[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [EXT] CVE's for malware/backdoors



Also we might want to consider munging the from headers (I know, I know... it's terrible, but at least the mail gets through). DKIM/DMARC and mailing lists are such a mess. 

On Fri, Jan 4, 2019 at 10:28 PM Kurt Seifried <kurt@seifried.org> wrote:
Please note I've already slipped a few in, e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000203

Also please read:


This type of attack will only become more common, it's the soft underbelly of OpenSource (dependancy chains a mile long, many of which are not actively maintained, or have someone who would happily hand over control to a trustworthy party). I think we need to officially include backdoors like this in scope, and also look at other malware types of activity (e.g. the stealing of data, is that not an exposure?). 

--
Kurt Seifried
kurt@seifried.org


--
Kurt Seifried
kurt@seifried.org

Attachment: Screen Shot 2019-01-04 at 10.52.43 PM.png
Description: PNG image


Page Last Updated or Reviewed: January 09, 2019