funsec mailing list archives

Re: [cisspforum] REVEIW: "Zero Day", David Baldacci

From: <michael.blanchard () emc com>
Date: Tue, 31 Jan 2012 19:00:10 -0500

That was my first exposure to the term "zero day"....   Back in the day if you were an OP on a zero day warez IRC 
channel you were considered by many to be 'leet :-).  When the real 'leet d00ds were the folks getting the zero dayz 
for distro by the groups on IRC....

   Then you had warez that were 1-3 dayz old....   Anything after that was considered "old-warez" and that was the 
channel name on effnet too....  That was a fun channel!

  Zero day morphed into meaning "brand new, released today, no patch available, no sigs, no nuttin!"  The day after 
zero day it was an old vuln as usually a patch or sigs were now available :-)


  Now he meaning is worthless thanks to the media....

 Cool to go down memory lane with ya dude! :-)

  Mike B

----- Original Message -----
From: CP Constantine [mailto:conrad () 1211 net]
Sent: Tuesday, January 31, 2012 05:07 PM
To: cisspforum () yahoogroups com <cisspforum () yahoogroups com>
Cc: funsec () linuxbox org <funsec () linuxbox org>; Rob, grandpa of Ryan, Trevor,      Devon & Hannah <rmslade () shaw 
ca>
Subject: Re: [funsec] [cisspforum] REVEIW: "Zero Day", David Baldacci

On 01/31/2012 04:41 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:

At one time, in information security terminology, "zero day" meant a
measure of difficulty or vulnerability.


err, no it didn't.

At *one* time, "zero day" meant that you'd acquired and were trading
pirated software that had been released that same day (it was
"zero-day-old warez")

later on, it got repurposed to indicate an exploit that had never been
used before (the exploit was again, zero-days-old)

(you'll notice a trend here, things can only be called 'zero-day',
precisely once)

That meaning has been largely
destroyed by overexposure in the media.  Today it simply means "we
want to scare you."


the meaning you use here 'difficulty or vulnerability' is part of that
overexposure, as the original meaning has been taken up by vendor
marketing teams and been stretched to mean all sorts of nonsense things
- including 'a measure of difficulty or vulnerability'.

It means "zero-days-old" .. any other meaning whatsoever is purely a
fabrication by people that didn't know the original meaning in the first
place.

(Rob, I kinda feel bad about ranting to you on something that's a matter
of security history, since you've, well,  obviously got seniority on me
in this regards: however the appropriation of 'zero-day' by the industry
as an utterly meaningless terms is one of those 'if you're not part of
the solution, you're part of the problem' kind of issues to me)
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: [cisspforum] REVEIW: "Zero Day", David Baldacci CP Constantine (Jan 31)
- Re: [cisspforum] REVEIW: "Zero Day", David Baldacci michael.blanchard (Jan 31)