lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1306275482-1288284661-cardhu_decombobulator_blackberry.rim.net-382674453-@bda309.bisx.produk.on.blackberry>
Date: Thu, 28 Oct 2010 16:51:57 +0000
From: w0lfd33m@...il.com
To: "Thor (Hammer of God)" <thor@...merofgod.com>,
	"Curt Purdy" <infosysec@...il.com>,
	"full-disclosure-bounces@...ts.grok.org.uk"
	<full-disclosure-bounces@...ts.grok.org.uk>,
	"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: 0-day "vulnerability"

Yup. We arguing here on fine tuning industry accepted terms would hardly make any difference.  But here we are just trying to argue what "should had been" the terminology. 
You can say that just cutting out time when there is really no work ;) :P
Regards;
w0lf
-- sent from BlackBerry --

-----Original Message-----
From: "Thor (Hammer of God)" <thor@...merofgod.com>
Date: Thu, 28 Oct 2010 16:35:33 
To: w0lfd33m@...il.com<w0lfd33m@...il.com>; Curt Purdy<infosysec@...il.com>; full-disclosure-bounces@...ts.grok.org.uk<full-disclosure-bounces@...ts.grok.org.uk>; full-disclosure@...ts.grok.org.uk<full-disclosure@...ts.grok.org.uk>
Subject: RE: [Full-disclosure] 0-day "vulnerability"

None of this really matters.  People will call it whatever they want to.  Generally, all software has some sort of vulnerability.  If they want to call the process of that vulnerability being communicated for the first time "0 day vulnerability" then so what.  

The industry can't (and won't) even come up with what "Remote Code Execution" really means, so trying to standardize disclosure nomenclature is a waste of time IMO. 
t

>-----Original Message-----
>From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-
>bounces@...ts.grok.org.uk] On Behalf Of w0lfd33m@...il.com
>Sent: Thursday, October 28, 2010 9:25 AM
>To: Curt Purdy; full-disclosure-bounces@...ts.grok.org.uk; full-
>disclosure@...ts.grok.org.uk
>Subject: Re: [Full-disclosure] 0-day "vulnerability"
>
>Yep. Totally agree. Vulnerability exists in the system since it has been
>developed. It is just the matter when it has been disclosed or being exploited.
>
>I would suggest " 0 day disclosure" instead of "0 day vulnerability" :)
>
>
>------Original Message------
>From: Curt Purdy
>Sender: full-disclosure-bounces@...ts.grok.org.uk
>To: full-disclosure@...ts.grok.org.uk
>Subject: [Full-disclosure] 0-day "vulnerability"
>Sent: Oct 28, 2010 8:48 PM
>
>Sorry to rant, but I have seen this term used once too many times to sit idly
>by. And used today by what I once thought was a respectable infosec
>publication (that will remain nameless) while referring to the current Firefox
>vulnerability (that did, by the way, once have a 0-day
>sploit)  Also, by definition, a 0-day no longer exists the moment it is
>announced ;)
>
>For once and for all: There is no such thing as a "zero-day vulnerability"
>(quoted), only a 0-day exploit...
>
>Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>Sent from BlackBerry(r) on Airtel
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ