Dailydave mailing list archives

Re: Announcing the Zero Day Initiative

From: Frank Knobbe <frank () knobbe us>
Date: Mon, 25 Jul 2005 20:58:29 -0500

On Tue, 2005-07-26 at 00:53 +0100, MindsX wrote:

... whereas this is more of a marketing ploy
by 3Com to get into the 0day race against various private
consultancies


I don't think that is the motivation. The motivation, I believe, is that
just the fact of having such a unit can be used greatly in advertising.
"Come here, prospects, we buy 0-days and can protect you from stuff
others can't". Of course there is no visibility on which exploits are
really in the bag since that would be akin to unzipping your
intellectual property fly. No one can verify that is indeed a valid
0-day since that information is closely guarded. Or do you think they
pay money and then, in an act of sudden goodwill, give it for free to
the public?

And so the client believes he gets more for free....what other choice
does he have than to believe it? Potential buyers don't know, and have
no means of verifying the quality or quantity of said miraculous 0-days.

What neither iDefense nor 3Com understands is that:
a) 0-days are used to embarrass/harass/tease/shame vendors by writing
worms and deface web sites or subvert services (pseudo political
statements),
b) 0-days are used in hacker neighborhood turfwars, to collect and build
a larger zombie army in order to defeat the rival gang in the next town
(adolescent rivalry),
c) 0-days are used in interesting explorations of world-wide connected
systems (perhaps in search of UFO evidence...*chuckle*) (curiosity)
d) 0-days are used to provide income either through the rent of botnets
for spam distribution or DDoS assistance in the ever-so-popular
extortion schemes (real profit).

Why on earth would anyone want to waste a 0-day on a company that barely
pays a couple thousand for it? That's where the old, stale, used and
discovered (but perhaps not publicized) 0-days go to. In essence
iDefense and 3Com are trashcans that old 0-days get thrown into. You
don't really think they get first-class material that is still being
used for a) through d), do you? :)

And 3Com/iDefense know that. But that's okay, that's not why they want
them for. It's only for marketing (see above).

Cheers,
Frank

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

RE: Announcing the Zero Day Initiative, (continued)
- RE: Announcing the Zero Day Initiative David Endler (Jul 25)
  - RE: Announcing the Zero Day Initiative Andrew R. Reiter (Jul 25)
  - Re: Announcing the Zero Day Initiative Etaoin Shrdlu (Jul 25)
    - Re: Announcing the Zero Day Initiative TXS (Jul 25)
    - Re: Announcing the Zero Day Initiative Listas (Jul 26)
- RE: Announcing the Zero Day Initiative Evgeny Pinchuk (Jul 25)
- RE: Announcing the Zero Day Initiative David Endler (Jul 25)
  - Re: Announcing the Zero Day Initiative MindsX (Jul 25)
    - Re: Announcing the Zero Day Initiative I)ruid (Jul 25)
    - Re: Announcing the Zero Day Initiative MindsX (Jul 25)
    - Re: Announcing the Zero Day Initiative Frank Knobbe (Jul 25)
    - Re: Announcing the Zero Day Initiative I)ruid (Aug 02)
- RE: Announcing the Zero Day Initiative Walton, John Michael (John) (Jul 28)