lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue Feb 14 16:20:05 2006
From: fd at g-0.org (GroundZero Security)
Subject: Re: On the "0-day" term

0days in the warez scene have a different meaning as in security.
in the security "scene" 0days are undisclosed vulnerabilities. some are
in the underground for years before they get disclosed. in warez its just
a new release that hasnt been there yet.

----- Original Message ----- 
From: <ad@...poverflow.com>
To: "Gadi Evron" <ge@...uxbox.org>
Cc: <full-disclosure@...ts.grok.org.uk>; "Steven M. Christey" <coley@...re.org>
Sent: Tuesday, February 14, 2006 2:02 PM
Subject: Re: [Full-disclosure] Re: On the "0-day" term


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>  
> 0day just mean the day released, its mostly a term used in the warez
> scene to qualify new app/mp3 cracked each days, as exploits released
> each days ...
> 
> Gadi Evron wrote:
> > Steven M. Christey wrote:
> >
> > Hey Steve! :)
> >
> >> It's not necessarily that 0-days are a myth, it's that people have
> >> been using the term "0-day" to mean two separate things:
> >
> > 0days are not a myth on their own.
> > They are live and kickin`! :)
> >
> >>  - in-the-wild hacks of live systems using vulnerabilities previously
> >>    unkown to the public and the vendor;
> >>
> >>  - release of exploit information for vulnerabilities previously
> >>    unkown to the public and the vendor, for which there are no known
> >>    in-the-wild hacks of live systems at the time of disclosure (though
> >>    such hacks seem to occur very soon afterward)
> >
> > I don't know, last year I read an article about 0days being released
> > vulnerabilities where the patch is not applied yet. Uh huh.
> >
> >>> Does anyone still think bad guys don't exploit (to whatever goals) a
> >>> 0day if it is out there?
> >>
> >>
> >> The answer seems obvious, but...
> >>
> >> It's not entirely clear to me how many in-the-wild 0-days exist and
> >> are actively exploited.  Just because some "white hat" finds something
> >> does not mean that we should ALWAYS assume that the "black hats"
> >> already know about it.  The converse is also true, of course; see the
> >
> > On this point I disagree. We have to assume the worst, especially
> > where we are specifically vulnerable. And as today we mostly rely on
> > software security on-top of software security for our defense - we
> > HAVE to assume the worst... we just don't have to hype it, and
> > possibly, we can call it what it really is.
> >
> >> recent WMF issue.
> >
> > The goal of said 0day may be for specific attacks against specific
> > targets. I don't see why anyone would waste their secret & strong
> > resource on the wild west of the net - we don't often find 0days,
> > right? Microsoft's or SecurityFocus's sites don't go down that
> > often, right?
> >
> > WMF was an exploit of opportunity, i.e.: what is our window of
> > opportunity to infect users with spyware before we are found out?
> > In this case it was about 2 weeks.
> >
> > This came to show that spyware manufacturers either did their own
> > R&D or bought 0days. This is not the first time, either.
> >
> >> Certainly, at least a couple in-the-wild 0-days are publicized a year,
> >> and maybe more in the coming year, given the precedents of the past 6
> >> months or so, as the honeymonkeys project and Websense have shown.
> >>
> >> One would hope that there is some critical mass (i.e. number of
> >> compromised systems) beyond which any in-the-wild 0-day would become
> >> publicly known.  This cricital mass would depend on the diligence of
> >> the incident response community and the amount of coordination -
> >> direct or indirect - with the vulnerability research community.
> >
> > Critical mass could also be one well-placed machine. Point is we
> > need to differentiate between, but not limited to:
> > 1. Vulns that were already disclosed to the vendor or CC's.
> > 2. Vulns that are publicly announce OR released by advisory or similar.
> > and
> > 3. Vulns that no one knows exist, whether being exploited wildly,
> > kept in a bunker or used on special targets.
> >
> > It's time we stopped guessing and starting regulating these terms,
> > not because we can tell people how to use the term '0day' but rather
> > what it might mean. Makes lives so much easier.
> >
> > In some of the above cases I will be proud to yell: "THERE ARE NO
> > 0DAYS", while I know that's obviously false in other cases.
> >
> > The problem with this email, as well as any other to follow is that
> > they are all full of opinions. We have to stop being an opinion-lead
> > industry where opinions constitute 90% (didn't make any specific
> > calculation, that's my opinion) of how we do things professionally.
> >
> >> - Steve
> >
> > I really hope this is not to become another long debate on religious
> > terminology.. what have I done?!
> >
> >     Gadi.
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
>  
> iQIVAwUBQ/HU4K+LRXunxpxfAQJmSQ//fmj9Me1Zq3e+gczohbl6GnDDA7weLeQU
> yzoZFTdKK8JuL+rjlgbLkzDXlah8UaS6CYImYANHg8YfJW2a27pMzIizGqC58ILe
> LZSAcQw3K23cu/BuB7yX5kJoj0jcZzjz0mLqHzMGU9JcwiFl/UsLK6Jc7pRsa1/T
> vspJYMkTj0b8pwCdkF8EGqr5pDL0qGeSTgONna2eZhmDq0kSXnDTtGOXjDsvvcvz
> 5QVrX/uXhAZWJSZKe690K+/tJzVLJtTtAm3yQfw0a+P5HsT3cTGSJQ0Dns4Yy357
> Bzrzegz5V9MTYdUtlZresfQ+DXqTE0XbBskFeN0GmBB6pr1R0IPdnojXJyK2ZY+u
> ukypO+n5kabSIAskdUamTQyszsDKuGmKdqV2osyt4nk50ob9eK4a6gSvOv0bcWc9
> wTv51aCwEAX8MOR70SPu43b2YsFqsMkF8fxNmjY+X7xBt2FtuA9od4t2ApPiticU
> wutSEvLk2UNmJNiR/YJESqHic8OVR+KEf65NEIJ/lZDgLXrocW2bFG99+T97j2zF
> G+VnIG9qU28G0w3+tzOEoD3/krB/6l4tm5Zae6SMN543BhLgA3oGC7zeybYjeAOX
> 5OS3K0i1pUJIhUyp/bUx6a/2t1r02CUqCpcL26dOvTzkysXEUOlyF2Wj+7kXo2QD
> trkEmkW5tk4=
> =BS4A
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ