[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-users] Re: [cti-cybox] STIX 2.1 Cyber Observable Proposal - Credential Dump Object
I really worry about this. CTI is already a concern for privacy groups. I know we need to figure this out, but I would like to make sure our ship sales and we get positive news/feedback before we try and do something like this. We just need to be super careful, something like this could derail the entire effort before it actually takes off.
Bret
From: cti-cybox@lists.oasis-open.org <cti-cybox@lists.oasis-open.org > on behalf of Terry MacDonald <terry.macdonald@cosive.com>
Sent: Thursday, January 5, 2017 1:51:29 AM
To: OASIS CTI TC CybOX SC list; cti-stix@lists.oasis-open.org; cti-users@lists.oasis-open.org
Subject: [cti-cybox] STIX 2.1 Cyber Observable Proposal - Credential Dump ObjectHi All,
In the spirit of gift giving at this time of year, I have yet another proposal to offer the grou pfor discussion at the upcoming F2F...
2.7.Credential Dump Object
Type Name: credential-dump
The Credential Dump Object represents credential dump containing username and password information that attackers have gained access to and dumped somewhere on the web in public or traded for money. It is primarily to enable the sharing of credential dump information to allow the remediation of affected users.
If you wish to comment, please do so as a reply to this email, or leave a comment on the Google Doc here: https://docs.google.com/document/d/1u9z0XB6A- 0q5CZnC9rx0rGfRJpP5u6jS1sio6w1 OrJ0/edit?usp=sharing
PDF version attached for those who prefer those.....
Cheers
Terry MacDonald | Chief Product Officer
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]