| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Dec 2006 07:39:35 -0600 (CST) From: Gadi Evron <ge@...uxbox.org> To: Jerome Athias <jerome.athias@...e.fr> Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>, bugtraq@...urityfocus.com, Fuzzing List <fuzzing@...testar.linuxbox.org> Subject: Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page On Thu, 14 Dec 2006, Jerome Athias wrote: > Gadi Evron a écrit : > > On Tue, 12 Dec 2006, Joxean Koret wrote: > > > >> Wow! That's fun! The so called "Word 0 day" flaw also affects > >> OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool > >> with the file: > >> > > > > This is NOT a 0day. It is a disclosed vulnerability in full-disclosure > > mode, on a mailing list (fuzzing mailing list). > > > > I am not sure why I got this 10 times now, I thought the days of these > > bounces were over. But I am tired of seeing every full-disclosure > > vulnerability called a 0day anymore. > > > > A 0day, whatever definition you use, is used in the wild before people are > > aware of it. > It makes sense and I totally agree with you. > But the fact is that the things change (and not allways in the right > direction :-()... due to the society, money, research of popularity... > Please remember us also the sense of the word "hacker" for instance, > since nowadays it's often use to speak about "bad guy/blackhat/pirate" - > i hope you'll agree that it's not the (our) sense This battle is not lost. If we call it the right name and talk to the press using the right terms, it is not lost yet. Maybe it should be, but it is really confusing when it gets to the professional community. > > /JA >
Powered by blists - more mailing lists