mailing list archives
Re: defining 0day
From: n3td3v <xploitable () gmail com>
Date: Sun, 20 Apr 2008 01:02:15 +0100
On Sun, Apr 20, 2008 at 12:44 AM, coderman <coderman () gmail com> wrote:
On Sat, Apr 19, 2008 at 3:44 PM, n3td3v <xploitable () gmail com> wrote:
I just caught a news article that summed up nicely what 0day means...
> "A zero-day flaw is a software vulnerability that has become public
> knowledge but for which no patch is available. It is particularly
> dangerous since users are exposed from day zero until the day a vendor
> prepares a patch and notifies users it is ready."
this is still incorrect.
as discussed previously: 0day is a perspective.
if it comes from out of no where and pwns your ass, it is 0day.
where you are on the vulnerability disclosure time-line determines
your perspective. one man's 0day is another man's old news.
It doesn't matter how old it is, as long as no patch is available, it
will always come out of no where and pwn your ass.
Just because the human is psychologically aware of the unpatched
vulnerability and that it exists, to the vulnerable computer it is
still a 0-day and can come out of no where and pwn your ass.
0-day is about computers, its not ment to be a reference to a human
perspective. The term 0-day is used to determine a threat against a
computer, not a human state of mind on how early the computer user was
alerted to a no patch available computer vulnerability.
The problems that arise is, people think 0day is a stage in human
psychology of becoming aware of a computer threat, when its actually
used to reference the threat level to a computer system, the human
mind is irrelevant to how pwnable your system is from public
disclosure until patch release day.
If the computer is vulnerable, the computer is vulnerable, the human
mind is irrelevant.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/