Full Disclosure mailing list archives

Re: defining 0day

From: Gadi Evron <ge () linuxbox org>
Date: Tue, 25 Sep 2007 15:57:23 -0500 (CDT)

On Wed, 26 Sep 2007, Charles Miller wrote:

On 26/09/2007, at 5:02 AM, Gadi Evron wrote:

Okay. I think we exhausted the different views, and maybe we are now able 
to come to a conlusion on what we WANT 0day to mean.

What do you, as professional, believe 0day should mean, regardless of 
previous definitions?


As a professional, I would be happy to see terms like '0day' banished from 
the lexicon entirely. It's an essentially meaningless -- all third-party 
exploits are zero-day to _somebody_ -- term of boast co-opted from the warez 
scene, and we can do perfectly well without it.

Quibbling over its precise definition seems a ridiculous waste of bytes.


It would if we are to stay stuck in our niche, but you need to remember - 
security is about niches, we are all experts -- but in very specific 
fields.

These past 2 years we faced multiple targeted attacks with previously 
unknown vulnerabilities. We experience MASSIVE exploitation of users with 
0days used on web sites and ine mail, etc.

As an industry, as professionals, it is time to get our act together on 
the basics.

I am operations manager for ZERT, and for me, this is indeed at the very 
heart of the matter. How you define this silliness is directly linked to 
how you do two of the most essential parts of security:

1. Vulnerability disclosure - for researchers.

2. Incident response - for.. responders.

If a vulnerabiliy is fully disclosed, unpatched, being actively exploited, 
etc. caused real confusion, and non of us, or any of the written material, 
can agree on the basics.

It's not about fighting on what 0day means as much as it is about how we 
as an industry, a community, conduct ourselves and can reach a common 
language, which directly impacts operations.

So, if WMF was disclosed today after being actively exploited itw for a 
while, what would you call it? How would you respond to it? How long would 
it stay unpatched and when will you realize its importance?


        Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

defining 0day, (continued)
- - - defining 0day Gadi Evron (Sep 25)
    - Re: defining 0day Brian Loe (Sep 25)
    - Re: defining 0day Gadi Evron (Sep 25)
    - Re: defining 0day Brian Loe (Sep 25)
    - Re: defining 0day Epic (Sep 25)
    - Re: defining 0day Adrian Griffis (Sep 25)
    - Re: defining 0day Brian Loe (Sep 25)
    - Re: defining 0day Andrew Weaver (Sep 25)
    - Re: defining 0day don bailey (Sep 25)
    - Re: defining 0day Charles Miller (Sep 25)
    - Re: defining 0day Gadi Evron (Sep 25)
    - Re: defining 0day scott (Sep 25)
    - Re: defining 0day Zow (Sep 27)
    - Re: defining 0day David Gillett (Sep 25)
    - Re: defining 0day evilrabbi (Sep 26)
    - defining 0day Gadi Evron (Sep 25)
    - Re: defining 0day Juergen Marester (Sep 25)
    - Re: defining 0day Juergen Marester (Sep 25)
    - Re: 0day: PDF pwns Windows Lawrence Paul MacIntyre (Sep 25)
    - Re: 0day: PDF pwns Windows Crispin Cowan (Sep 25)
    - Re: 0day: PDF pwns Windows J. Oquendo (Sep 25)

(Thread continues...)