Fwd: NOT a 0day! Re: [fuzzing] OWASP Fuzzing page

["Nuno Treez" <nunotreez () gmail com>]

---------- Forwarded message ----------
From: Nuno Treez <nunotreez () gmail com>
Date: 14-dic-2006 17:33
Subject: Re: [Full-disclosure] NOT a 0day! Re: [fuzzing] OWASP Fuzzing page
To: Gadi Evron <ge () linuxbox org>

2006/12/14, Gadi Evron <ge () linuxbox org>:

> > Wow! That's fun! The so called "Word 0 day" flaw also affects
> > OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool
> > with the file:
>
> This is NOT a 0day. It is a disclosed vulnerability in full-disclosure
> mode, on a mailing list (fuzzing mailing list).
[...]
> A 0day, whatever definition you use, is used in the wild before people are
> aware of it.

Agree with you, Gadi. Need to know what we are talking about.

From: http://www.tech-faq.com/0-day.shtml

<snip>

What is 0-day?

0-day, pronounced "Zero Day" or sometimes "Oh Day", means "new."
The term has it's origins in the warez scene, but has become firmly
entrenched in the exploit trading scene.
If a game or an exploit was release on yesterday, it is 1-day. If it
was released a full week ago, it is 7-day.
0-day is used to refer to exploits released today and exploits that
have not yet been released.
An exploit might be 0-day to you because it was just publicly
released, but two-months old to members of the group that coded the
exploit.

</snip>

Cheers.
--
Nuno Treez
--
Being a pain in the Internet's ass since 1996.
--
Si vis pacem para bellum. (Vegetius, Epitome rei militaris, 3. Praef.)
--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/