Full Disclosure mailing list archives
Re: defining 0day
From: "Douglas K. Fischer" <fischerdk () fidoki com>
Date: Fri, 02 May 2008 15:10:00 -0400
-------- Original Message -------- Subject: Re: [Full-disclosure] defining 0day From: n3td3v <xploitable () gmail com> To: Gadi Evron <ge () linuxbox org>, full-disclosure () lists grok org uk, n3td3v <n3td3v () googlegroups com> Date: 04/19/2008 18:44
On Tue, Sep 25, 2007 at 8:02 PM, Gadi Evron <ge () linuxbox org> wrote:Okay. I think we exhausted the different views, and maybe we are now able to come to a conlusion on what we WANT 0day to mean. What do you, as professional, believe 0day should mean, regardless of previous definitions? Obviously, the term has become charged in the past couple of years with the targeted office vulnerabilities attacks, WMF, ANI, etc. We require a term to address these, just as much as we do "unpatched vulnerability" or "fully disclosed vulnerability". What other such descriptions should we consider before proceeding? non-disclosure? Gadi.I just caught a news article that summed up nicely what 0day means... "A zero-day flaw is a software vulnerability that has become public knowledge but for which no patch is available. It is particularly dangerous since users are exposed from day zero until the day a vendor prepares a patch and notifies users it is ready." http://www.pcworld.com/businesscenter/article/144803/chinese_blogs_detail_zeroday_flaw_in_microsoft_works.html Regards, n3td3v
I would actually add one more criteria. Not only would a 0day have no patch available, but the vulnerability being exploited would not have been previously announced. In other words, the very first exposure in the wild of a 0day would be active exploitation of an "as of yet unknown" (except of course by the exploit author) vulnerability. This makes a true 0day all the more potent. Cheers, Doug _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: defining 0day Douglas K. Fischer (May 02)
- Re: defining 0day Exibar (May 02)