[ Date Prev ][ Date Next ][ Thread Prev ][ Thread Next ][ Date Index ][ Thread Index ]

Re: [EXT] CVE's for malware/backdoors

To : cve-editorial-board-list < cve-editorial-board-list@lists.mitre.org >
Subject : Re: [EXT] CVE's for malware/backdoors
From : Kurt Seifried < kurt@seifried.org >
Date : Fri, 4 Jan 2019 22:53:48 -0700
Authentication-results : spf=softfail (sender IP is 198.49.146.235) smtp.mailfrom=seifried.org; lists.mitre.org; dkim=pass (signature was verified) header.d=seifried-org.20150623.gappssmtp.com;lists.mitre.org; dmarc=none action=none header.from=seifried.org;
Delivery-date : Mon Jan 7 07:40:57 2019
Dkim-signature : v=1; a=rsa-sha256; c=relaxed/relaxed; d=seifried-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=2BcmrUw6WUHPZzCMx8+E/tjdLdpd3WcX9JZp+IwY/38=; b=SfN/vhxwsWY1ejjWl4ohmy7NzRXDLI38PTTpWRjIXRXeBprRkRpCVz8jkW/tHfF66W o2vGJMT90M8UNfi+jcdcBFLIX7aerzDWPrxEGIbDjWeOJI8afxL7RjX9HH9d9qP11jag 2q/iD6o+TV+ai0qYs4Cbl6YQx6ICjUegbmbJQuGsQqtyhwgkvn1/s/kiKxzOjpf2pHRh uZAXkbQJv6uAj1CdmGuyrKmS7mOsvGe1M2JZFPE4yAOE5J6LhGaRt1t+sEtk+PwY70vW biI/mHYREEJ7NznW2bt6XeXkilo8quJjYfnE2gxCaa4vqFntt7Mz7D1j9EazeIpNF4Ek jMYw==
In-reply-to : <26561_1546666089_5C304069_26561_999_1_CABqVa39Z7Gd6WOzPacCsBGpcBY_g=U9+GQ1Fm8rw0UMNi_R+Dw@mail.gmail.com>
References : <26561_1546666089_5C304069_26561_999_1_CABqVa39Z7Gd6WOzPacCsBGpcBY_g=U9+GQ1Fm8rw0UMNi_R+Dw@mail.gmail.com>
Spamdiagnosticmetadata : NSPM
Spamdiagnosticoutput : 1:99

Also we might want to consider munging the from headers (I know, I know... it's terrible, but at least the mail gets through). DKIM/DMARC and mailing lists are such a mess.

On Fri, Jan 4, 2019 at 10:28 PM Kurt Seifried < kurt@seifried.org > wrote:

Please note I've already slipped a few in, e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000203

Also please read:

https://www.hillelwayne.com/post/stamping-on-eventstream/

This type of attack will only become more common, it's the soft underbelly of OpenSource (dependancy chains a mile long, many of which are not actively maintained, or have someone who would happily hand over control to a trustworthy party). I think we need to officially include backdoors like this in scope, and also look at other malware types of activity (e.g. the stealing of data, is that not an exposure?).

--

Kurt Seifried
kurt@seifried.org

Kurt Seifried
kurt@seifried.org

Attachment: Screen Shot 2019-01-04 at 10.52.43 PM.png
Description: PNG image

References :
- [EXT] CVE's for malware/backdoors
  - From: Kurt Seifried <kurt@seifried.org>

Prev by Date: [EXT] CVE's for malware/backdoors
Next by Date: CVE Board Meeting Summary - 12 December 2018
Previous by thread: [EXT] CVE's for malware/backdoors
Next by thread: CVE Board Meeting Summary - 12 December 2018
Index(es):
- Date
- Thread