OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-cybox message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [cti-cybox] A new Forum Object

I dunno about that...

- There have been a heck of a lot of drive-by downloads distributed via forum posts. Forum posts distribute malware just as much as email.

- The incredible majority of malware delivered via email is not specifically targeted.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Patrick Maroney ---06/17/2016 02:59:28 PM---My .02: There are very distinct differences between an emPatrick Maroney ---06/17/2016 02:59:28 PM---My .02: There are very distinct differences between an email message and a forum post. Starting wit

From: Patrick Maroney <Pmaroney@Specere.org>
To: Terry MacDonald <terry.macdonald@cosive.com>, Jason Keirstead/CanEast/IBM@IBMCA
Cc: "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>, "Rich Piazza" <rpiazza@mitre.org>
Date: 06/17/2016 02:59 PM
Subject: RE: [cti-cybox] A new Forum Object




My .02:

There are very distinct differences between an email message and a forum post. Starting with the header meta-data and intent. For example, as an attacker I send a malicious weaponized email to 1200 very specific targets. These individual emails, targets, along with all of the other email meta-data are completely different from a forum post. Of course a forum post may be created and/or further disemminated by an email message, but these all represent distinct objects, acts, and ponts in time.

Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org




On Fri, Jun 17, 2016 at 9:57 AM -0400, "Jason Keirstead" <Jason.Keirstead@ca.ibm.com> wrote:

Maybe I am "old school" from the days of NNTP boards and what-not - but the difference between an email message and a newsgroup AKA Forum post is actually very small to me.

There's a reason it is so easy to create a forum from a mailing list and vice-versa (like Nabble).... its really more a protocol difference than a difference in the message contents. Both are messages that come from an entity that are addressed to one or more other entities, which have headers and which may or may not have other attachments to the message. The fact that one is delivered via SMTP and the other via NNTP or the Web is a protocol nuance, not a property of the message, IMO.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Terry MacDonald ---06/16/2016 06:43:06 PM---My problem with putting this under message is that a foruTerry MacDonald ---06/16/2016 06:43:06 PM---My problem with putting this under message is that a forum post doesn't go anywhere. It's a post on

From: Terry MacDonald <terry.macdonald@cosive.com>
To: Jason Keirstead/CanEast/IBM@IBMCA
Cc: Rich Piazza <rpiazza@mitre.org>, cti-cybox@lists.oasis-open.org
Date: 06/16/2016 06:43 PM
Subject: RE: [cti-cybox] A new Forum Object




My problem with putting this under message is that a forum post doesn't go anywhere. It's a post on a forum. It is accessed at a certain time, and at that point it's a message, by that should be captured in a network connection object somehow.

Cheers
Terry MacDonald
Cosive

On 17/06/2016 5:03 AM, "Jason Keirstead" <Jason.Keirstead@ca.ibm.com> wrote:




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]