0days in the warez scene have a different meaning as in security. in the security "scene" 0days are undisclosed vulnerabilities. some are in the underground for years before they get disclosed. in warez its just a new release that hasnt been there yet.
----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Gadi Evron" <[EMAIL PROTECTED]> Cc: <[email protected]>; "Steven M. Christey" <[EMAIL PROTECTED]> Sent: Tuesday, February 14, 2006 2:02 PM Subject: Re: [Full-disclosure] Re: On the "0-day" term > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > 0day just mean the day released, its mostly a term used in the warez > scene to qualify new app/mp3 cracked each days, as exploits released > each days ... > > Gadi Evron wrote: > > Steven M. Christey wrote: > > > > Hey Steve! :) > > > >> It's not necessarily that 0-days are a myth, it's that people have > >> been using the term "0-day" to mean two separate things: > > > > 0days are not a myth on their own. > > They are live and kickin`! :) > > > >> - in-the-wild hacks of live systems using vulnerabilities previously > >> unkown to the public and the vendor; > >> > >> - release of exploit information for vulnerabilities previously > >> unkown to the public and the vendor, for which there are no known > >> in-the-wild hacks of live systems at the time of disclosure (though > >> such hacks seem to occur very soon afterward) > > > > I don't know, last year I read an article about 0days being released > > vulnerabilities where the patch is not applied yet. Uh huh. > > > >>> Does anyone still think bad guys don't exploit (to whatever goals) a > >>> 0day if it is out there? > >> > >> > >> The answer seems obvious, but... > >> > >> It's not entirely clear to me how many in-the-wild 0-days exist and > >> are actively exploited. Just because some "white hat" finds something > >> does not mean that we should ALWAYS assume that the "black hats" > >> already know about it. The converse is also true, of course; see the > > > > On this point I disagree. We have to assume the worst, especially > > where we are specifically vulnerable. And as today we mostly rely on > > software security on-top of software security for our defense - we > > HAVE to assume the worst... we just don't have to hype it, and > > possibly, we can call it what it really is. > > > >> recent WMF issue. > > > > The goal of said 0day may be for specific attacks against specific > > targets. I don't see why anyone would waste their secret & strong > > resource on the wild west of the net - we don't often find 0days, > > right? Microsoft's or SecurityFocus's sites don't go down that > > often, right? > > > > WMF was an exploit of opportunity, i.e.: what is our window of > > opportunity to infect users with spyware before we are found out? > > In this case it was about 2 weeks. > > > > This came to show that spyware manufacturers either did their own > > R&D or bought 0days. This is not the first time, either. > > > >> Certainly, at least a couple in-the-wild 0-days are publicized a year, > >> and maybe more in the coming year, given the precedents of the past 6 > >> months or so, as the honeymonkeys project and Websense have shown. > >> > >> One would hope that there is some critical mass (i.e. number of > >> compromised systems) beyond which any in-the-wild 0-day would become > >> publicly known. This cricital mass would depend on the diligence of > >> the incident response community and the amount of coordination - > >> direct or indirect - with the vulnerability research community. > > > > Critical mass could also be one well-placed machine. Point is we > > need to differentiate between, but not limited to: > > 1. Vulns that were already disclosed to the vendor or CC's. > > 2. Vulns that are publicly announce OR released by advisory or similar. > > and > > 3. Vulns that no one knows exist, whether being exploited wildly, > > kept in a bunker or used on special targets. > > > > It's time we stopped guessing and starting regulating these terms, > > not because we can tell people how to use the term '0day' but rather > > what it might mean. Makes lives so much easier. > > > > In some of the above cases I will be proud to yell: "THERE ARE NO > > 0DAYS", while I know that's obviously false in other cases. > > > > The problem with this email, as well as any other to follow is that > > they are all full of opinions. We have to stop being an opinion-lead > > industry where opinions constitute 90% (didn't make any specific > > calculation, that's my opinion) of how we do things professionally. > > > >> - Steve > > > > I really hope this is not to become another long debate on religious > > terminology.. what have I done?! > > > > Gadi. > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > > iQIVAwUBQ/HU4K+LRXunxpxfAQJmSQ//fmj9Me1Zq3e+gczohbl6GnDDA7weLeQU > yzoZFTdKK8JuL+rjlgbLkzDXlah8UaS6CYImYANHg8YfJW2a27pMzIizGqC58ILe > LZSAcQw3K23cu/BuB7yX5kJoj0jcZzjz0mLqHzMGU9JcwiFl/UsLK6Jc7pRsa1/T > vspJYMkTj0b8pwCdkF8EGqr5pDL0qGeSTgONna2eZhmDq0kSXnDTtGOXjDsvvcvz > 5QVrX/uXhAZWJSZKe690K+/tJzVLJtTtAm3yQfw0a+P5HsT3cTGSJQ0Dns4Yy357 > Bzrzegz5V9MTYdUtlZresfQ+DXqTE0XbBskFeN0GmBB6pr1R0IPdnojXJyK2ZY+u > ukypO+n5kabSIAskdUamTQyszsDKuGmKdqV2osyt4nk50ob9eK4a6gSvOv0bcWc9 > wTv51aCwEAX8MOR70SPu43b2YsFqsMkF8fxNmjY+X7xBt2FtuA9od4t2ApPiticU > wutSEvLk2UNmJNiR/YJESqHic8OVR+KEf65NEIJ/lZDgLXrocW2bFG99+T97j2zF > G+VnIG9qU28G0w3+tzOEoD3/krB/6l4tm5Zae6SMN543BhLgA3oGC7zeybYjeAOX > 5OS3K0i1pUJIhUyp/bUx6a/2t1r02CUqCpcL26dOvTzkysXEUOlyF2Wj+7kXo2QD > trkEmkW5tk4= > =BS4A > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
