| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4ef5fec60804191933x4c149abex40da15fd4fd66e3b@mail.gmail.com> Date: Sat, 19 Apr 2008 19:33:34 -0700 From: coderman <coderman@...il.com> To: n3td3v <xploitable@...il.com> Cc: n3td3v <n3td3v@...glegroups.com>, full-disclosure@...ts.grok.org.uk, Gadi Evron <ge@...uxbox.org> Subject: Re: defining 0day On Sat, Apr 19, 2008 at 5:27 PM, n3td3v <xploitable@...il.com> wrote: > ... > But from the computers point of view it doesn't care, if the > vulnerability is not patched by the official vendor then its still a > 0-day. > ... > Its purely a mechanical term for the computer, not anything to do with > what humans think. > .. > A computer doesn't count how many days ago, it counts in 0 and 1's, so > it doesn't count the days inbetween, to the computer there is only > 0-day then patched is 1, thats what the reference is all about. if we determine 0day by "patched" or "not patched" you've applied a useless metric which means nothing. when Oracle doesn't deliver a patch for a known vuln for 1.5 YEARS and you get exploited via this vector, that is a 0day attack? (a vector easily mitigated by disabling a known, often unnecessary component added for marketing value to product..) please, use your crack addled mind (what is left of it) and think through the logical conclusion of your assertion. 0day is a perspective. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists