[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVEs for FinTech

On 2016-05-01 10:15, Scott Lawler wrote:
> I do.   I'll reach out to them to find the right person to talk to.  
> Something to think about is whether or not CVE should be tracking vuls
> is systems-of-systems (like SWIFT) or do we stay at the lower level of
> operating systems, application software, etc.  
> There are thousands of larger systems made up of an infinite set of
> vulnerable sub components--with common vuls.  
> Thoughts?

Can't say I'm read up on the SWFIT attack(s), but I didn't see any
evidence of a vulnerability (technical vulnerability, not
general/dictionary vulnerability).  SWIFT is a protocol?  Are there
security problems with the protocol design?  Implementation defects in
software that implements SWIFT?  Insider + malware?

 - Art

> On May 1, 2016, at 12:37 AM, Kurt Seifried <kseifried@redhat.com
> <mailto:kseifried@redhat.com>> wrote:
>> http://www.theregister.co.uk/2016/04/29/bangladesh_swift_mega_hack_analysis/
>> seems like SWIFT security vulns would be worth CVE, does anyone have
>> contacts at SWIFT they can reach out to?
>> -- 
>> --
>> Kurt Seifried -- Red Hat -- Product Security -- Cloud
>> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
>> Red Hat Product Security contact: secalert@redhat.com
>> <mailto:secalert@redhat.com>

Page Last Updated or Reviewed: May 02, 2016