lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat Jun 24 20:29:28 2006
From: security at brvenik.com (Jason)
Subject: Amazon, MSN vulns and.. Yes, we know! Mostsites
	have vulnerabilities



David Taylor wrote:
> I surely didn't intend for this thread to end up going in the direction it
> did.  I was basically just trying to say I am concerned with the numerous
> advisory/exploit release on the same day.  No matter what the reason.  And
> perhaps there still isn't a definition of 0-day that everyone agrees on.  I
> basically understand it the way wikipedia has it listed.
> 

There are several interpretations of 0-day but the basic theme is that
an 0-day is better than a NO-day. For the normal people in the world
that simply want to be able to go to work and make some money it can be
inconvenient. The fact remains that everyone has the ability to respond
in a way that is appropriate once an issue is known. Not disclosing the
issue, even if the vendor has patched it, does not help. The entities
that intend on exploiting vulnerabilities are fully capable of reversing
a patch and discovering the vulnerability.

In days past a vulnerability may have gone completely unnoticed and
patched in due time as a bug; the vulnerability still existed. I would
argue that the number of vulnerabilities discovered has not really
increased but awareness certainly has. The composition of vulnerability
disclosures has also changed but the overall number when compared to
impact is not significantly different.

Powered by blists - more mailing lists