Exactly. Zero Day Exploit: A brand new exploit. For a brand new vulnerability that isn't known either public or private (private = vendor only). The Exploit itself is also brand new, never before known either public or private.
Exibar ----- Original Message ----- From: "Douglas K. Fischer" <[EMAIL PROTECTED]> To: "n3td3v" <[EMAIL PROTECTED]> Cc: "n3td3v" <[EMAIL PROTECTED]>; <[email protected]>; "Gadi Evron" <[EMAIL PROTECTED]> Sent: Friday, May 02, 2008 3:10 PM Subject: Re: [Full-disclosure] defining 0day > -------- Original Message -------- > Subject: Re: [Full-disclosure] defining 0day > From: n3td3v <[EMAIL PROTECTED]> > To: Gadi Evron <[EMAIL PROTECTED]>, [email protected], > n3td3v <[EMAIL PROTECTED]> > Date: 04/19/2008 18:44 >> On Tue, Sep 25, 2007 at 8:02 PM, Gadi Evron <[EMAIL PROTECTED]> wrote: >> >>> Okay. I think we exhausted the different views, and maybe we are now >>> able >>> to come to a conlusion on what we WANT 0day to mean. >>> >>> What do you, as professional, believe 0day should mean, regardless of >>> previous definitions? >>> >>> Obviously, the term has become charged in the past couple of years with >>> the >>> targeted office vulnerabilities attacks, WMF, ANI, etc. >>> >>> We require a term to address these, just as much as we do "unpatched >>> vulnerability" or "fully disclosed vulnerability". >>> >>> What other such descriptions should we consider before proceeding? >>> non-disclosure? >>> >>> Gadi. >>> >>> >> >> I just caught a news article that summed up nicely what 0day means... >> >> "A zero-day flaw is a software vulnerability that has become public >> knowledge but for which no patch is available. It is particularly >> dangerous since users are exposed from day zero until the day a vendor >> prepares a patch and notifies users it is ready." >> >> http://www.pcworld.com/businesscenter/article/144803/chinese_blogs_detail_zeroday_flaw_in_microsoft_works.html >> >> Regards, >> >> n3td3v >> > I would actually add one more criteria. Not only would a 0day have no > patch available, but the vulnerability being exploited would not have > been previously announced. In other words, the very first exposure in > the wild of a 0day would be active exploitation of an "as of yet > unknown" (except of course by the exploit author) vulnerability. This > makes a true 0day all the more potent. > > Cheers, > > Doug > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
