Right as usual t-man, but while we are doing F&Ws job for them, "Remote code execution" is: any program you can run on a machine you can't touch (for further explanation, "man touch").
Curt On Thu, Oct 28, 2010 at 12:35 PM, Thor (Hammer of God) <[email protected]> wrote: > None of this really matters. People will call it whatever they want to. > Generally, all software has some sort of vulnerability. If they want to call > the process of that vulnerability being communicated for the first time "0 > day vulnerability" then so what. > > The industry can't (and won't) even come up with what "Remote Code Execution" > really means, so trying to standardize disclosure nomenclature is a waste of > time IMO. > t > >>-----Original Message----- >>From: [email protected] [mailto:full-disclosure- >>[email protected]] On Behalf Of [email protected] >>Sent: Thursday, October 28, 2010 9:25 AM >>To: Curt Purdy; [email protected]; full- >>[email protected] >>Subject: Re: [Full-disclosure] 0-day "vulnerability" >> >>Yep. Totally agree. Vulnerability exists in the system since it has been >>developed. It is just the matter when it has been disclosed or being >>exploited. >> >>I would suggest " 0 day disclosure" instead of "0 day vulnerability" :) >> >> >>------Original Message------ >>From: Curt Purdy >>Sender: [email protected] >>To: [email protected] >>Subject: [Full-disclosure] 0-day "vulnerability" >>Sent: Oct 28, 2010 8:48 PM >> >>Sorry to rant, but I have seen this term used once too many times to sit idly >>by. And used today by what I once thought was a respectable infosec >>publication (that will remain nameless) while referring to the current Firefox >>vulnerability (that did, by the way, once have a 0-day >>sploit) Also, by definition, a 0-day no longer exists the moment it is >>announced ;) >> >>For once and for all: There is no such thing as a "zero-day vulnerability" >>(quoted), only a 0-day exploit... >> >>Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ >> >> >>Sent from BlackBerry(r) on Airtel >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
