lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.21.0612140739260.31647-100000@linuxbox.org>
Date: Thu, 14 Dec 2006 07:39:35 -0600 (CST)
From: Gadi Evron <ge@...uxbox.org>
To: Jerome Athias <jerome.athias@...e.fr>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
	bugtraq@...urityfocus.com,
	Fuzzing List <fuzzing@...testar.linuxbox.org>
Subject: Re: [fuzzing] NOT a 0day! Re:  [Full-disclosure]  OWASP Fuzzing page

On Thu, 14 Dec 2006, Jerome Athias wrote:
> Gadi Evron a écrit :
> > On Tue, 12 Dec 2006, Joxean Koret wrote:
> >   
> >> Wow! That's fun! The so called "Word 0 day" flaw also affects
> >> OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool
> >> with the file:
> >>     
> >
> > This is NOT a 0day. It is a disclosed vulnerability in full-disclosure
> > mode, on a mailing list (fuzzing mailing list).
> >
> > I am not sure why I got this 10 times now, I thought the days of these
> > bounces were over. But I am tired of seeing every full-disclosure
> > vulnerability called a 0day anymore.
> >
> > A 0day, whatever definition you use, is used in the wild before people are
> > aware of it.
> It makes sense and I totally agree with you.
> But the fact is that the things change (and not allways in the right 
> direction :-()... due to the society, money, research of popularity...
> Please remember us also the sense of the word "hacker" for instance, 
> since nowadays it's often use to speak about "bad guy/blackhat/pirate" - 
> i hope you'll agree that it's not the (our) sense

This battle is not lost. If we call it the right name and talk to the
press using the right terms, it is not lost yet. Maybe it should be, but
it is really confusing when it gets to the professional community.

> 
> /JA
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ