Dailydave mailing list archives

RE: RE: funny comments from Hack IIS6 contest admin

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Wed, 18 May 2005 07:03:02 -0400

Well, I add the descriptor widespread because its mostly believed that many professional hackers and the armed services 
have plenty of unannounced hacks in their arsenal.  The military in particular probably has dozens of vulnerabilities 
they know about that they keep in their computer ops quiver to use in the event they need them.  That's particular what 
I mean in that many professional hackers don't make a lot of money discovering bugs.  The armed services hacker 
probably discover lots of bugs, and for some low salary a year.  And there are probably dozens of bugs that the vendor 
knows about in their product that haven't been widely exploited that are in the development queue to fix.  None of 
those vulnerabilities do I consider 0-day exploits...they are...but they will probably never be known to us...and hence 
aren't 0-day attacks in the conventional sense. 

-----Original Message-----
From: I)ruid [mailto:druid () caughq org] 
Sent: Tuesday, May 17, 2005 11:18 PM
To: Roger A. Grimes
Cc: dave () immunitysec com; dailydave () lists immunitysec com
Subject: RE: [Dailydave] RE: funny comments from Hack IIS6 contest admin

On Tue, 2005-05-17 at 16:52 -0400, Roger A. Grimes wrote:

When I say 0-day, I mean public 0-day attacks...like everyone traditionally means...which is [when] a widespread 
exploit happens using a previously undisclosed vulnerability.  The exploit is noticed and then the vulnerability 
found.


I'm not sure what traditions you subscribe to, but in any context I've ever heard the term '0-day' used, it has had 
nothing to do with the scope or severity of the impact it causes, but rather the nature of the public or community 
awareness of it.  The types of conditions that you describe above (among other things, like advisories) are precisely 
what cause a vulnerability or exploit to /no longer/ be 0-day.

But I digress, now we're just arguing Symantecs.

--
I)ruid, C²ISSP
druid () caughq org
http://druid.caughq.org
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: RE: funny comments from Hack IIS6 contest admin, (continued)
- - Re: RE: funny comments from Hack IIS6 contest admin Steve Lord (May 15)
  - RE: RE: funny comments from Hack IIS6 contest admin I)ruid (May 17)
- RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 15)
  - Re: RE: funny comments from Hack IIS6 contest admin Holden Williamson (May 15)
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 17)
  - Re: RE: funny comments from Hack IIS6 contest admin H D Moore (May 17)
    - Re: funny comments from Hack IIS6 contest admin Holden Williamson (May 18)
    - Re: Re: funny comments from Hack IIS6 contest admin H D Moore (May 18)
  - RE: RE: funny comments from Hack IIS6 contest admin I)ruid (May 17)
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 18)
  - Re: RE: funny comments from Hack IIS6 contest admin Jan Muenther (May 18)
    - Re: RE: funny comments from Hack IIS6 contest admin Mark (May 18)
  - Re: RE: funny comments from Hack IIS6 contest admin Dave Aitel (May 18)
    - Re: RE: funny comments from ack IIS6 contest sadmin Jack (May 18)
    - Music to hack to Steve Lord (May 18)
    - Re: Music to hack to Michael Silk (May 18)
    - Re: Music to hack to Kurt Seifried (May 18)
    - Re: Music to hack to halvar (May 19)
    - Re: Music to hack to Robert Horton (May 19)
    - Re: Music to hack to Mark (May 19)

(Thread continues...)