lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20070921203951.19927.qmail@cgisecurity.net>
Date: Fri, 21 Sep 2007 16:39:51 -0400 (EDT)
From: bugtraq@...security.net
To: wayne@...net.com (Wayne D. Hoxsie Jr.)
Cc: bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] 0day: PDF pwns Windows

Can we close this thread now?

http://en.wikipedia.org/wiki/Zero_day

"A zero-day (or zero-hour) attack is a computer threat that exposes undisclosed or unpatched computer application vulnerabilities. Zero-day attacks take advantage of computer security holes for which no solution is currently available."


> Steven Adair wrote:
> > Not in my book.  I guess the people on this list are working off too many
> > different definitions of 0day.  0day to me is something for which there is
> > no patch/update at the time of the exploit being coded/used.  So if I code
> > an exploit for IE right now and they don't patch it until April September
> > 2008, it's a 0day exploit for a year.  It's not necessarily new and it
> > doesn't have to be used maliciously.
> > 
> > If I code an exploit (for which there is no patch) and use it on my own
> > servers, does that mean it's not 0day?  I don't think so.  If my WordPress
> > blog gets owned by pwnpress, that's not 0day.. there's patches/updates for
> > everything on there.  It just makes me an idiot for not upgrading.  Now if
> > I get hit with some WP exploit that's not patched, then that's another
> > [0-day] story.
> > 
> > Steven
> > securityzone.org
> > 
> 
> If you're going to steal a term from the biological community at least 
> use in in the same context.  The biological metaphor is getting 
> stretched so much that people forget that these terms have meaning 
> outside the IT realm.
> 
> -- 
> Wayne D. Hoxsie Jr.
> 
- Robert
http://www.cgisecurity.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ