Re: [fuzzing] NOT a 0day! Re: OWASP Fuzzing page

[Gadi Evron <ge () linuxbox org>]

On Thu, 14 Dec 2006, Jerome Athias wrote:
> Gadi Evron a écrit :
> > On Tue, 12 Dec 2006, Joxean Koret wrote:
> >   
> > > Wow! That's fun! The so called "Word 0 day" flaw also affects
> > > OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool
> > > with the file:
> > >     
> >
> > This is NOT a 0day. It is a disclosed vulnerability in full-disclosure
> > mode, on a mailing list (fuzzing mailing list).
> >
> > I am not sure why I got this 10 times now, I thought the days of these
> > bounces were over. But I am tired of seeing every full-disclosure
> > vulnerability called a 0day anymore.
> >
> > A 0day, whatever definition you use, is used in the wild before people are
> > aware of it.
> It makes sense and I totally agree with you.
> But the fact is that the things change (and not allways in the right 
> direction :-()... due to the society, money, research of popularity...
> Please remember us also the sense of the word "hacker" for instance, 
> since nowadays it's often use to speak about "bad guy/blackhat/pirate" - 
> i hope you'll agree that it's not the (our) sense

This battle is not lost. If we call it the right name and talk to the
press using the right terms, it is not lost yet. Maybe it should be, but
it is really confusing when it gets to the professional community.

> /JA

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/