malware/backdoors

Kurt Seifried-2
Please note I've already slipped a few in, e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000203

Also please read:


This type of attack will only become more common, it's the soft underbelly of OpenSource (dependancy chains a mile long, many of which are not actively maintained, or have someone who would happily hand over control to a trustworthy party). I think we need to officially include backdoors like this in scope, and also look at other malware types of activity (e.g. the stealing of data, is that not an exposure?). 

--
Kurt Seifried
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [EXT] CVE's for malware/backdoors

Kurt Seifried-2
Also we might want to consider munging the from headers (I know, I know... it's terrible, but at least the mail gets through). DKIM/DMARC and mailing lists are such a mess. 

On Fri, Jan 4, 2019 at 10:28 PM Kurt Seifried <[hidden email]> wrote:
Please note I've already slipped a few in, e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000203

Also please read:


This type of attack will only become more common, it's the soft underbelly of OpenSource (dependancy chains a mile long, many of which are not actively maintained, or have someone who would happily hand over control to a trustworthy party). I think we need to officially include backdoors like this in scope, and also look at other malware types of activity (e.g. the stealing of data, is that not an exposure?). 

--
Kurt Seifried
[hidden email]


--
Kurt Seifried
[hidden email]

Screen Shot 2019-01-04 at 10.52.43 PM.png (76K) Download Attachment