[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <002801c8ac92$4bedaf90$1214dd80@corp.emc.com>
Date: Fri, 2 May 2008 16:22:47 -0400
From: "Exibar" <exibar@...lair.com>
To: "Douglas K. Fischer" <fischerdk@...oki.com>,
"n3td3v" <xploitable@...il.com>
Cc: n3td3v <n3td3v@...glegroups.com>, full-disclosure@...ts.grok.org.uk,
Gadi Evron <ge@...uxbox.org>
Subject: Re: defining 0day
Exactly.
Zero Day Exploit: A brand new exploit. For a brand new vulnerability that
isn't known either public or private (private = vendor only). The Exploit
itself is also brand new, never before known either public or private.
Exibar
----- Original Message -----
From: "Douglas K. Fischer" <fischerdk@...oki.com>
To: "n3td3v" <xploitable@...il.com>
Cc: "n3td3v" <n3td3v@...glegroups.com>; <full-disclosure@...ts.grok.org.uk>;
"Gadi Evron" <ge@...uxbox.org>
Sent: Friday, May 02, 2008 3:10 PM
Subject: Re: [Full-disclosure] defining 0day
> -------- Original Message --------
> Subject: Re: [Full-disclosure] defining 0day
> From: n3td3v <xploitable@...il.com>
> To: Gadi Evron <ge@...uxbox.org>, full-disclosure@...ts.grok.org.uk,
> n3td3v <n3td3v@...glegroups.com>
> Date: 04/19/2008 18:44
>> On Tue, Sep 25, 2007 at 8:02 PM, Gadi Evron <ge@...uxbox.org> wrote:
>>
>>> Okay. I think we exhausted the different views, and maybe we are now
>>> able
>>> to come to a conlusion on what we WANT 0day to mean.
>>>
>>> What do you, as professional, believe 0day should mean, regardless of
>>> previous definitions?
>>>
>>> Obviously, the term has become charged in the past couple of years with
>>> the
>>> targeted office vulnerabilities attacks, WMF, ANI, etc.
>>>
>>> We require a term to address these, just as much as we do "unpatched
>>> vulnerability" or "fully disclosed vulnerability".
>>>
>>> What other such descriptions should we consider before proceeding?
>>> non-disclosure?
>>>
>>> Gadi.
>>>
>>>
>>
>> I just caught a news article that summed up nicely what 0day means...
>>
>> "A zero-day flaw is a software vulnerability that has become public
>> knowledge but for which no patch is available. It is particularly
>> dangerous since users are exposed from day zero until the day a vendor
>> prepares a patch and notifies users it is ready."
>>
>> http://www.pcworld.com/businesscenter/article/144803/chinese_blogs_detail_zeroday_flaw_in_microsoft_works.html
>>
>> Regards,
>>
>> n3td3v
>>
> I would actually add one more criteria. Not only would a 0day have no
> patch available, but the vulnerability being exploited would not have
> been previously announced. In other words, the very first exposure in
> the wild of a 0day would be active exploitation of an "as of yet
> unknown" (except of course by the exploit author) vulnerability. This
> makes a true 0day all the more potent.
>
> Cheers,
>
> Doug
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists