[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVEs for FinTech
- To: Scott Lawler <scott.lawler@lp3.com>, Kurt Seifried <kseifried@redhat.com>
- Subject: Re: CVEs for FinTech
- From: Art Manion <amanion@cert.org>
- Date: Sun, 1 May 2016 23:32:20 -0400
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=cert.org;
- Cc: cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-date: Mon May 2 07:46:43 2016
- In-reply-to: <6983DD09-2547-4943-A6F6-E4B49B792ADB@lp3.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CANO=Ty2s0dfKNTvg-cwes-BsWNdwDvXW9ZvrXd7iX-u88LWooA@mail.gmail.com> <6983DD09-2547-4943-A6F6-E4B49B792ADB@lp3.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 43da9c421be74aed97248473db21fd15
- Spamdiagnosticoutput: 1:2
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.0
On 2016-05-01 10:15, Scott Lawler wrote: > I do. I'll reach out to them to find the right person to talk to. > > Something to think about is whether or not CVE should be tracking vuls > is systems-of-systems (like SWIFT) or do we stay at the lower level of > operating systems, application software, etc. > > There are thousands of larger systems made up of an infinite set of > vulnerable sub components--with common vuls. > > Thoughts? Can't say I'm read up on the SWFIT attack(s), but I didn't see any evidence of a vulnerability (technical vulnerability, not general/dictionary vulnerability). SWIFT is a protocol? Are there security problems with the protocol design? Implementation defects in software that implements SWIFT? Insider + malware? - Art > On May 1, 2016, at 12:37 AM, Kurt Seifried <kseifried@redhat.com > <mailto:kseifried@redhat.com>> wrote: > >> http://www.theregister.co.uk/2016/04/29/bangladesh_swift_mega_hack_analysis/ >> >> >> seems like SWIFT security vulns would be worth CVE, does anyone have >> contacts at SWIFT they can reach out to? >> >> -- >> >> -- >> Kurt Seifried -- Red Hat -- Product Security -- Cloud >> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 >> Red Hat Product Security contact: secalert@redhat.com >> <mailto:secalert@redhat.com>
- Follow-Ups:
- Re: CVEs for FinTech
- From: Kurt Seifried <kseifried@redhat.com>
- Re: CVEs for FinTech
- References:
- Re: CVEs for FinTech
- From: Scott Lawler <scott.lawler@lp3.com>
- Re: CVEs for FinTech
- Prev by Date: Re: CVEs for FinTech
- Next by Date: Re: CVEs for FinTech
- Previous by thread: Re: CVEs for FinTech
- Next by thread: Re: CVEs for FinTech
- Index(es):
