lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070923235235.GH41180@demeter.hydra>
Date: Sun, 23 Sep 2007 17:52:35 -0600
From: Chad Perrin <perrin@...theon.com>
To: Crispin Cowan <crispin@...ell.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	"pdp \(architect\)" <pdp.gnucitizen@...glemail.com>,
	Gadi Evron <ge@...uxbox.org>, Casper.Dik@....COM
Subject: Re: 0day: PDF pwns Windows

On Sat, Sep 22, 2007 at 10:34:07PM -0700, Crispin Cowan wrote:
> 
> A "private 0day exploit" (the case I was concerned with) would be where
> someone develops an exploit, but does not deploy or publish it, holding
> it in reserve to attack others at the time of their choosing. Presumably
> if such a person wanted to keep it for very long, they would have to
> base it on a vulnerability that they themselves discovered, and did not
> publish.
> 
> I continue to dismiss the requirement that an 0day be found maliciously
> exploiting machines, because that requires inferring intent. IMHO, a POC
> exploit first posted to Bugtraq ahead of the patch counts as an 0day
> exploit, unless it has been so thoroughly obfuscated that the "proof"
> part of "proof of concept" is itself BS.

In the case of that "private zero day exploit", then, nobody will ever
know about it except the person that has it waiting in reserve -- and if
someone else discovers and patches the vulnerability before the exploit
is ever used, it never becomes a "public" zero day exploit.  In other
words, you can always posit that there's sort of a Heisenbergian state of
potential private zero day exploitedness, but in real, practical terms
there's no zero day anything unless it's public.

The moment you have an opportunity to measure it, the waveforms collapse.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Amazon.com interview candidate: "When C++ is your hammer, everything starts
to look like your thumb."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ