| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Jul 2007 20:01:26 -0400
From: "T Biehn" <tbiehn@...il.com>
To: "Gadi Evron" <ge@...uxbox.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Internet Explorer 0day exploit
How does DNS work again, Gadi?
On 7/14/07, Gadi Evron <ge@...uxbox.org> wrote:
>
> On Sat, 14 Jul 2007, Dragos Ruiu wrote:
> > On Tuesday 10 July 2007 08:53, Gadi Evron wrote:
> >> To paraphrase Guninski, this is still not a 0day. It is a vulnerability
> >> being disclosed.
> >
> > You're being pedantic Gadi. :-)
> >
> > We have to accept the term "0day" has passed into
> > the realm of meaningless nebulousness along with
> > "hacker" and other misused terms.
> >
> > If we are to be pedantic, the original meaning of
> > 0day is new warez release :-).
>
> I think there is still hope for us buddy, at least when professionals make
> releases.
> For example, instead of saying I'm being pedantic on this (which I am),
> you could (also, in addition) reply and say "yep" or "nope", thus
> contributing to some discussion. Meaning, we would either make a stand for
> our profession or at the very least get educated as we go along.
>
> Some people believe the way to reach a "mature industry" is time, others
> believe it's training or in a more specific fashion, certifications. I
> don't know what the answer is, and I am sure it isn't terminology (or
> certifications, hehe).
>
> I do know though, what a 0day is, and don't intend to compromise it for
> the sake of what the press makes of it. It's a strong term and concept
> which shouldn't be abused. That or we can decide on a new term for what
> 0day used to mean. How about "blubla"?
>
> >From professionals, we can expect good language and for their work to
> speak for them. We shouldn't compromise on silly things like what 0day
> means.
>
> Maybe I will give this up next year, but for now, advisories named "0day"
> have disapeared lately. Maybe peer pressure does have some effect.
>
> The above is over-thinking and some could consider it very silly, but for
> now, I believe in it. It's just like I resent those among consultants who
> conduct themselves in a fashion that makes me ashamed of my profession, as
> a far-off analogy.
>
> > cheers,
> > --dr
> >
> > --
> > World Security Pros. Cutting Edge Training, Tools, and Techniques
> > Tokyo, Japan November 29/30 - 2007 http://pacsec.jp
> > pgpkey http://dragos.com/ kyxpgp
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists