lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20070926231032.GA62579@demeter.hydra>
Date: Wed, 26 Sep 2007 17:10:32 -0600
From: Chad Perrin <perrin@...theon.com>
To: bugtraq@...urityfocus.com
Subject: Re: defining 0day

On Wed, Sep 26, 2007 at 04:25:30PM -0700, Zow Terry Brugger wrote:
> > As a professional, I would be happy to see terms like '0day' banished  
> > from the lexicon entirely. It's an essentially meaningless -- all  
> > third-party exploits are zero-day to _somebody_ -- term of boast co- 
> > opted from the warez scene, and we can do perfectly well without it.
> 
> I'd accept that. Can we agree on a term that means: "Right now you're 
> learning about a vulnerability for which there is a working exploit, and no 
> way to protect yourself short of impacting the availability of your systems 
> by unplugging them or disabling the affected service."?
> 
> I'd propose "unpatched vulnerability with known working exploit", but it's 
> kind of verbose, and I don't think some of the kids joining our ranks can 
> string that many complete words together anymore (too much texting).

UV:WE

  Unpatched Vulnerability: Working Exploit

. . . or maybe "zero day exploit".

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Brian K. Reid: "In computer science, we stand on each other's feet."

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ