cti-stix message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti-users] Re: [cti-cybox] STIX 2.1 Cyber Observable Proposal - Credential Dump Object
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: Terry MacDonald <terry.macdonald@gmail.com>
- Date: Sun, 15 Jan 2017 12:32:52 -0400
Its worth investigating most certainly;
but I agree with Brett that we have to tread carefully.
As an example of why this is dangerous
- downloading credential dumps (which normally house PII) is essentially
illegal for organizations in many countries with strong privacy laws (example,
Canada), and even when it is not illegal it is often blocked by policy
(sites blocked by their proxy firewalls) in many large organizations for
fear of legal repercussions. Therefore, if any given TAXII feed has the
potential to house credential dumps, then it might lock people out of that
TAXII server, unless they have some way to easily filter them out of their
view (which we don't have right now in TAXII)
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security| www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
From:
Terry MacDonald <terry.macdonald@gmail.com>
To:
Bret Jordan <Bret_Jordan@symantec.com>
Cc:
cti-cybox@lists.oasis-open.org,
cti-stix@lists.oasis-open.org, Terry MacDonald <terry.macdonald@cosive.com>,
"cti-users@lists.oasis-open.org" <cti-users@lists.oasis-open.org>
Date:
01/14/2017 03:25 PM
Subject:
Re: [cti-users]
Re: [cti-cybox] STIX 2.1 Cyber Observable Proposal - Credential Dump Object
Sent by:
<cti-users@lists.oasis-open.org>
I'm not sure how this could derail everything, as this
information is already shared via trust group mailing lists. Surely people
would already be assured of our was that dangerous?
It's also important to realise that sharing happens outside
of the US legal system, and the rules in other countries may allow for
credential dump sharing in situations the US does not.
It's at least worth investigating further IMHO...
Cheers
Terry MacDonald
Cosive
On 14 Jan. 2017 15:56, "Bret Jordan" <Bret_Jordan@symantec.com>
wrote:
I really worry about this. CTI is
already a concern for privacy groups. I know we need to figure this
out, but I would like to make sure our ship sales and we get positive news/feedback
before we try and do something like this. We just need to be super
careful, something like this could derail the entire effort before it actually
takes off.Bret
From: cti-cybox@lists.oasis-open.org<cti-cybox@lists.oasis-open.org>
on behalf of Terry MacDonald <terry.macdonald@cosive.com>
Sent: Thursday, January 5, 2017 1:51:29 AM
To: OASIS CTI TC CybOX SC list; cti-stix@lists.oasis-open.org;
cti-users@lists.oasis-open.org
Subject: [cti-cybox] STIX 2.1 Cyber Observable Proposal - Credential
Dump Object
Hi All,
In the spirit of gift giving at this time of year, I have
yet another proposal to offer the grou pfor discussion at the upcoming
F2F...
2.7.Credential Dump Object
Type Name: credential-dump
The Credential Dump Object represents credential
dump containing username and password information that attackers have gained
access to and dumped somewhere on the web in public or traded for money.
It is primarily to enable the sharing of credential dump information to
allow the remediation of affected users.
If you wish to comment, please do so as a reply to this
email, or leave a comment on the Google Doc here: https://docs.google.com/document/d/1u9z0XB6A-0q5CZnC9rx0rGfRJpP5u6jS1sio6w1OrJ0/edit?usp=sharing
PDF version attached for those who prefer those.....
Cheers
Terry MacDonald |
Chief Product Officer
M: +64
211 918 814
E: terry.macdonald@cosive.com
W: www.cosive.com
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]