-------- Original Message -------- Subject: Re: [Full-disclosure] defining 0day From: n3td3v <[EMAIL PROTECTED]> To: Gadi Evron <[EMAIL PROTECTED]>, [email protected], n3td3v <[EMAIL PROTECTED]> Date: 04/19/2008 18:44 > On Tue, Sep 25, 2007 at 8:02 PM, Gadi Evron <[EMAIL PROTECTED]> wrote: > >> Okay. I think we exhausted the different views, and maybe we are now able >> to come to a conlusion on what we WANT 0day to mean. >> >> What do you, as professional, believe 0day should mean, regardless of >> previous definitions? >> >> Obviously, the term has become charged in the past couple of years with the >> targeted office vulnerabilities attacks, WMF, ANI, etc. >> >> We require a term to address these, just as much as we do "unpatched >> vulnerability" or "fully disclosed vulnerability". >> >> What other such descriptions should we consider before proceeding? >> non-disclosure? >> >> Gadi. >> >> > > I just caught a news article that summed up nicely what 0day means... > > "A zero-day flaw is a software vulnerability that has become public > knowledge but for which no patch is available. It is particularly > dangerous since users are exposed from day zero until the day a vendor > prepares a patch and notifies users it is ready." > > http://www.pcworld.com/businesscenter/article/144803/chinese_blogs_detail_zeroday_flaw_in_microsoft_works.html > > Regards, > > n3td3v > I would actually add one more criteria. Not only would a 0day have no patch available, but the vulnerability being exploited would not have been previously announced. In other words, the very first exposure in the wild of a 0day would be active exploitation of an "as of yet unknown" (except of course by the exploit author) vulnerability. This makes a true 0day all the more potent.
Cheers, Doug _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
