funsec mailing list archives
Re: [cisspforum] REVEIW: "Zero Day", David Baldacci
From: <michael.blanchard () emc com>
Date: Tue, 31 Jan 2012 19:00:10 -0500
That was my first exposure to the term "zero day".... Back in the day if you were an OP on a zero day warez IRC channel you were considered by many to be 'leet :-). When the real 'leet d00ds were the folks getting the zero dayz for distro by the groups on IRC.... Then you had warez that were 1-3 dayz old.... Anything after that was considered "old-warez" and that was the channel name on effnet too.... That was a fun channel! Zero day morphed into meaning "brand new, released today, no patch available, no sigs, no nuttin!" The day after zero day it was an old vuln as usually a patch or sigs were now available :-) Now he meaning is worthless thanks to the media.... Cool to go down memory lane with ya dude! :-) Mike B ----- Original Message ----- From: CP Constantine [mailto:conrad () 1211 net] Sent: Tuesday, January 31, 2012 05:07 PM To: cisspforum () yahoogroups com <cisspforum () yahoogroups com> Cc: funsec () linuxbox org <funsec () linuxbox org>; Rob, grandpa of Ryan, Trevor, Devon & Hannah <rmslade () shaw ca> Subject: Re: [funsec] [cisspforum] REVEIW: "Zero Day", David Baldacci On 01/31/2012 04:41 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
At one time, in information security terminology, "zero day" meant a measure of difficulty or vulnerability.
err, no it didn't. At *one* time, "zero day" meant that you'd acquired and were trading pirated software that had been released that same day (it was "zero-day-old warez") later on, it got repurposed to indicate an exploit that had never been used before (the exploit was again, zero-days-old) (you'll notice a trend here, things can only be called 'zero-day', precisely once)
That meaning has been largely destroyed by overexposure in the media. Today it simply means "we want to scare you."
the meaning you use here 'difficulty or vulnerability' is part of that overexposure, as the original meaning has been taken up by vendor marketing teams and been stretched to mean all sorts of nonsense things - including 'a measure of difficulty or vulnerability'. It means "zero-days-old" .. any other meaning whatsoever is purely a fabrication by people that didn't know the original meaning in the first place. (Rob, I kinda feel bad about ranting to you on something that's a matter of security history, since you've, well, obviously got seniority on me in this regards: however the appropriation of 'zero-day' by the industry as an utterly meaningless terms is one of those 'if you're not part of the solution, you're part of the problem' kind of issues to me) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: [cisspforum] REVEIW: "Zero Day", David Baldacci CP Constantine (Jan 31)
- Re: [cisspforum] REVEIW: "Zero Day", David Baldacci michael.blanchard (Jan 31)