[ Date Prev ][ Date Next ][ Thread Prev ][ Thread Next ][ Date Index ][ Thread Index ]

Re: CVE for hosted services

To : Art Manion < amanion@cert.org >
Subject : Re: CVE for hosted services
From : Kurt Seifried < kurt@seifried.org >
Date : Tue, 28 Feb 2017 09:02:01 -0700
Authentication-results : spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=seifried.org;
Cc : jericho < jericho@attrition.org >, cve-editorial-board-list < cve-editorial-board-list@lists.mitre.org >
Delivery-date : Tue Feb 28 12:42:39 2017
In-reply-to : < cb66ab45-e727-98c2-23ff-d9992f096205@cert.org >
List-help : < mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST >
List-owner : < mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG >
List-subscribe : < mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG >
List-unsubscribe : < mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG >
References : < A4305A50-AD19-4025-842E-D89337B8269C@cisco.com > < 379DDB8A-F1D2-4E4B-9307-CFBFDB0521F5@intel.com > < 8942442A-17E2-4EEB-9943-648F27125AA6@cisco.com > < 079d4575-d5ef-be7c-bdfb-f817e625b02e@cert.org > <CANO=Ty052fUY+BUC2zziFeiJ=cBPQWUbQozm-9ymKDkBuxo2Xg@mail.gmail.com> < ad8435b9-ba08-a5ee-25ef-cf314c75e0e5@cert.org > < 1487797534.7382.18.camel@cerias.purdue.edu > < alpine.LNX.2.00.1702221518090.19881@forced.attrition.org > < d78f00cb-280e-a674-9264-edf9ed3b4507@cert.org > < CY4PR09MB1255385CC89FEF05C100E83BE6530@CY4PR09MB1255.namprd09.prod.outlook.com > < alpine.LNX.2.00.1702231801000.19881@forced.attrition.org > < 4689d956-c638-b3cc-94cb-1e877c5dc64d@cert.org > < MWHPR09MB14858DAA97929742041D5606A1520@MWHPR09MB1485.namprd09.prod.outlook.com > < alpine.LNX.2.00.1702241614480.19881@forced.attrition.org > < 6a9a57eb-bad0-bea7-a71b-88b059a82969@cert.org > < alpine.LNX.2.00.1702262338220.19881@forced.attrition.org > < cb66ab45-e727-98c2-23ff-d9992f096205@cert.org >
Sender : < owner-cve-editorial-board-list@lists.mitre.org >
Spamdiagnosticmetadata : 6cdb8bfc89744bd8bfee511e3e65aa05
Spamdiagnosticoutput : 1:2

Another shining example of failure that could use an identifier:

https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/

https://news.ycombinator.com/item?id=13748028

This is a great example on so many levels. Simple operational/security failure from the sounds of it (default MongoDB setup, so no auth), that would tend to indicate that they also have other problems (if they can't do simple things right...).

Kurt Seifried
kurt@seifried.org

Follow-Ups :
- Re: CVE for hosted services
  - From: Pascal Meunier <pmeunier@cerias.purdue.edu>

References :
- CVE for hosted services
  - From: "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- Re: CVE for hosted services
  - From: "Landfield, Kent B" <kent.b.landfield@intel.com>
- Re: CVE for hosted services
  - From: "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- Re: CVE for hosted services
  - From: Art Manion <amanion@cert.org>
- Re: CVE for hosted services
  - From: Kurt Seifried <kseifried@redhat.com>
- Re: CVE for hosted services
  - From: Art Manion <amanion@cert.org>
- Re: CVE for hosted services
  - From: Pascal Meunier <pmeunier@cerias.purdue.edu>
- Re: CVE for hosted services
  - From: jericho <jericho@attrition.org>
- Re: CVE for hosted services
  - From: Art Manion <amanion@cert.org>
- RE: CVE for hosted services
  - From: "Booth, Harold (Fed)" <harold.booth@nist.gov>
- RE: CVE for hosted services
  - From: jericho <jericho@attrition.org>
- Re: CVE for hosted services
  - From: Art Manion <amanion@cert.org>
- RE: CVE for hosted services
  - From: "Coffin, Chris" <ccoffin@mitre.org>
- RE: CVE for hosted services
  - From: jericho <jericho@attrition.org>
- Re: CVE for hosted services
  - From: Art Manion <amanion@cert.org>
- Re: CVE for hosted services
  - From: jericho <jericho@attrition.org>
- Re: CVE for hosted services
  - From: Art Manion <amanion@cert.org>

Prev by Date: Re: CVE for hosted services
Next by Date: Re: CVE for hosted services
Previous by thread: Re: CVE for hosted services
Next by thread: Re: CVE for hosted services
Index(es):
- Date
- Thread