OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-cybox] STIX 2.1 Cyber Observable Proposal - Credential Dump Object


I really worry about this.  CTI is already a concern for privacy groups.  I know we need to figure this out, but I would like to make sure our ship sales and we get positive news/feedback before we try and do something like this.  We just need to be super careful, something like this could derail the entire effort before it actually takes off.


Bret


From: cti-cybox@lists.oasis-open.org <cti-cybox@lists.oasis-open.org> on behalf of Terry MacDonald <terry.macdonald@cosive.com>
Sent: Thursday, January 5, 2017 1:51:29 AM
To: OASIS CTI TC CybOX SC list; cti-stix@lists.oasis-open.org; cti-users@lists.oasis-open.org
Subject: [cti-cybox] STIX 2.1 Cyber Observable Proposal - Credential Dump Object
 
Hi All,

In the spirit of gift giving at this time of year, I have yet another proposal to offer the grou pfor discussion at the upcoming F2F...

​2.7.Credential Dump Object

Type Name: credential-dump

The Credential Dump Object represents credential dump containing username and password information that attackers have gained access to and dumped somewhere on the web in public or traded for money. It is primarily to enable the sharing of credential dump information to allow the remediation of affected users.




If you wish to comment, please do so as a reply to this email, or leave a comment on the Google Doc here: https://docs.google.com/document/d/1u9z0XB6A-0q5CZnC9rx0rGfRJpP5u6jS1sio6w1OrJ0/edit?usp=sharing

PDF version attached for those who prefer those.....

Cheers

Terry MacDonald | Chief Product Officer








[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]