[
Date Prev
][
Date Next
][
Thread Prev
][
Thread Next
][
Date Index
][
Thread Index
]
Re: assignments for malware
-
To
: Kurt Seifried <
kurt@seifried.org
>
-
Subject
: Re: assignments for malware
-
From
: jericho <
jericho@attrition.org
>
-
Date
: Mon, 13 Aug 2018 14:31:33 -0500
-
Authentication-results
: spf=none (sender IP is 192.52.194.235) smtp.mailfrom=attrition.org; imc.mitre.org; dkim=none (message not signed) header.d=none;imc.mitre.org; dmarc=none action=none header.from=attrition.org;
-
Cc
: CVE Editorial Board <
cve-editorial-board-list@mitre.org
>
-
Delivery-date
: Mon Aug 13 15:54:23 2018
-
In-reply-to
: <CABqVa38yfbG7dSZ3Fz=VVCaSFoCSUGma7vUF7ramQHqw6N3UiQ@mail.gmail.com>
-
References
: <
alpine.LNX.2.20.1808131148090.14361@forced.attrition.org
> <CABqVa38yfbG7dSZ3Fz=VVCaSFoCSUGma7vUF7ramQHqw6N3UiQ@mail.gmail.com>
-
Spamdiagnosticmetadata
: NSPM
-
Spamdiagnosticoutput
: 1:99
-
User-agent
: Alpine 2.20 (LNX 67 2015-01-07)
On Mon, 13 Aug 2018, Kurt Seifried wrote:
: A backdoor is a vulnerability. I think the problem is CVE in past
dealt
: with "oops we make a mistake" and not "oops, a malicious actor did it
on
: purpose".
:
: Doesn't matter to the end user, well actually it does, backdoors are
: worse because someone for sure knows about the vulnerability and most
: likely intended to use it. So do these things need CVEs, tracking and
: remediation for people affected by it? Yes.
:
: I'm trying to imagine a scenario where a software or service user
goes
: "oh, this exploitable flaw is a backdoor, thus no CVE, thus we don't
: need to remediate it" and uhh.. I can't imagine that, not even close.
Granted. But a malicious module that has a similar name as another
isn't a
backdoor.
