Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: defining 0day

From: "Exibar" <exibar () thelair com>
Date: Fri, 2 May 2008 16:22:47 -0400
Exactly.

 Zero Day Exploit:  A brand new exploit.  For a brand new vulnerability that 
isn't known either public or private (private = vendor only).  The Exploit 
itself is also brand new, never before known either public or private.

  Exibar

----- Original Message ----- 
From: "Douglas K. Fischer" <fischerdk () fidoki com>
To: "n3td3v" <xploitable () gmail com>
Cc: "n3td3v" <n3td3v () googlegroups com>; <full-disclosure () lists grok org uk>; 
"Gadi Evron" <ge () linuxbox org>
Sent: Friday, May 02, 2008 3:10 PM
Subject: Re: [Full-disclosure] defining 0day



-------- Original Message --------
Subject: Re: [Full-disclosure] defining 0day
From: n3td3v <xploitable () gmail com>
To: Gadi Evron <ge () linuxbox org>, full-disclosure () lists grok org uk,
n3td3v <n3td3v () googlegroups com>
Date: 04/19/2008 18:44

On Tue, Sep 25, 2007 at 8:02 PM, Gadi Evron <ge () linuxbox org> wrote:


 Okay. I think we exhausted the different views, and maybe we are now 
able
to come to a conlusion on what we WANT 0day to mean.

 What do you, as professional, believe 0day should mean, regardless of
previous definitions?

 Obviously, the term has become charged in the past couple of years with 
the
targeted office vulnerabilities attacks, WMF, ANI, etc.

 We require a term to address these, just as much as we do "unpatched
vulnerability" or "fully disclosed vulnerability".

 What other such descriptions should we consider before proceeding?
non-disclosure?

        Gadi.




I just caught a news article that summed up nicely what 0day means...

"A zero-day flaw is a software vulnerability that has become public
knowledge but for which no patch is available. It is particularly
dangerous since users are exposed from day zero until the day a vendor
prepares a patch and notifies users it is ready."

http://www.pcworld.com/businesscenter/article/144803/chinese_blogs_detail_zeroday_flaw_in_microsoft_works.html

Regards,

n3td3v


I would actually add one more criteria. Not only would a 0day have no
patch available, but the vulnerability being exploited would not have
been previously announced. In other words, the very first exposure in
the wild of a 0day would be active exploitation of an "as of yet
unknown" (except of course by the exploit author) vulnerability. This
makes a true 0day all the more potent.

Cheers,

Doug

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: