lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <64CF0185-2BDE-40D8-9BDC-9E66153186E1@e18.physik.tu-muenchen.de>
Date: Tue, 25 Sep 2007 19:57:59 +0200
From: Roland Kuhn <rkuhn@....physik.tu-muenchen.de>
To: Lamont Granquist <lamont@...iptkiddie.org>
Cc: Chad Perrin <perrin@...theon.com>, Gadi Evron <ge@...uxbox.org>,
	"pdp \(architect\)" <pdp.gnucitizen@...glemail.com>,
	Casper.Dik@....COM, full-disclosure@...ts.grok.org.uk,
	bugtraq@...urityfocus.com, Crispin Cowan <crispin@...ell.com>
Subject: Re: 0day: PDF pwns Windows

On 25 Sep 2007, at 00:57, Lamont Granquist wrote:

> The exploit is not made public by its use.  The exploit is not even  
> made public by (back-channel) sharing amongst the hacker/cracker  
> community. The exploit is only made public if detected or the  
> vulnerability is disclosed.  Until detected/disclosed the hacker/ 
> cracker can use their 31337 0day spl01tz to break into whichever  
> vulnerable machines they like. 0day exploits are valuable because  
> the opposition is ignorant of them.
>
> Posting exploits to BUGTRAQ, however, inherently makes them not  
> 0day...

And my ignorant self thought until this thread that the "0" in the  
term referred to the number of days of head start granted to the  
vendor. Silly me. Because that would make all vulnerabilities  
published without prior warning to the vendor a "0day"...

Roland (who seems to remember that this was once the meaning of this  
term)

Download attachment "PGP.sig" of type "application/pgp-signature" (187 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ