Full Disclosure mailing list archives

Re: Internet Explorer 0day exploit

From: "T Biehn" <tbiehn () gmail com>
Date: Tue, 24 Jul 2007 20:01:26 -0400

How does DNS work again, Gadi?

On 7/14/07, Gadi Evron <ge () linuxbox org> wrote:

On Sat, 14 Jul 2007, Dragos Ruiu wrote:
> On Tuesday 10 July 2007 08:53, Gadi Evron wrote:
>> To paraphrase Guninski, this is still not a 0day. It is a vulnerability
>> being disclosed.
>
> You're being pedantic Gadi. :-)
>
> We have to accept the term "0day" has passed into
> the realm of meaningless nebulousness along with
> "hacker" and other misused terms.
>
> If we are to be pedantic, the original meaning of
> 0day is new warez release :-).

I think there is still hope for us buddy, at least when professionals make
releases.
For example, instead of saying I'm being pedantic on this (which I am),
you could (also, in addition) reply and say "yep" or "nope", thus
contributing to some discussion. Meaning, we would either make a stand for
our profession or at the very least get educated as we go along.

Some people believe the way to reach a "mature industry" is time, others
believe it's training or in a more specific fashion, certifications. I
don't know what the answer is, and I am sure it isn't terminology (or
certifications, hehe).

I do know though, what a 0day is, and don't intend to compromise it for
the sake of what the press makes of it. It's a strong term and concept
which shouldn't be abused. That or we can decide on a new term for what
0day used to mean. How about "blubla"?

>From professionals, we can expect good language and for their work to
speak for them. We shouldn't compromise on silly things like what 0day
means.

Maybe I will give this up next year, but for now, advisories named "0day"
have disapeared lately. Maybe peer pressure does have some effect.

The above is over-thinking and some could consider it very silly, but for
now, I believe in it. It's just like I resent those among consultants who
conduct themselves in a fashion that makes me ashamed of my profession, as
a far-off analogy.

> cheers,
> --dr
>
> --
> World Security Pros. Cutting Edge Training, Tools, and Techniques
> Tokyo, Japan   November 29/30 - 2007    http://pacsec.jp
> pgpkey http://dragos.com/ kyxpgp
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Internet Explorer 0day exploit Thor Larholm (Jul 09)
- Re: Internet Explorer 0day exploit Gadi Evron (Jul 10)
  - Re: Internet Explorer 0day exploit Dragos Ruiu (Jul 14)
    - Re: Internet Explorer 0day exploit Dude VanWinkle (Jul 14)
    - Re: Internet Explorer 0day exploit Gadi Evron (Jul 15)
    - Re: Internet Explorer 0day exploit Anupam Mishra (Jul 24)
    - Re: Internet Explorer 0day exploit T Biehn (Jul 24)
- <Possible follow-ups>
- Re: Internet Explorer 0day exploit Paul Szabo (Jul 10)
  - Re: Internet Explorer 0day exploit LIUDIEYU dot COM (Jul 10)