Full Disclosure mailing list archives

Re: 0day: PDF pwns Windows

From: Lawrence Paul MacIntyre <macintyrelp () ornl gov>
Date: Tue, 25 Sep 2007 15:12:23 -0400

Daylight come and me wanna go home...

This one time, at band camp, Thor (Hammer of God) wrote:

For the record, the original term "O-Day" was coined by a dyslexic
security engineer who listened to too much Harry Belafonte while working
all night on a drink of rum.  It's true.  Really.
 
t

-----Original Message-----
From: Roland Kuhn [mailto:rkuhn () e18 physik tu-muenchen de]
Sent: Tuesday, September 25, 2007 10:58 AM
To: Lamont Granquist
Cc: Chad Perrin; Crispin Cowan; Casper.Dik () Sun COM; Gadi Evron; pdp
(architect); bugtraq () securityfocus com; full-
disclosure () lists grok org uk
Subject: Re: 0day: PDF pwns Windows

On 25 Sep 2007, at 00:57, Lamont Granquist wrote:

The exploit is not made public by its use.  The exploit is not even
made public by (back-channel) sharing amongst the hacker/cracker
community. The exploit is only made public if detected or the
vulnerability is disclosed.  Until detected/disclosed the hacker/
cracker can use their 31337 0day spl01tz to break into whichever
vulnerable machines they like. 0day exploits are valuable because

the

opposition is ignorant of them.

Posting exploits to BUGTRAQ, however, inherently makes them not
0day...

And my ignorant self thought until this thread that the "0" in the

term

referred to the number of days of head start granted to the vendor.
Silly me. Because that would make all vulnerabilities published

without

prior warning to the vendor a "0day"...

Roland (who seems to remember that this was once the meaning of this
term)



-- 
  Lawrence MacIntyre   865.574.8696   macintyrelp () ornl gov
                Oak Ridge National Laboratory
Cyber Security and Information Infrastructure Research Group

Protect your digital freedom and privacy, eliminate DRM.
Learn more at http://www.defectivebydesign.org/what_is_drm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: defining 0day, (continued)
- - - Re: defining 0day don bailey (Sep 25)
    - Re: defining 0day Charles Miller (Sep 25)
    - Re: defining 0day Gadi Evron (Sep 25)
    - Re: defining 0day scott (Sep 25)
    - Re: defining 0day Zow (Sep 27)
    - Re: defining 0day David Gillett (Sep 25)
    - Re: defining 0day evilrabbi (Sep 26)
    - defining 0day Gadi Evron (Sep 25)
    - Re: defining 0day Juergen Marester (Sep 25)
    - Re: defining 0day Juergen Marester (Sep 25)
    - Re: 0day: PDF pwns Windows Lawrence Paul MacIntyre (Sep 25)
    - Re: 0day: PDF pwns Windows Crispin Cowan (Sep 25)
    - Re: 0day: PDF pwns Windows J. Oquendo (Sep 25)
    - Re: 0day: PDF pwns Windows Jason (Sep 25)
    - Re: 0day: PDF pwns Windows J. Oquendo (Sep 25)
    - Re: 0day: PDF pwns Windows Valdis . Kletnieks (Sep 25)
    - Re: 0day: PDF pwns Windows Gadi Evron (Sep 25)
    - Re: 0day: PDF pwns Windows Jason (Sep 25)
    - Re: 0day: PDF pwns Windows North, Quinn (Sep 25)
    - Re: 0day: PDF pwns Windows Steven Adair (Sep 25)
    - Re: 0day: PDF pwns Windows Gadi Evron (Sep 25)

(Thread continues...)