lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <ca4a8cc50612140835x43349b8bxb206fdac370176f0@mail.gmail.com>
Date: Thu, 14 Dec 2006 17:35:49 +0100
From: "Nuno Treez" <nunotreez@...il.com>
To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk>
Subject: Fwd: NOT a 0day! Re: [fuzzing] OWASP Fuzzing page

---------- Forwarded message ----------
From: Nuno Treez <nunotreez@...il.com>
Date: 14-dic-2006 17:33
Subject: Re: [Full-disclosure] NOT a 0day! Re: [fuzzing] OWASP Fuzzing page
To: Gadi Evron <ge@...uxbox.org>

2006/12/14, Gadi Evron <ge@...uxbox.org>:

> > Wow! That's fun! The so called "Word 0 day" flaw also affects
> > OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool
> > with the file:
>
> This is NOT a 0day. It is a disclosed vulnerability in full-disclosure
> mode, on a mailing list (fuzzing mailing list).
>
[...]
> A 0day, whatever definition you use, is used in the wild before people are
> aware of it.

Agree with you, Gadi. Need to know what we are talking about.

From: http://www.tech-faq.com/0-day.shtml

<snip>

What is 0-day?

0-day, pronounced "Zero Day" or sometimes "Oh Day", means "new."
The term has it's origins in the warez scene, but has become firmly
entrenched in the exploit trading scene.
If a game or an exploit was release on yesterday, it is 1-day. If it
was released a full week ago, it is 7-day.
0-day is used to refer to exploits released today and exploits that
have not yet been released.
An exploit might be 0-day to you because it was just publicly
released, but two-months old to members of the group that coded the
exploit.

</snip>

Cheers.
--
Nuno Treez
--
Being a pain in the Internet's ass since 1996.
--
Si vis pacem para bellum. (Vegetius, Epitome rei militaris, 3. Praef.)
--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ