Date: Thu, 18 Oct 2012 18:06:16 -0500
From: scriptjunkie <scriptjunkie1@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Multiple 0-days in Dark Comet RAT

> If a 0 day is everything found by a security team before a vendor then the term will loose all purpose and meaning
> because almost all work done by such researchers is finding vulns. before the vendor.

A "1-day" to an exploit for a vulnerability patched one day ago. A
"2-day" exploit takes advantage of a flaw patched 2 days ago.

An "0-day" is an exploit for a previously unknown vulnerability.
It doesn't mean "an exploit that is widely used by bad guys."
It doesn't mean "an exploit that I think is leet enough."
It doesn't mean "an exploit for software that I think is relevant"
Simply having or finding 0-days isn't by itself a status symbol, there
are probably millions of XSS 0-days that nobody cares about.
And yes, many if not most security researchers spend their time
looking for 0-days. (the relevant kind)

I'm sure we can find some words for an attack you care about, maybe
something explaining the level of access an attack gives you, how
popular the software is, whether user interaction is required, whether
credentials are required, whether it is remote, and yes, whether it is
patched. Maybe even tie in something like CVSS. But "0-day" only
refers to whether there is a patch.

And also, this is a pretty nice attack. There's just something special
about exploiting hacker tools.

-- 
scriptjunkie
http://www.scriptjunkie.us/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists