| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0707240732520.11749@faramir.hugo.vanderkooij.org> Date: Tue, 24 Jul 2007 07:37:08 +0200 (CEST) From: Hugo van der Kooij <hvdkooij@...derkooij.org> To: Bugtraq mailinglist <bugtraq@...urityfocus.com> Subject: RE: Internet Explorer 0day exploit On Sat, 21 Jul 2007, Ken Kousky wrote: > Zero day is a serious misnomer from vendors that suggest that the counting > of time an exposure is known BY THE GOOD GUYS is some kind of trigger date > when in reality, many serious exploits are know BY THE BAD GUYS so the day > zero is really months or maybe years prior to the disclosure or notification > date. Look at the WMF vulnerability that caused a mad rush to patch it once > the good guys were put on notice. In this case, the vulnerability had been > present in Windows products since the early 90s and according to Kapersky > Labs there was even malware being sold that took advantage of it long before > there was even day zero notification. I reserve the word 0day to issues that have been found through exploits. So a 0day exploit is an exploit out in the field were the vulnerability is/was not publicly known before the exploit was found. As such it would be a very rough indication of the score of good guys (writing advisories) and the bad guys (writing exploits). Hugo. -- hvdkooij@...derkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.)
Powered by blists - more mailing lists