Full Disclosure mailing list archives
Re: 0-day "vulnerability"
From: Curt Purdy <infosysec () gmail com>
Date: Thu, 28 Oct 2010 12:50:34 -0400
Right as usual t-man, but while we are doing F&Ws job for them, "Remote code execution" is: any program you can run on a machine you can't touch (for further explanation, "man touch"). Curt On Thu, Oct 28, 2010 at 12:35 PM, Thor (Hammer of God) <thor () hammerofgod com> wrote:
None of this really matters. People will call it whatever they want to. Generally, all software has some sort of vulnerability. If they want to call the process of that vulnerability being communicated for the first time "0 day vulnerability" then so what. The industry can't (and won't) even come up with what "Remote Code Execution" really means, so trying to standardize disclosure nomenclature is a waste of time IMO. t-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure- bounces () lists grok org uk] On Behalf Of w0lfd33m () gmail com Sent: Thursday, October 28, 2010 9:25 AM To: Curt Purdy; full-disclosure-bounces () lists grok org uk; full- disclosure () lists grok org uk Subject: Re: [Full-disclosure] 0-day "vulnerability" Yep. Totally agree. Vulnerability exists in the system since it has been developed. It is just the matter when it has been disclosed or being exploited. I would suggest " 0 day disclosure" instead of "0 day vulnerability" :) ------Original Message------ From: Curt Purdy Sender: full-disclosure-bounces () lists grok org uk To: full-disclosure () lists grok org uk Subject: [Full-disclosure] 0-day "vulnerability" Sent: Oct 28, 2010 8:48 PM Sorry to rant, but I have seen this term used once too many times to sit idly by. And used today by what I once thought was a respectable infosec publication (that will remain nameless) while referring to the current Firefox vulnerability (that did, by the way, once have a 0-day sploit) Also, by definition, a 0-day no longer exists the moment it is announced ;) For once and for all: There is no such thing as a "zero-day vulnerability" (quoted), only a 0-day exploit... Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Sent from BlackBerry(r) on Airtel _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: 0-day "vulnerability", (continued)
- Re: 0-day "vulnerability" wmsecurity (Oct 28)
- Re: 0-day "vulnerability" Michal Zalewski (Oct 28)
- Re: 0-day "vulnerability" Cal Leeming [Simplicity Media Ltd] (Oct 28)
- Re: 0-day "vulnerability" Josey Yelsef (Oct 28)
- Re: 0-day "vulnerability" Jubei Trippataka (Oct 28)
- Re: 0-day "vulnerability" Josey Yelsef (Oct 28)
- Re: 0-day "vulnerability" Benji (Oct 28)
- Re: 0-day "vulnerability" Josey Yelsef (Oct 28)
- Re: 0-day "vulnerability" w0lfd33m (Oct 28)
- Re: 0-day "vulnerability" Curt Purdy (Oct 28)
- Re: 0-day "vulnerability" Thor (Hammer of God) (Oct 28)
- Re: 0-day "vulnerability" Curt Purdy (Oct 28)
- Re: 0-day "vulnerability" Thor (Hammer of God) (Oct 28)
- Re: 0-day "vulnerability" Curt Purdy (Oct 28)
- Re: 0-day "vulnerability" Christian Sciberras (Oct 28)
- Re: 0-day "vulnerability" Josey Yelsef (Oct 28)
- Re: 0-day "vulnerability" Cal Leeming [Simplicity Media Ltd] (Oct 28)
- Re: 0-day "vulnerability" w0lfd33m (Oct 28)
- Re: 0-day "vulnerability" Tyler Borland (Oct 29)
- Re: 0-day "vulnerability" Cal Leeming [Simplicity Media Ltd] (Oct 29)
- Re: 0-day "vulnerability" Marsh Ray (Oct 29)
- Re: 0-day "vulnerability" w0lfd33m (Oct 28)