Full Disclosure mailing list archives
Re: defining 0day
From: n3td3v <xploitable () gmail com>
Date: Sun, 20 Apr 2008 01:02:15 +0100
On Sun, Apr 20, 2008 at 12:44 AM, coderman <coderman () gmail com> wrote:
On Sat, Apr 19, 2008 at 3:44 PM, n3td3v <xploitable () gmail com> wrote: > ...I just caught a news article that summed up nicely what 0day means...> > "A zero-day flaw is a software vulnerability that has become public > knowledge but for which no patch is available. It is particularly > dangerous since users are exposed from day zero until the day a vendor > prepares a patch and notifies users it is ready." this is still incorrect. as discussed previously: 0day is a perspective. if it comes from out of no where and pwns your ass, it is 0day. where you are on the vulnerability disclosure time-line determines your perspective. one man's 0day is another man's old news.
It doesn't matter how old it is, as long as no patch is available, it will always come out of no where and pwn your ass. Just because the human is psychologically aware of the unpatched vulnerability and that it exists, to the vulnerable computer it is still a 0-day and can come out of no where and pwn your ass. 0-day is about computers, its not ment to be a reference to a human perspective. The term 0-day is used to determine a threat against a computer, not a human state of mind on how early the computer user was alerted to a no patch available computer vulnerability. The problems that arise is, people think 0day is a stage in human psychology of becoming aware of a computer threat, when its actually used to reference the threat level to a computer system, the human mind is irrelevant to how pwnable your system is from public disclosure until patch release day. If the computer is vulnerable, the computer is vulnerable, the human mind is irrelevant. Regards, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: defining 0day n3td3v (Apr 19)
- Re: defining 0day coderman (Apr 19)
- Re: defining 0day n3td3v (Apr 19)
- Re: defining 0day coderman (Apr 19)
- Re: defining 0day n3td3v (Apr 19)
- Re: defining 0day coderman (Apr 19)
- Re: defining 0day n3td3v (Apr 19)
- Re: defining 0day coderman (Apr 19)