lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.62.0707142133540.18405@linuxbox.org>
Date: Sat, 14 Jul 2007 21:41:38 -0500 (CDT)
From: Gadi Evron <ge@...uxbox.org>
To: Dragos Ruiu <dr@....net>
Cc: bugtraq@...urityfocus.com, Thor Larholm <seclists@...holm.com>,
	full-disclosure@...ts.grok.org.uk
Subject: Re: Internet Explorer 0day exploit

On Sat, 14 Jul 2007, Dragos Ruiu wrote:
> On Tuesday 10 July 2007 08:53, Gadi Evron wrote:
>> To paraphrase Guninski, this is still not a 0day. It is a vulnerability
>> being disclosed.
>
> You're being pedantic Gadi. :-)
>
> We have to accept the term "0day" has passed into
> the realm of meaningless nebulousness along with
> "hacker" and other misused terms.
>
> If we are to be pedantic, the original meaning of
> 0day is new warez release :-).

I think there is still hope for us buddy, at least when professionals make 
releases.
For example, instead of saying I'm being pedantic on this (which I am), 
you could (also, in addition) reply and say "yep" or "nope", thus 
contributing to some discussion. Meaning, we would either make a stand for 
our profession or at the very least get educated as we go along.

Some people believe the way to reach a "mature industry" is time, others 
believe it's training or in a more specific fashion, certifications. I 
don't know what the answer is, and I am sure it isn't terminology (or 
certifications, hehe).

I do know though, what a 0day is, and don't intend to compromise it for 
the sake of what the press makes of it. It's a strong term and concept 
which shouldn't be abused. That or we can decide on a new term for what 
0day used to mean. How about "blubla"?

>From professionals, we can expect good language and for their work to 
speak for them. We shouldn't compromise on silly things like what 0day 
means.

Maybe I will give this up next year, but for now, advisories named "0day" 
have disapeared lately. Maybe peer pressure does have some effect.

The above is over-thinking and some could consider it very silly, but for 
now, I believe in it. It's just like I resent those among consultants who 
conduct themselves in a fashion that makes me ashamed of my profession, as 
a far-off analogy.

> cheers,
> --dr
>
> -- 
> World Security Pros. Cutting Edge Training, Tools, and Techniques
> Tokyo, Japan   November 29/30 - 2007    http://pacsec.jp
> pgpkey http://dragos.com/ kyxpgp
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ